Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7

GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2012, 17:59   #1
t'john
/// Helfer-Team
 
GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 - Standard

GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=15768 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_6_&babsrc=SP_ss&mntrId=5e10d5f40000000000002225d3e0ee42 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\SearchScopes\{5A27AD25-8D7E-4867-BDB3-DEE0F1C44452}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=15765&src=kw&q={searchTerms}&locale=&apn_ptnrs=NY&apn_dtid=YYYYYYYYDE&apn_uid=CCC69361-3ADD-4DFD-9981-D56DD5BBD4F5&apn_sauid=4FD2694F-D27B-4BEA-A694-1335EE488190& 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.11:8080 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109958&tt=060612_6_&babsrc=KW_ss&mntrId=5e10d5f40000000000002225d3e0ee42&q=" 
FF - prefs.js..network.proxy.backup.ftp: "192.168.22.1" 
FF - prefs.js..network.proxy.backup.ftp_port: 8080 
FF - prefs.js..network.proxy.backup.gopher: "192.168.22.1" 
FF - prefs.js..network.proxy.backup.gopher_port: 8080 
FF - prefs.js..network.proxy.backup.socks: "192.168.22.1" 
FF - prefs.js..network.proxy.backup.socks_port: 8080 
FF - prefs.js..network.proxy.backup.ssl: "192.168.22.1" 
FF - prefs.js..network.proxy.backup.ssl_port: 8080 
FF - prefs.js..network.proxy.gopher: "192.168.42.1" 
FF - prefs.js..network.proxy.gopher_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\yoshi\AppData\Roaming\13001.032 [2012.08.02 22:50:30 | 000,000,000 | ---D | M] 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.29 10:42:01 | 000,000,000 | ---D | M] 
Hosts file not found 
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. 
O3 - HKU\S-1-5-21-4253318092-3082914856-625760364-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.08.29 10:42:00 | 000,000,000 | -H-D | M] 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found 
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - Reg Error: Value error. File not found 
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - Reg Error: Value error. File not found 
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - Reg Error: Value error. File not found 
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found 
O8 - Extra context menu item: In Adobe PDF konvertieren - Reg Error: Value error. File not found 
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - Reg Error: Value error. File not found 
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - Reg Error: Value error. File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\Shell - "" = AutoRun 
O33 - MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe 
O33 - MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\Shell - "" = AutoRun 
O33 - MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\Shell - "" = AutoRun 
O33 - MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe 
O33 - MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\Shell - "" = AutoRun 
O33 - MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe - () 
MsConfig:64bit - StartUpFolder: C:^Users^yoshi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) 

[2012.08.16 17:08:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled 
[2012.08.16 17:07:49 | 000,000,000 | -H-D | C] -- C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled 
[2012.08.16 11:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager 
[2012.08.16 11:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon 

[2012.08.29 13:55:14 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad 

[2012.08.03 06:33:10 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 
[2012.07.21 13:05:48 | 000,010,134 | R--- | M] () -- C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* > 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:57B2B96C 
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:474022C7 
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:922DA2DB 
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:C370B84F 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:65137F0D 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:26499772 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BEACE4C8 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ED0B32CA 

[2012.08.02 22:50:30 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\YOSHI\APPDATA\Roaming\13001.032 
[2012.08.02 22:50:30 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.032 

[2012.06.22 20:39:53 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\Babylon 

[2012.08.11 19:26:27 | 000,000,009 | ---- | M] () -- C:\END 

[2012.07.31 19:28:34 | 000,000,000 | ---D | C] -- C:\Users\yoshi\AppData\Roaming\13001.033 

[2012.08.02 21:15:48 | 000,000,017 | ---- | M] () -- C:\Users\yoshi\AppData\Roaming\blckdom.res 

[2012.07.06 00:15:42 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.016 
[2012.07.06 00:15:20 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\kock 
[2011.01.13 17:38:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 
[2012.07.06 18:22:59 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.017 
[2012.07.07 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.018 
[2012.07.08 15:30:56 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.019 
[2012.07.08 15:32:46 | 000,000,040 | ---- | C] () -- C:\Users\yoshi\AppData\Roaming\urhtps.dat 
[2012.07.09 12:26:17 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.020 
[2012.07.10 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.021 
[2012.07.11 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.022 
[2012.07.12 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.023 
[2012.07.13 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.024 
[2012.07.14 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.025 
[2012.07.17 18:11:48 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.026 
[2012.07.18 12:22:06 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.027 
[2012.07.23 17:08:20 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.028 
[2012.07.25 10:30:07 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.029 
[2012.07.27 21:34:17 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.030 
[2012.07.28 18:47:30 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\13001.031 
[2012.07.15 20:59:38 | 000,000,000 | ---D | M] -- C:\Users\yoshi\AppData\Roaming\UAs 

[2012.08.02 08:37:04 | 000,000,048 | ---- | M] () -- C:\Users\yoshi\AppData\Roaming\AcroIEHelpe.txt 
:Files
C:\Users\yoshi\AppData\Roaming\*croIEHelp*.* 
C:\Users\yoshi\AppData\Roaming\13*
C:\Users\yoshi\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\yoshi\AppData\Local\Temp\*.exe
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 20:56   #2
ddPlr
 
GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 - Standard

GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


Ausgeführt. Ich hoffe so ist es richtig...


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5A27AD25-8D7E-4867-BDB3-DEE0F1C44452}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A27AD25-8D7E-4867-BDB3-DEE0F1C44452}\ not found.
Registry key HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "chrome://speeddial/content/speeddial.xul" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_6_&babsrc=KW_ss&mntrId=5e10d5f40000000000002225d3e0ee42&q=" removed from keyword.URL
Prefs.js: "192.168.22.1" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "192.168.22.1" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "192.168.42.1" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}\ not found.
C:\Users\yoshi\AppData\Roaming\13001.032\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.032 folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\ not found.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content folder moved successfully.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components folder moved successfully.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension folder moved successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_USERS\S-1-5-21-4253318092-3082914856-625760364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2445dfed-30bc-11e1-abbd-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{444d2fb0-e5a2-11df-98c1-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16a0-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df3b16b8-2e6e-11e1-9be7-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0329d81-e3dd-11e1-8311-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe159293-308e-11e1-880e-e0cb4e0b8cb8}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
Folder C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\ not found.
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe moved successfully.
C:\Users\yoshi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe moved successfully.
ADS C:\ProgramData\Temp:57B2B96C deleted successfully.
ADS C:\ProgramData\Temp:474022C7 deleted successfully.
ADS C:\ProgramData\Temp:922DA2DB deleted successfully.
ADS C:\ProgramData\Temp:C370B84F deleted successfully.
ADS C:\ProgramData\Temp:65137F0D deleted successfully.
ADS C:\ProgramData\Temp:26499772 deleted successfully.
ADS C:\ProgramData\Temp:BEACE4C8 deleted successfully.
ADS C:\ProgramData\Temp:ED0B32CA deleted successfully.
Folder C:\USERS\YOSHI\APPDATA\Roaming\13001.032\ not found.
Folder C:\Users\yoshi\AppData\Roaming\13001.032\ not found.
C:\Users\yoshi\AppData\Roaming\Babylon folder moved successfully.
C:\END moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.033\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.033 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\blckdom.res moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.016\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.016 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\kock folder moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.017\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.017 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.018\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.018 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.019\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.019 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\urhtps.dat moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.020\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.020 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.021\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.021 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.022\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.022 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.023\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.023 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.024\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.024 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.026 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.027\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.027 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.028\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.028 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.029\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.029 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.030\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.030 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.031\components folder moved successfully.
C:\Users\yoshi\AppData\Roaming\13001.031 folder moved successfully.
C:\Users\yoshi\AppData\Roaming\UAs folder moved successfully.
C:\Users\yoshi\AppData\Roaming\AcroIEHelpe.txt moved successfully.
========== FILES ==========
File\Folder C:\Users\yoshi\AppData\Roaming\*croIEHelp*.* not found.
File\Folder C:\Users\yoshi\AppData\Roaming\13* not found.
C:\Users\yoshi\AppData\Local\{1B3CFFE5-5677-4CB0-B5E5-27335436659F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{23D3C06E-15B9-40EA-8E9A-EA2B1DD6347F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{33F219F2-6417-402E-A1E4-78E7CD97996D} folder moved successfully.
C:\Users\yoshi\AppData\Local\{57ADFDCF-3058-4293-9DC4-9A07709BD855} folder moved successfully.
C:\Users\yoshi\AppData\Local\{6C5091E7-78D4-4530-AE3C-A61B9494E819} folder moved successfully.
C:\Users\yoshi\AppData\Local\{6CEB0EA9-B1B2-4896-8B93-E8E8DC05FFFB} folder moved successfully.
C:\Users\yoshi\AppData\Local\{76407DE5-37D8-4254-9C15-A6E0A4BE8570} folder moved successfully.
C:\Users\yoshi\AppData\Local\{766B2D0A-4BC8-40C6-96BE-73441F2D2A1B} folder moved successfully.
C:\Users\yoshi\AppData\Local\{87D11343-4CA8-49A6-8674-B34171DC518F} folder moved successfully.
C:\Users\yoshi\AppData\Local\{95488398-4FCE-4DCA-9FD9-4CE5FD414D4A} folder moved successfully.
C:\Users\yoshi\AppData\Local\{96E54F8D-AD45-4FCC-B6B7-82319DD813B9} folder moved successfully.
C:\Users\yoshi\AppData\Local\{A55E1F9E-60D7-4CFF-8029-D2FCDD0E88E5} folder moved successfully.
C:\Users\yoshi\AppData\Local\{C5041D06-C962-4235-B9E7-32870A4F3EE1} folder moved successfully.
C:\Users\yoshi\AppData\Local\{CD125EE4-DE17-455E-A23D-206A247FD8F5} folder moved successfully.
C:\Users\yoshi\AppData\Local\{CD6C39CD-F424-4667-9081-8C6C6D624CC1} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DC295FF4-07ED-4C32-B424-3C7F0096D6F3} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DCF79B02-4DFF-4EA2-AB62-2BE7012D7B3A} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DEDC58B5-F1E1-4087-89CF-D0FB70131A5B} folder moved successfully.
C:\Users\yoshi\AppData\Local\{DF81E2D0-9095-41D8-8DEB-1F46F75DFEF5} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\TEMP\{B46BEA36-0B71-4A4E-AE41-87241643FA0A} folder moved successfully.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\yoshi\AppData\Local\Temp\*.exe not found.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\yoshi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\yoshi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\yoshi\Desktop\cmd.bat deleted successfully.
C:\Users\yoshi\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: yoshi
->Temp folder emptied: 923856 bytes
->Temporary Internet Files folder emptied: 2865468 bytes
->FireFox cache emptied: 63493167 bytes
->Flash cache emptied: 28080 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1093404 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 65,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09012012_214614

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\traking_settings folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager\2.2.565.25 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Users\yoshi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
__________________
Antwort

Themen zu GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7
avira, bildschirm, browser, chip.de, downloader, driver genius, error, excel, fehler, flash player, format, google, google earth, helper, home, install.exe, league of legends, mozilla, nvidia update, programm, realtek, registry, richtlinie, rundll, scan, security, server, software, svchost.exe, system error, tcp, trojaner, usb 2.0, usenext, version., visual studio


« Win32/Obfuscator.xz entdeckt.. | GVU Virus eingefangen - Malwarebytes Scan durchgeführt »


Ähnliche Themen: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Mehrere Trojaner (trojan.banker, trojan.agent), pup.funmoods
    Log-Analyse und Auswertung - 01.05.2013 (6)
  4. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  5. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  6. Problem mit Trojan.BHO und Trojan.Banker
    Log-Analyse und Auswertung - 11.09.2012 (1)
  7. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  8. Trojan.Banker / Spy.Banker - weitere Vorgehensweise?
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  9. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  10. Trojan.Agent,Trojan.Banker,PUP.Blabbers .
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  11. Trojan.Banker und Trojan.Agend oft mit Antivir gelöscht aber immer wieder gekommen.
    Log-Analyse und Auswertung - 11.07.2012 (2)
  12. 50 € Virus , trojan.Banker, Trojan.Ransom
    Log-Analyse und Auswertung - 14.02.2012 (1)
  13. Infiziert mit Trojan.Passwords und Trojan.Banker
    Log-Analyse und Auswertung - 13.01.2012 (9)
  14. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  15. Trojan.Banker - 100 tan Trojaner Commerzbank
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  16. Trojan.Banker, Trojan.Agent u.a.
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (18)
  17. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 - Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( nicht woanders hin ). Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc. - GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7...
Archiv
Du betrachtest: GVU Trojaner (Trojan.Banker & Trojan.PWS) auf Win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131