GVU Trojaner - Reatogo

markusg · 22.01.2013, 12:42

hi
surfst du auf illegalen seiten wie kinox.to
dann lass das.
pornoseiten sind auch gefährdet.
surfe nur noch auf von mir genannten seiten, hab keine lust alles 3 mal zu machen.
poste ein neues otl log

xb0ssi · 22.01.2013, 15:54

Danke
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/22/2013 3:50:46 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277.50 Gb Total Space | 78.44 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
Drive D: | 20.57 Gb Total Space | 12.62 Gb Free Space | 61.35% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (NMIndexingService)
SRV - [2013/01/21 17:29:35 | 000,180,224 | ---- | M] () [Auto] -- C:\Users\PC\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2013/01/08 15:52:42 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/11 06:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/11 06:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/28 10:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/09/05 10:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/17 08:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/07 01:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/05 04:20:12 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 04:18:59 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2007/12/05 04:18:53 | 000,098,984 | ---- | M] () [Auto] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/06/16 03:30:42 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto] -- C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2001/11/12 06:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot] --  -- (videX32)
DRV - File not found [Kernel | On_Demand] --  -- (SjyPkt)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2012/12/11 06:39:34 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 06:39:34 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 08:18:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/12/25 15:33:35 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2007/06/16 07:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/13 05:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007/03/26 08:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 08:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/08 12:46:44 | 000,211,456 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/08 11:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/12/01 23:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/17 03:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/06/08 03:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=1f5512de-fb7c-45ba-a0d4-e072f18b7d36&ref=homepage
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\PC_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\PC_ON_C\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\PC_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
IE - HKU\PC_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\PC_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/15 13:57:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/10 16:12:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 05:41:54 | 000,000,000 | ---D | M]
 
[2012/03/18 06:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/06 08:53:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/12/23 02:35:58 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/07/07 01:22:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/11 11:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/08 10:57:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/11 11:52:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 11:52:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/11 11:52:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 20:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/02/11 11:52:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/11 11:52:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [KMCONFIG]  File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\PC_ON_C..\Run: []  File not found
O4 - HKU\PC_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKU\PC_ON_C..\Run: [cymunem]  File not found
O4 - HKU\PC_ON_C..\Run: [Driver Whiz] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\PC_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\PC_ON_C..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\PC_ON_C..\RunOnce: [.IMinentUpdate]  File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 14:08:14 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/21 19:37:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 13:10:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/15 08:03:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/11 11:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/11 11:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/11 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/11 11:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/11 11:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/11 11:40:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/09 07:35:47 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 07:35:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/12/31 07:07:59 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\LOLReplay
[2012/12/31 07:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2010/09/02 09:05:30 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbsoft.dll
[2009/03/14 06:27:44 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009/03/14 06:27:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009/03/14 06:27:39 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009/03/14 06:27:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009/03/14 06:27:38 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009/03/14 06:27:38 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009/03/14 06:27:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009/03/14 06:27:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009/03/14 06:27:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009/03/14 06:27:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnih.exe
[2009/03/14 06:27:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009/03/14 06:27:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdncoms.exe
[2009/03/14 06:27:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2009/03/14 06:27:35 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdncfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/21 17:30:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/21 17:30:05 | 000,002,814 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/21 17:30:05 | 000,000,882 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/21 16:43:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 16:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/21 16:40:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/21 15:53:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 15:53:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/21 13:53:58 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2013/01/21 13:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 14:23:26 | 000,000,552 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for PC.job
[2013/01/19 06:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/13 11:46:33 | 000,001,999 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/13 11:43:32 | 000,681,680 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/13 11:43:32 | 000,640,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/13 11:43:32 | 000,148,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/13 11:43:32 | 000,122,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/13 10:44:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/11 11:49:29 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/11 11:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/10 13:32:31 | 234,628,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/09 10:55:04 | 003,729,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 15:52:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/08 15:52:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/03 13:34:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/31 07:07:45 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/12/31 07:07:45 | 000,001,702 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/21 17:30:05 | 000,002,814 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/21 17:30:05 | 000,000,882 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/21 17:29:49 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/11 11:49:29 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/10 13:32:31 | 234,628,757 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/31 07:07:45 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/12/31 07:07:45 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/10 15:28:01 | 000,000,051 | ---- | C] () -- C:\ProgramData\osdtngrmymcyfto
[2012/01/23 05:43:19 | 000,144,772 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/25 12:09:27 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat
[2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/02 15:31:29 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/10/02 15:31:27 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2010/10/02 15:31:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2010/10/02 15:31:25 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe
[2010/10/02 15:31:25 | 000,019,857 | ---- | C] () -- C:\Windows\unins000.dat
[2010/09/02 09:05:30 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/09/02 09:05:30 | 000,006,836 | ---- | C] () -- C:\Program Files\UNWISE.INI
[2010/08/29 12:53:20 | 000,000,000 | ---- | C] () -- C:\Users\PC\AppData\Local\prvlcl.dat
[2009/10/13 07:25:46 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009/10/13 07:25:46 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/10/10 20:14:29 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2009/08/08 02:00:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 02:00:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/24 07:18:43 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat
[2009/06/05 12:02:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/06 12:00:47 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/06 12:00:44 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/06 12:00:44 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/06 12:00:43 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/06 12:00:40 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/30 14:09:12 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/13 07:11:09 | 000,315,392 | ---- | C] () -- C:\Windows\System32\AegisI5.exe
[2009/04/13 07:11:08 | 000,295,018 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2009/04/13 07:11:08 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\rt73.bin
[2009/03/22 08:59:34 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/14 06:37:56 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2009/03/14 06:32:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/03/14 06:32:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/03/14 06:32:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/03/14 06:32:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/03/14 06:27:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2009/03/14 06:27:44 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009/03/14 06:27:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2009/03/13 17:07:43 | 000,000,140 | ---- | C] () -- C:\Users\PC\AppData\default.pls
[2009/03/12 10:07:58 | 000,000,030 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Default.PLS
[2009/03/10 11:49:00 | 000,173,568 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 12:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/11/20 19:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007/11/20 18:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007/10/02 17:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/06/22 04:28:13 | 001,018,748 | ---- | C] () -- C:\Windows\System32\nvucode.bin
[2007/06/22 03:57:55 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/06/21 05:34:37 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007/06/20 09:15:08 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007/06/13 08:38:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007/05/07 08:47:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/01/23 07:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll
[2006/12/10 23:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 10:33:31 | 000,681,680 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:33:31 | 000,148,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,729,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/20 00:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2002/03/13 07:15:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
 
========== LOP Check ==========
 
[2012/12/02 08:44:18 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\1&1 Mail & Media GmbH
[2009/09/21 13:03:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BitTorrent
[2009/03/06 06:41:20 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BullGuard
[2012/01/28 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/12/06 14:52:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Diktate
[2011/07/07 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DS-Timer
[2010/06/05 04:15:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FOG Downloader
[2010/12/06 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Freudenreich
[2010/03/11 11:04:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\gtk-2.0
[2013/01/13 05:24:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ICQ
[2009/04/13 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\InterTrust
[2012/06/12 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\JLC's Software
[2011/08/29 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Kalydo
[2009/08/31 08:22:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ldoce5
[2009/03/14 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Lexmark Productivity Studio
[2011/07/20 11:45:21 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LolClient
[2012/05/24 05:49:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LolClient2
[2009/03/23 10:56:47 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MAGIX
[2009/09/21 07:03:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org
[2009/05/22 05:40:07 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Opera
[2012/09/15 06:05:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PCCUStubInstaller
[2012/01/02 07:09:04 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Publish Providers
[2009/03/09 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sonavis
[2012/01/02 07:08:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sony
[2009/05/22 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\SuperEasy Software
[2010/02/20 06:13:05 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TeamViewer
[2011/11/21 12:21:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TS3Client
[2012/06/12 13:03:00 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TuneUp Software
[2010/06/15 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TVcentral-Core
[2012/04/03 07:37:54 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ubisoft
[2009/05/13 07:41:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ulead Systems
[2012/12/02 08:44:15 | 000,000,000 | ---D | M] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013/01/11 11:49:08 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/04/30 07:39:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/03/23 11:00:36 | 000,000,000 | ---D | M] -- C:\ProgramData\App4rTemp
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/22 11:57:06 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/07/17 11:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\AVP 2009
[2009/07/17 13:15:23 | 000,000,000 | ---D | M] -- C:\ProgramData\BullGuard
[2012/06/12 13:02:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/09/15 06:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/02 07:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2007/06/20 09:15:04 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2012/03/01 17:15:18 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/12/23 02:36:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent
[2012/06/13 11:06:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/12/23 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\IObit
[2010/03/22 09:24:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark 2600 Series
[2012/08/10 15:28:09 | 000,000,000 | ---D | M] -- C:\ProgramData\lidycxpzeffrqgw
[2012/03/01 17:46:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats
[2007/06/22 03:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/11/13 12:10:51 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2011/07/20 11:52:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2013/01/21 16:35:29 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2012/06/13 10:55:52 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2009/05/10 15:45:40 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/01/31 15:11:48 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/01/02 06:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/13 10:06:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Tandem
[2011/06/30 11:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2009/10/21 04:58:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/12 13:04:06 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/12/03 06:38:41 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2012/04/03 07:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/05/13 07:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2012/12/02 08:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\UUdb
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/07/17 09:48:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/08/22 07:39:10 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2009/03/16 13:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/02 09:07:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
[2012/06/12 13:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/04/07 08:47:27 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 09:04:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/05 13:38:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/01/21 13:53:58 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2013/01/19 04:52:42 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

--- --- ---

markusg · 22.01.2013, 16:15

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
[2013/01/21 17:30:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/21 17:30:05 | 000,002,814 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/21 17:30:05 | 000,000,882 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

xb0ssi · 22.01.2013, 16:21

========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PC

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PC

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

OTLPE by OldTimer - Version 3.1.48.0 log created on 01222013_162047

markusg · 22.01.2013, 16:22

führe jetzt combofix aus.
im normalen Betrieb

xb0ssi · 22.01.2013, 16:40

Als der Pc hochgefahren war , bekomm ich eine Fehlermeldung von Windows , ging irgendwie um Hostprocess oder so, weiß ich nicht mehr genau. Als ich mit dem Internet verbunden ist wieder der Virus gekommen.

Das hochfahren ging diesmal allerdings auch normal und hat nicht solang gedauert wie gestern. Gestern hat der noch iwas Überprüft als der hochgefahren ist.

markusg · 22.01.2013, 17:04

dann lade combofix von einem anderen pc aus, trenne die inet verbindung am betroffenen pc, kopiere combofix rüber und führe es aus, starte neu, teste das internet, wenn es geht, poste das log, falls nicht, kopiere es vom infiziertem PC

xb0ssi · 22.01.2013, 17:06

Vorher aber wieder Run Scan und Run Fix ausführen? (mit dem letzten Scipt , dass du mir geben hast?)

markusg · 22.01.2013, 17:07

nein.

xb0ssi · 22.01.2013, 17:35

Bekomm die Fehlermeldung, wenn ich ComboFix ausführe:

x:\32788R22FWJFW\023

Click Abort to stop the installation, Retry to try again, or Ignore to skip this file.

Retry und Ignore geht beides nicht

markusg · 22.01.2013, 17:39

versuchs im abgesicherten modus, bei pc start über f8

xb0ssi · 22.01.2013, 17:43

Geht nicht, kommt der Virus auch.

Aber vorhin als ich vorher Run Scan und Run Fix durchgeführt hatte, ging der Pc ja wieder normal bis ich mit Internet verbunden war, außer das diese Fehlermeldung kam...

markusg · 22.01.2013, 17:44

Ja aber wie du siehst gehts ja nicht.
Dann sichern wir daten und setzen neu auf:
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

xb0ssi · 22.01.2013, 18:55

Ich hab jetz trotzdem Run scan und Run fix ausgeführt, konnte dadurch wieder in den normalen Modus, hab Internet verbindung vorher getrennt, damit der virus sich nicht neustartet und Combofix ausgeführt, hoffe das war ok. Was jetz?

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-21.04 - PC 22.01.2013  18:17:12.1.2 - x86
ausgeführt von:: c:\users\PC\Gimp\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\programdata\SPL88CC.tmp
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-22 bis 2013-01-22  ))))))))))))))))))))))))))))))
.
.
2013-01-22 17:31 . 2013-01-22 17:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-22 00:37 . 2013-01-22 00:37	--------	d-----w-	C:\_OTL
2013-01-15 13:03 . 2013-01-03 18:34	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2013-01-11 16:49 . 2012-08-21 12:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-11 16:48 . 2013-01-11 16:48	--------	d-----w-	c:\program files\iPod
2013-01-11 16:47 . 2013-01-11 16:49	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-11 16:47 . 2013-01-11 16:49	--------	d-----w-	c:\program files\iTunes
2013-01-11 16:41 . 2013-01-11 16:41	--------	d-----w-	c:\program files\Bonjour
2013-01-09 12:35 . 2012-11-23 01:35	2048000	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:35 . 2012-11-02 10:19	1400832	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:35 . 2012-11-20 04:22	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-12-31 12:07 . 2012-12-31 12:07	--------	d-----w-	c:\program files\LOLReplay
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:52 . 2012-04-11 10:31	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:52 . 2011-05-20 12:41	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-22 01:31	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 01:31	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-11 11:39 . 2012-10-29 18:48	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 11:39 . 2012-10-29 18:48	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-14 13:18 . 2012-10-29 18:48	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-13 01:29 . 2012-12-12 11:34	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-12 11:34	916992	----a-w-	c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-12 11:34	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-12 11:34	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-12 11:34	71680	----a-w-	c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-12 11:34	109056	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-12 11:34	385024	----a-w-	c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-12 11:34	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-02 10:18 . 2012-12-12 11:34	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-12 11:34	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2010-06-03 16:24 . 2010-09-02 14:05	2736736	----a-w-	c:\program files\tbsoft.dll
2012-07-07 06:22 . 2011-04-14 18:56	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2010-11-12 111608]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 07:54	2607872	----a-w-	c:\program files\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2010-11-12 08:09	111608	----a-w-	c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54	175912	----a-w-	c:\program files\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2007-05-03 2019328]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-05 39408]
"Driver Whiz"="c:\program files\Driver Whiz\Driver Whiz\DriverWhiz.exe" [2012-12-03 3527608]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"KMCONFIG"="c:\program files\Silvercrest OM1007 driver\StartAutorun.exe" [2007-03-06 212992]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2007-12-17 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2007-12-17 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-12-17 320168]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-16 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2010-11-19 1323000]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2010-11-12 536056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-05 161336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"MailCheck IE Broker"="c:\program files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2012-11-22 1423496]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0AMQA0ADEANQAyADcAMQAwADgALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUA&prod=90&ver=9.0.872" [?]
.
c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FILSHtray.lnk - c:\program files\FILSHtray\FILSHtray.exe [2012-4-18 594432]
LOLRecorder.lnk - c:\program files\LOLReplay\LOLRecorder.exe [2012-10-31 522752]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-4-13 618496]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [x]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 15:40	1606760	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:52]
.
2013-01-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-22 18:35]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 20:56]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-10 20:56]
.
2013-01-19 c:\windows\Tasks\Norton Security Scan for PC.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-02 07:48]
.
2013-01-22 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2009-03-09 13:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.iminent.com/?appId=1f5512de-fb7c-45ba-a0d4-e072f18b7d36&ref=homepage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\GMX MailCheck\IE\GMX_MailCheck.dll
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\s6hv9myc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=1f5512de-fb7c-45ba-a0d4-e072f18b7d36&lcid=1031&ref=homepage
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=382950&p=
FF - ExtSQL: !HIDDEN! 2009-05-06 15:53; {800b5000-a755-47e1-992b-48a1c1357f07}; c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - ExtSQL: !HIDDEN! 2009-08-08 22:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
 
pref(dom.disable_open_during_load, false);FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=16418
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - bc49387d000000000000001f1f367214
FF - user.js: extensions.BabylonToolbar_i.hardId - bc49387d000000000000001f1f367214
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15316
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-cymunem - c:\users\PC\AppData\Local\bmymun.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Rogue Spear - c:\windows\IsUn0407.exe
AddRemove-GeoGebra 4.0 - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-22 18:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e&]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3321380299-4151001280-1456515107-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e&\OpenWithList]
@Class="Shell"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\softonic-de3\prxtbsof0.dll
c:\progra~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
c:\program files\7-Zip\7-zip.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Application Updater\ApplicationUpdater.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Silvercrest OM1007 driver\KMWDSrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxdnserv.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\windows\System32\rundll32.exe
c:\program files\Silvercrest OM1007 driver\KMConfig.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Silvercrest OM1007 driver\KMProcess.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-22  18:43:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-22 17:43
.
Vor Suchlauf: 15 Verzeichnis(se), 83.788.709.888 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 84.912.332.800 Bytes frei
.
- - End Of File - - FCACDEDC15B452D3A5945DC983C9FEB5

--- --- ---

markusg · 22.01.2013, 18:57

starteneu teste obs inet wieder geht

22.01.2013, 16:22	#20
markusg /// Malware-holic	GVU Trojaner - Reatogo führe jetzt combofix aus. im normalen Betrieb __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

22.01.2013, 17:07	#24
markusg /// Malware-holic	GVU Trojaner - Reatogo nein. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

22.01.2013, 17:39	#26
markusg /// Malware-holic	GVU Trojaner - Reatogo versuchs im abgesicherten modus, bei pc start über f8 __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

22.01.2013, 18:57	#30
markusg /// Malware-holic	GVU Trojaner - Reatogo starteneu teste obs inet wieder geht __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU Trojaner - Reatogo

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Reatogo