GVU Trojaner blockiert abgesicherten Modus

Parkerpit · 29.07.2013, 12:48

Hallo @all,

Habe seit eben einen sehr hartnäckigen Vertreter des GVU Trojaners auf meinem PC.
Abgesicherter Modus wird sofort wieder "Heruntergefahren".
Hab mir grade schon OTLPENet.exe auf eine CD gebrannt und einen Scan durchlaufen lassen.
Hier der Inhalt der OTL.txt Datei
was kann ich nun tun?

Code:

ATTFilter

OTL logfile created on: 7/29/2013 3:35:02 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 100.00 Mb Total Space | 74.19 Mb Free Space | 74.19% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 88.13 Gb Free Space | 90.24% Space Free | Partition Type: NTFS
Drive E: | 119.53 Mb Total Space | 58.87 Mb Free Space | 49.25% Space Free | Partition Type: FAT32
Drive F: | 292.97 Gb Total Space | 197.10 Gb Free Space | 67.28% Space Free | Partition Type: NTFS
Drive G: | 540.79 Gb Total Space | 365.79 Gb Free Space | 67.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/19 19:15:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/06/12 12:57:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/08 06:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- F:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010/09/20 19:15:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/28 02:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto] -- F:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/07 12:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (dgderdrv)
DRV - [2013/06/19 12:50:40 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/22 12:14:18 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130728.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 12:14:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130728.020\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- F:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS -- (SymNetS)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/03/26 15:27:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/03/26 15:27:47 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/12/04 22:06:12 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130726.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/28 19:57:26 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/15 04:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/09/06 13:51:55 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- F:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/07/27 02:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2010/07/27 02:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 02:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 12:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/26 22:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/26 22:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/04/26 22:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2009/09/28 04:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/06 14:00:00 | 000,906,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- F:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/29 10:29:58 | 000,211,072 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- F:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 9B 07 62 D4 8B CE 01  [binary data]
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: F:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: F:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: F:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: F:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/07/29 06:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 19:40:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012/12/08 08:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 19:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/14 12:23:29 | 000,000,000 | ---D | M]
 
[2013/02/14 12:14:25 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/01/29 12:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 10:02:49 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 10:02:49 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 10:02:49 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 10:02:49 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 10:02:49 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/01/09 19:02:53 | 000,428,601 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14755 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\PG_ON_F\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] F:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] F:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser] F:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [IJNetworkScanUtility] F:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LWS] F:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\PG_ON_F..\Run: [AdobeBridge]  File not found
O4 - HKU\PG_ON_F..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\PG_ON_F..\Run: [KiesHelper] F:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\PG_ON_F..\Run: [KiesPDLR] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\PG_ON_F..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] F:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe ()
O4 - HKLM..\RunOnce: [*WerKernelReporting] F:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\PG_ON_F Winlogon: Shell - (cmd.exe) - F:\Windows\System32\cmd.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/28 16:52:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/21 16:27:26 | 000,000,000 | ---D | C] -- F:\Users\PG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013/07/21 16:27:26 | 000,000,000 | ---D | C] -- F:\Program Files\GPU-Z
[2013/07/09 20:00:51 | 002,706,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2013/07/09 20:00:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/07/09 20:00:49 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/07/09 20:00:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2013/07/09 20:00:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/07/09 20:00:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/07/09 20:00:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/07/09 20:00:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/07/09 20:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/07/09 20:00:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/07/09 20:00:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/09 16:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\qedit.dll
[2013/07/09 16:08:02 | 001,620,480 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMVDECOD.DLL
[2013/07/09 16:08:01 | 001,247,744 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2013/07/09 16:07:58 | 002,347,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32k.sys
[2013/06/30 13:54:00 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/30 13:53:04 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2013/06/30 13:53:03 | 000,000,000 | ---D | C] -- F:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/09/05 10:25:28 | 000,642,685 | ---- | C] (Xvid team                                                   ) -- F:\Users\PG\AppData\Roaming\xvid.exe
[2010/09/05 10:25:22 | 004,284,535 | ---- | C] (ffdshow                                                     ) -- F:\Users\PG\AppData\Roaming\ffdshow.exe
[2010/09/05 10:25:22 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- F:\Users\PG\AppData\Roaming\Imgburn.exe
[2010/09/05 10:25:12 | 004,182,178 | ---- | C] (The Public) -- F:\Users\PG\AppData\Roaming\Avisynth.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/29 06:46:45 | 000,013,472 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 06:46:45 | 000,013,472 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 06:39:31 | 000,001,086 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 06:39:20 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/07/29 06:39:19 | 000,000,000 | ---- | M] () -- F:\Windows\System32\drivers\lvuvc.hs
[2013/07/29 06:39:15 | 1610,014,720 | -HS- | M] () -- F:\hiberfil.sys
[2013/07/29 06:30:00 | 000,001,090 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 06:11:37 | 360,750,586 | ---- | M] () -- F:\Windows\MEMORY.DMP
[2013/07/29 05:50:47 | 001,084,737 | ---- | M] () -- F:\ProgramData\2433f433
[2013/07/29 05:50:47 | 001,084,703 | ---- | M] () -- F:\Users\PG\AppData\Local\2433f433
[2013/07/29 05:50:47 | 001,084,691 | ---- | M] () -- F:\Users\PG\AppData\Roaming\2433f433
[2013/07/28 18:57:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/28 16:52:25 | 000,002,170 | ---- | M] () -- F:\Users\Public\Desktop\Google Earth.lnk
[2013/07/28 16:52:25 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/21 16:37:13 | 000,001,165 | ---- | M] () -- F:\Users\PG\Desktop\CoreTemp.ini
[2013/07/21 16:35:08 | 000,000,624 | ---- | M] () -- F:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/07/16 11:00:27 | 004,319,740 | ---- | M] () -- F:\Users\PG\Desktop\KSKBild.jpg
[2013/07/14 15:10:35 | 000,654,150 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/07/14 15:10:35 | 000,616,032 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/07/14 15:10:35 | 000,130,022 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/07/14 15:10:35 | 000,106,412 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/07/14 07:31:34 | 000,101,551 | ---- | M] () -- F:\Users\PG\Desktop\Unbenannt.jpg
[2013/07/14 07:31:27 | 000,154,775 | ---- | M] () -- F:\Users\PG\Desktop\Unbenannt.png
[2013/07/10 18:09:54 | 003,838,192 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/07/09 19:43:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/30 18:56:44 | 002,366,615 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2497.JPG
[2013/06/30 18:56:36 | 002,678,879 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2299.JPG
[2013/06/30 18:16:04 | 000,139,082 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2699.JPG
[2013/06/30 18:11:42 | 000,225,275 | ---- | M] () -- F:\Users\PG\Desktop\gymshark-copy.jpg
[2013/06/30 17:12:58 | 000,120,335 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2700.JPG
[2013/06/30 17:12:57 | 000,115,321 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2698.JPG
[2013/06/30 13:54:03 | 000,001,753 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 13:54:03 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
 
========== Files Created - No Company Name ==========
 
[2013/07/29 05:50:47 | 001,084,737 | ---- | C] () -- F:\ProgramData\2433f433
[2013/07/29 05:50:47 | 001,084,703 | ---- | C] () -- F:\Users\PG\AppData\Local\2433f433
[2013/07/29 05:50:47 | 001,084,691 | ---- | C] () -- F:\Users\PG\AppData\Roaming\2433f433
[2013/07/28 16:52:23 | 000,002,170 | ---- | C] () -- F:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:33:56 | 000,001,165 | ---- | C] () -- F:\Users\PG\Desktop\CoreTemp.ini
[2013/07/21 16:33:35 | 000,763,856 | ---- | C] () -- F:\Users\PG\Desktop\Core Temp.exe
[2013/07/21 16:33:35 | 000,000,067 | ---- | C] () -- F:\Users\PG\Desktop\Core Temp Gadget & Addons.url
[2013/07/21 16:30:04 | 000,000,624 | ---- | C] () -- F:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/07/21 16:28:18 | 000,208,739 | ---- | C] () -- F:\Users\PG\Desktop\All_CPU_Meter_V4.7.gadget
[2013/07/16 11:00:24 | 004,319,740 | ---- | C] () -- F:\Users\PG\Desktop\KSKBild.jpg
[2013/07/14 07:31:34 | 000,101,551 | ---- | C] () -- F:\Users\PG\Desktop\Unbenannt.jpg
[2013/07/14 07:31:27 | 000,154,775 | ---- | C] () -- F:\Users\PG\Desktop\Unbenannt.png
[2013/06/30 18:56:26 | 002,678,879 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2299.JPG
[2013/06/30 18:56:25 | 002,366,615 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2497.JPG
[2013/06/30 18:56:25 | 000,071,373 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2039.JPG
[2013/06/30 17:48:46 | 000,225,275 | ---- | C] () -- F:\Users\PG\Desktop\gymshark-copy.jpg
[2013/06/30 16:58:47 | 000,120,335 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2700.JPG
[2013/06/30 16:58:46 | 000,139,082 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2699.JPG
[2013/06/30 16:58:45 | 000,115,321 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2698.JPG
[2013/06/30 13:54:01 | 000,001,753 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2013/02/13 19:43:54 | 095,023,320 | ---- | C] () -- F:\ProgramData\3028783.pad
[2012/04/02 18:58:13 | 000,000,000 | ---- | C] () -- F:\Windows\System32\cd.dat
[2012/02/02 20:19:10 | 000,116,224 | ---- | C] () -- F:\Windows\System32\pdfcmnnt.dll
[2011/12/14 21:42:41 | 000,000,132 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/12 18:08:40 | 000,000,100 | ---- | C] () -- F:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/26 11:26:48 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe
[2011/06/21 10:48:00 | 000,252,928 | ---- | C] () -- F:\Windows\System32\DShowRdpFilter.dll
[2011/06/21 10:47:17 | 000,066,048 | ---- | C] () -- F:\Windows\System32\PrintBrmUi.exe
[2011/06/07 05:13:38 | 000,974,848 | ---- | C] () -- F:\Windows\System32\cis-2.4.dll
[2011/06/07 05:13:38 | 000,081,920 | ---- | C] () -- F:\Windows\System32\issacapi_bs-2.3.dll
[2011/06/07 05:13:38 | 000,065,536 | ---- | C] () -- F:\Windows\System32\issacapi_pe-2.3.dll
[2011/06/07 05:13:38 | 000,057,344 | ---- | C] () -- F:\Windows\System32\issacapi_se-2.3.dll
[2011/03/26 20:06:00 | 000,022,328 | ---- | C] () -- F:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/26 20:05:26 | 000,103,736 | ---- | C] () -- F:\Windows\System32\PnkBstrB.exe
[2011/03/26 20:05:22 | 000,066,872 | ---- | C] () -- F:\Windows\System32\PnkBstrA.exe
[2011/03/26 20:05:09 | 000,000,301 | ---- | C] () -- F:\Windows\game.ini
[2011/02/18 14:18:23 | 000,000,132 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/12 16:18:25 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/10 19:02:12 | 000,110,592 | ---- | C] () -- F:\Windows\System32\FsUsbExDevice.Dll
[2010/10/10 19:02:12 | 000,036,640 | ---- | C] () -- F:\Windows\System32\FsUsbExDisk.Sys
[2010/09/09 18:23:14 | 000,000,056 | -H-- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/09/05 10:25:27 | 000,022,328 | ---- | C] () -- F:\Users\PG\AppData\Roaming\PnkBstrK.sys
[2010/09/05 10:25:20 | 016,494,080 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0009.avi
[2010/09/05 10:25:20 | 003,504,128 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0008.avi
[2010/09/05 10:25:19 | 008,073,728 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0006.avi
[2010/09/05 10:25:19 | 003,851,776 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0007.avi
[2010/09/05 10:25:19 | 000,542,720 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0005.avi
[2010/09/05 10:25:17 | 011,929,600 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0004.avi
[2010/09/05 10:25:17 | 001,976,320 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0003.avi
[2010/09/05 10:25:16 | 010,129,408 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0002.avi
[2010/09/05 10:25:14 | 019,793,920 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0001.avi
[2010/09/05 10:18:43 | 000,003,584 | ---- | C] () -- F:\Users\PG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 10:18:43 | 000,000,107 | ---- | C] () -- F:\Users\PG\AppData\default.pls
[2010/09/04 18:35:53 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2010/09/04 18:35:53 | 000,000,000 | ---- | C] () -- F:\Windows\System32\atiicdxx.dat
[2010/07/27 02:03:20 | 010,829,656 | ---- | C] () -- F:\Windows\System32\LogiDPP.dll
[2010/07/27 02:03:20 | 000,102,744 | ---- | C] () -- F:\Windows\System32\LogiDPPApp.exe
[2010/07/27 02:03:18 | 000,290,648 | ---- | C] () -- F:\Windows\System32\DevManagerCore.dll
[2010/07/27 01:56:04 | 000,090,411 | ---- | C] () -- F:\Windows\System32\lvcoinst.ini
[2010/05/07 12:46:36 | 000,014,168 | ---- | C] () -- F:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 12:43:30 | 000,025,824 | ---- | C] () -- F:\Windows\System32\drivers\LVPr2Mon.sys
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- F:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- F:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- F:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- F:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,838,192 | ---- | C] () -- F:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- F:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- F:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\System32\mlang.dat
[2007/08/16 09:17:50 | 000,143,360 | ---- | C] () -- F:\Windows\System32\nsldap32v50.dll
[2007/06/22 21:44:50 | 000,009,760 | ---- | C] () -- F:\Windows\System32\34CoInstaller.dll
[2005/12/21 10:57:04 | 000,024,576 | ---- | C] () -- F:\Windows\System32\nsldappr32v50.dll
[2005/12/21 10:54:34 | 000,040,960 | ---- | C] () -- F:\Windows\System32\nsldapssl32v50.dll
[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- F:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2013/06/30 13:53:45 | 000,000,000 | ---D | M] -- F:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/10/24 13:51:11 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2011/11/08 19:19:42 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonIJScan
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/02/10 18:04:19 | 000,000,000 | ---D | M] -- F:\ProgramData\FreeHideIP
[2013/05/26 13:35:00 | 000,000,000 | ---D | M] -- F:\ProgramData\IBUpdaterService
[2011/09/12 18:07:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Intermedia Software
[2010/10/13 19:03:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Phase6
[2010/09/21 10:26:09 | 000,000,000 | ---D | M] -- F:\ProgramData\regid.1986-12.com.adobe
[2011/09/02 18:17:38 | 000,000,000 | ---D | M] -- F:\ProgramData\Samsung
[2010/10/24 13:16:03 | 000,000,000 | ---D | M] -- F:\ProgramData\StarMoney 7.0
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2013/06/25 19:21:01 | 000,000,000 | ---D | M] -- F:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/07/05 21:48:26 | 000,000,000 | ---D | M] -- F:\ProgramData\tmp
[2010/09/04 18:52:41 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/02/23 17:57:22 | 000,000,000 | ---D | M] -- F:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/03/05 08:23:53 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 65 bytes -> F:\Users\PG\Desktop\zusammenfassung KSK (Alexander Ronges in Konflikt stehende Kopie 2013-07-02).doc:com.dropbox.attributes
@Alternate Data Stream - 122 bytes -> F:\ProgramData\TEMP:F7F48F12
< End of report >

schrauber · 29.07.2013, 13:17

hi,

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\PG_ON_F..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] F:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe ()
20 - HKU\PG_ON_F Winlogon: Shell - (cmd.exe) - F:\Windows\System32\cmd.exe (Microsoft Corporation)
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

neu booten

Parkerpit · 29.07.2013, 13:47

Hi

Hat leider iwie nich so richtig funktioniert :/

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Run not found.
F:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
 
User: Default User
 
User: PG
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267856324 bytes
 
Total Files Cleaned = 255.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 07292013_162626

Nach Neustart kommt ne Fehlermeldung dass F:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe nicht vorhanden ist
und dann war der GVU Bildschirm auf einmal wieder da

Parkerpit · 29.07.2013, 14:06

Hier ein Bild

schrauber · 29.07.2013, 15:36

OTL stinkt

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Parkerpit · 29.07.2013, 16:01

haha thx

also das hat jetzt schonmal geklappt

hier die Log Datei

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2013
Ran by SYSTEM on 29-07-2013 20:54:22
Running from H:\
Windows 7 Professional (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [165208 2010-05-07] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1828136 2007-08-08] (Nero AG)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-03-24] (CANON INC.)
HKLM\...\Run: [IJNetworkScanUtility] - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3508624 2012-01-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [360448 2009-07-14] (Microsoft Corporation)
HKU\PG\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-08-03] (Nero AG)
HKU\PG\...\Run: [AdobeBridge] -  [x]
HKU\PG\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2012-01-04] ()
HKU\PG\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [ 2012-01-04] (Samsung)
HKU\PG\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\PG\...\Command Processor: "C:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe" <===== ATTENTION!
Startup: C:\Users\PG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-30] (Symantec Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2011-03-27] ()
S2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [103736 2011-03-27] ()
S2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [554160 2011-11-08] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

==================== Drivers (Whitelisted) ====================

S3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [906368 2007-07-06] (NXP Semiconductors Germany GmbH)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-16] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-03-26] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-26] (Symantec Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-09-15] ()
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130726.001\IDSvix86.sys [386720 2012-12-05] (Symantec Corporation)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2010-09-06] (Meetinghouse Data Communications)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130729.003\NAVENG.SYS [93272 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130729.003\NAVEX15.SYS [1611992 2013-05-22] (Symantec Corporation)
S3 RT2500; C:\Windows\System32\DRIVERS\RT2500.sys [211072 2004-07-29] (Ralink Technology Inc.)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-16] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-05] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-21] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-05] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-25] (Symantec Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2011-12-29] (AnchorFree Inc)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 21:26 - 2013-07-29 21:26 - 00000000 ____D C:\_OTL
2013-07-29 20:54 - 2013-07-29 20:54 - 00000000 ____D C:\FRST
2013-07-29 20:29 - 2013-07-30 00:55 - 00078832 _____ C:\OTL.Txt
2013-07-29 11:11 - 2013-07-29 11:11 - 00143736 _____ C:\Windows\Minidump\072913-27312-01.dmp
2013-07-29 10:50 - 2013-07-29 10:50 - 01084737 _____ C:\ProgramData\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084703 _____ C:\Users\PG\AppData\Local\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084691 _____ C:\Users\PG\AppData\Roaming\2433f433
2013-07-29 00:24 - 2013-07-29 00:24 - 00131072 ____N C:\Windows\Minidump\072913-31796-01.dmp
2013-07-28 22:28 - 2013-07-28 22:28 - 00131072 ____N C:\Windows\Minidump\072813-34609-01.dmp
2013-07-28 21:52 - 2013-07-28 21:52 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-21 21:33 - 2013-07-21 21:37 - 00001165 _____ C:\Users\PG\Desktop\CoreTemp.ini
2013-07-21 21:33 - 2013-03-01 16:44 - 00763856 _____ C:\Users\PG\Desktop\Core Temp.exe
2013-07-21 21:33 - 2012-10-14 20:11 - 00025980 _____ C:\Users\PG\Desktop\Changes.txt
2013-07-21 21:33 - 2010-09-06 02:55 - 00003630 _____ C:\Users\PG\Desktop\Readme.txt
2013-07-21 21:33 - 2010-08-29 14:08 - 00000067 _____ C:\Users\PG\Desktop\Core Temp Gadget & Addons.url
2013-07-21 21:33 - 2010-06-30 17:32 - 00006594 _____ C:\Users\PG\Desktop\License.txt
2013-07-21 21:30 - 2013-07-21 21:35 - 00000624 _____ C:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-07-21 21:28 - 2013-06-06 19:18 - 00208739 _____ C:\Users\PG\Desktop\All_CPU_Meter_V4.7.gadget
2013-07-21 21:27 - 2013-07-21 21:27 - 00000000 ____D C:\Program Files\GPU-Z
2013-07-16 23:43 - 2013-07-16 23:43 - 00131072 ____N C:\Windows\Minidump\071713-29437-01.dmp
2013-07-10 01:00 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 01:00 - 2013-06-12 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 01:00 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 01:00 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 01:00 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 01:00 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-09 21:08 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-09 21:08 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-09 21:08 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-09 21:07 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-30 18:54 - 2013-06-30 18:54 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified Files and Folders =======

2013-07-29 21:26 - 2013-07-29 21:26 - 00000000 ____D C:\_OTL
2013-07-29 20:54 - 2013-07-29 20:54 - 00000000 ____D C:\FRST
2013-07-29 20:26 - 2010-09-04 23:52 - 00000000 ____D C:\users\PG
2013-07-29 17:08 - 2010-09-04 23:36 - 01306118 _____ C:\Windows\WindowsUpdate.log
2013-07-29 17:03 - 2010-09-09 16:19 - 00000000 ____D C:\Windows\System32\logishrd
2013-07-29 17:03 - 2009-07-14 05:39 - 00136894 _____ C:\Windows\setupact.log
2013-07-29 11:46 - 2009-07-14 05:34 - 00013472 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 11:46 - 2009-07-14 05:34 - 00013472 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 11:39 - 2010-09-09 16:12 - 00000000 _____ C:\Windows\System32\Drivers\lvuvc.hs
2013-07-29 11:11 - 2013-07-29 11:11 - 00143736 _____ C:\Windows\Minidump\072913-27312-01.dmp
2013-07-29 11:11 - 2011-08-15 00:16 - 360750586 _____ C:\Windows\MEMORY.DMP
2013-07-29 11:11 - 2011-08-15 00:16 - 00000000 ____D C:\Windows\Minidump
2013-07-29 10:50 - 2013-07-29 10:50 - 01084737 _____ C:\ProgramData\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084703 _____ C:\Users\PG\AppData\Local\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084691 _____ C:\Users\PG\AppData\Roaming\2433f433
2013-07-29 10:19 - 2012-06-07 19:03 - 00000000 ____D C:\Users\PG\AppData\Roaming\Dropbox
2013-07-29 00:24 - 2013-07-29 00:24 - 00131072 ____N C:\Windows\Minidump\072913-31796-01.dmp
2013-07-29 00:16 - 2010-09-05 15:29 - 00000000 ____D C:\Users\PG\AppData\Roaming\Skype
2013-07-28 22:28 - 2013-07-28 22:28 - 00131072 ____N C:\Windows\Minidump\072813-34609-01.dmp
2013-07-28 21:52 - 2013-07-28 21:52 - 00002170 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-07-28 21:52 - 2011-02-19 16:51 - 00000000 ____D C:\Program Files\Google
2013-07-21 21:37 - 2013-07-21 21:33 - 00001165 _____ C:\Users\PG\Desktop\CoreTemp.ini
2013-07-21 21:35 - 2013-07-21 21:30 - 00000624 _____ C:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
2013-07-21 21:27 - 2013-07-21 21:27 - 00000000 ____D C:\Program Files\GPU-Z
2013-07-19 01:20 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-07-16 23:43 - 2013-07-16 23:43 - 00131072 ____N C:\Windows\Minidump\071713-29437-01.dmp
2013-07-14 20:10 - 2010-09-04 23:45 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 12:00 - 2010-09-07 12:02 - 00131318 _____ C:\Windows\PFRO.log
2013-07-12 22:00 - 2010-09-06 18:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-12 12:49 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 23:09 - 2009-07-14 05:33 - 03838192 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 23:08 - 2012-02-05 23:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 23:08 - 2009-07-14 09:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:08 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 00:54 - 2012-12-08 13:58 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 00:07 - 2012-08-18 00:12 - 00000000 ____D C:\Users\PG\Desktop\Laura
2013-07-08 00:00 - 2012-02-27 22:39 - 00000000 ____D C:\Users\PG\Desktop\Titelbilder
2013-07-07 01:06 - 2013-04-03 23:48 - 00000000 ____D C:\Users\PG\Desktop\ALLES
2013-06-30 18:54 - 2013-06-30 18:54 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-30 18:53 - 2013-06-30 18:53 - 00000000 ____D C:\Program Files\iPod
2013-06-30 18:53 - 2012-09-30 18:40 - 00000000 ____D C:\Program Files\iTunes
2013-06-30 18:53 - 2012-02-23 22:53 - 00000000 ____D C:\Program Files\Common Files\Apple

Files to move or delete:
====================
C:\ProgramData\3028783.pad
C:\Users\PG\autorun.dat
C:\Users\PG\AutoRun.exe
C:\Users\PG\EASetup.exe
C:\Users\PG\nfsdemo.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-12 23:15:37
Restore point made on: 2013-06-20 00:14:49
Restore point made on: 2013-06-30 20:01:07
Restore point made on: 2013-07-10 00:40:50
Restore point made on: 2013-07-24 17:26:10

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 2047.24 MB
Available physical RAM: 1578.43 MB
Total Pagefile: 2047.24 MB
Available Pagefile: 1582.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.97 GB) (Free:197.26 GB) NTFS
Drive d: (Volume) (Fixed) (Total:97.66 GB) (Free:88.12 GB) NTFS
Drive f: (Volume) (Fixed) (Total:540.79 GB) (Free:365.79 GB) NTFS
Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:0.12 GB) (Free:0.05 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EA7A3A51)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=541 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=98 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 121 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=120 MB) - (Type=0B)


LastRegBack: 2013-07-24 17:12

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 29.07.2013, 19:33

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\PG\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\PG\...\Command Processor: "C:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe" <===== ATTENTION!
2013-07-29 10:50 - 2013-07-29 10:50 - 01084737 _____ C:\ProgramData\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084703 _____ C:\Users\PG\AppData\Local\2433f433
2013-07-29 10:50 - 2013-07-29 10:50 - 01084691 _____ C:\Users\PG\AppData\Roaming\2433f433
C:\ProgramData\3028783.pad
C:\Users\PG\autorun.dat
C:\Users\PG\AutoRun.exe
C:\Users\PG\EASetup.exe
C:\Users\PG\nfsdemo.exe
C:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

neu booten, freuen

Parkerpit · 29.07.2013, 22:35

Super

vielen Dank das hat funktioniert!!! Hammer!

hier noch die Fixlog.txt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-07-2013
Ran by SYSTEM at 2013-07-30 03:07:02 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

HKU\PG\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\PG\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\PG\AppData\Local\2433f433 => Moved successfully.
C:\Users\PG\AppData\Roaming\2433f433 => Moved successfully.
C:\ProgramData\3028783.pad => Moved successfully.
C:\Users\PG\autorun.dat => Moved successfully.
C:\Users\PG\AutoRun.exe => Moved successfully.
C:\Users\PG\EASetup.exe => Moved successfully.
C:\Users\PG\nfsdemo.exe => Moved successfully.
"C:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe" => File/Directory not found.

==== End of Fixlog ====

schrauber · 30.07.2013, 07:23

Dann jetzt Kontrollscans im normalen Modus

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

GVU Trojaner blockiert abgesicherten Modus

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner blockiert abgesicherten Modus