Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trying to remove the "pay 200 bucks virus" need some help


  • Please log in to reply

#1
revnu

revnu

    New Member

  • Member
  • Pip
  • 2 posts
Hallo,

i friend of mine has this virus.....then windows starts after logon he sees a page. It says, that he has a trojan and has to pay 200 bucks. from there he only could hard-off the machine. taskmanager,etc dont work.

He is a absolute-DOW so he asked me to remove the virus. I booted in safemode with networkdrivers and installed malwarebytes. But malwarebytes didnt find anything.

So now i try it with OTL.

here is the quickscanlog:

OTL logfile created on: 6/14/2012 6:16:57 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Hartmut\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.64% Memory free
8.00 Gb Paging File | 7.20 Gb Available in Paging File | 90.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 102.19 Gb Free Space | 68.56% Space Free | Partition Type: NTFS
Drive D: | 134.39 Gb Total Space | 55.89 Gb Free Space | 41.59% Space Free | Partition Type: NTFS

Computer Name: HARTMUT-PC | User Name: Hartmut | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 18:01:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hartmut\Desktop\OTL.exe
PRC - [2012/03/19 13:38:48 | 002,279,296 | ---- | M] (TeamViewer GmbH) -- c:\users\hartmut\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe
PRC - [2012/03/19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Users\Hartmut\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/06/04 20:53:16 | 000,844,384 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/06/04 20:40:07 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012/05/05 19:19:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 19:40:49 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/17 17:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/21 14:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/10/28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010/09/23 22:59:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/22 16:21:58 | 000,304,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2009/06/17 12:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/04 20:54:31 | 000,094,280 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012/06/04 20:53:55 | 000,045,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012/06/04 20:43:00 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/07/01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010/02/24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010/01/19 14:25:15 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/27 09:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:11:42 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/26 22:25:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/06/04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 15:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/13 03:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/10/31 14:41:20 | 000,142,352 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2012/06/04 20:40:28 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012/06/04 20:35:37 | 000,033,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009/08/05 17:58:30 | 000,057,920 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 17:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 17:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - [2009/08/05 17:56:12 | 000,014,904 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/10/31 17:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 0A B2 3B 9F E8 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {99E54DD0-78D8-40D2-B564-CE67C964F989}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{99E54DD0-78D8-40D2-B564-CE67C964F989}: "URL" = http://www.google.de...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029
IE - HKCU\..\SearchScopes\{B44A9718-3783-4D54-892E-6821FC0787E3}: "URL" = http://de.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Hartmut\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hartmut\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hartmut\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\[email protected] [2012/06/05 20:33:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 19:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/12 00:06:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/26 19:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/12 00:06:11 | 000,000,000 | ---D | M]

[2011/03/03 15:57:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hartmut\AppData\Roaming\mozilla\Extensions
[2012/05/02 22:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hartmut\AppData\Roaming\mozilla\Firefox\Profiles\63zdv9jo.default\extensions
[2011/07/17 16:51:52 | 000,001,276 | ---- | M] () -- C:\Users\Hartmut\AppData\Roaming\Mozilla\Firefox\Profiles\63zdv9jo.default\searchplugins\suche-mit-freenetde.xml
[2011/11/11 00:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/02/12 00:16:41 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\HARTMUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\63ZDV9JO.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/04/26 19:40:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/19 12:58:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/19 12:58:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/19 12:58:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/19 12:58:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/19 12:58:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/19 12:58:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Advanced System Protector] File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Nokia Music Player\NokiaMusicPlayer.exe (Nokia)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Z-5 Speakers] C:\Program Files (x86)\Logitech\Z-5 Speakers\Z-5 Speakers.exe (Logitech©)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SEF5D.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [LDM] c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunServices: [ComfyCakesComfyCakesSave] c:\users\hartmut\saved games\microsoft games\purble place\cakescomfycakessavecomfy1288.exe File not found
O4 - Startup: C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 80.69.100.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9656DFBC-084E-416E-B43E-DBA853396FFC}: DhcpNameServer = 80.69.100.198 80.69.100.206
O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4ed8a806-fbcb-11de-9f96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4ed8a806-fbcb-11de-9f96-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{73dfc434-04f4-11df-aac9-90e6ba55698b}\Shell - "" = AutoRun
O33 - MountPoints2\{73dfc434-04f4-11df-aac9-90e6ba55698b}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 18:16:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hartmut\Desktop\OTL.exe
[2012/06/14 16:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 16:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/14 16:29:24 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\TeamViewer
[2012/06/07 07:42:47 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Rbsygqmzdja
[2012/06/04 20:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unitymedia Sicherheitspaket
[2012/06/04 20:34:56 | 000,045,624 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys
[2012/06/04 20:34:51 | 000,094,280 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsdfw.sys
[2012/06/04 20:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unitymedia
[2012/06/04 20:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2012/06/04 20:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2012/05/30 21:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012/05/30 21:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/05/30 21:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2012/05/30 21:36:39 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Advanced System Protector
[2012/05/30 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Systweak
[2012/05/30 21:36:34 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012/05/30 21:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/05/30 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2012/05/23 22:06:51 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

========== Files - Modified Within 30 Days ==========

[2012/06/14 18:01:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hartmut\Desktop\OTL.exe
[2012/06/14 16:35:01 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 16:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 16:19:58 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 16:12:29 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/06/14 16:12:14 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/06/14 16:12:05 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 16:11:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 16:11:46 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2444132576-964773649-4169356588-1000UA.job
[2012/06/13 22:21:57 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/06/13 22:21:52 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 22:21:49 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2444132576-964773649-4169356588-1000Core.job
[2012/06/13 19:04:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 19:04:05 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/13 18:55:47 | 000,001,426 | ---- | M] () -- C:\Users\Hartmut\Desktop\Registry kostenlos entrümpeln!.lnk
[2012/06/13 07:40:24 | 000,366,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 23:09:22 | 000,683,230 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/06/12 23:09:22 | 000,644,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 23:09:22 | 000,143,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/06/12 23:09:22 | 000,118,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 23:09:21 | 001,605,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/08 23:09:07 | 000,002,962 | ---- | M] () -- C:\Users\Hartmut\Documents\oAXtnsaVOqoUQjXsxQTV
[2012/06/08 18:38:00 | 000,001,603 | ---- | M] () -- C:\Users\Hartmut\Desktop\Textverarbeitung.lnk
[2012/06/04 20:54:31 | 000,094,280 | ---- | M] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsdfw.sys
[2012/06/04 20:53:55 | 000,045,624 | ---- | M] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys
[2012/06/04 20:43:00 | 000,055,960 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012/06/04 20:37:17 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Unitymedia Sicherheitspaket.lnk
[2012/06/04 20:35:37 | 000,033,408 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012/06/04 20:34:56 | 001,606,942 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/01 22:15:45 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\vtfoNGTeAgXoqJUspuxlq
[2012/05/30 21:36:46 | 000,001,204 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/05/30 21:36:33 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk

========== Files Created - No Company Name ==========

[2012/06/14 16:35:01 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/08 21:55:19 | 000,001,426 | ---- | C] () -- C:\Users\Hartmut\Desktop\Registry kostenlos entrümpeln!.lnk
[2012/06/04 20:43:00 | 000,055,960 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012/06/04 20:37:17 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Unitymedia Sicherheitspaket.lnk
[2012/06/04 20:35:37 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012/05/30 21:36:46 | 000,001,204 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2012/05/30 21:36:44 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2012/05/30 21:36:40 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/05/30 21:36:40 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/05/30 21:36:33 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2012/05/23 22:06:01 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2444132576-964773649-4169356588-1000UA.job
[2012/05/23 22:06:01 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2444132576-964773649-4169356588-1000Core.job
[2011/02/14 17:01:04 | 000,000,241 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010/10/18 00:26:53 | 000,000,571 | ---- | C] () -- C:\Windows\SysWow64\FeMakro.ini
[2010/10/18 00:26:53 | 000,000,497 | ---- | C] () -- C:\Windows\SysWow64\FeAnim.ini
[2010/09/30 16:11:11 | 000,013,312 | ---- | C] () -- C:\Users\Hartmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/05/30 21:36:47 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Advanced System Protector
[2010/10/13 23:22:57 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Ahnenblatt
[2010/05/14 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Ashampoo
[2011/11/06 01:01:34 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Atzy
[2010/10/25 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Buhl Data Service
[2009/11/19 21:47:34 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\capella-software
[2010/05/11 11:15:22 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/18 00:08:50 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Duden
[2012/01/20 18:14:36 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Dulyy
[2011/09/02 19:36:32 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Epson
[2010/11/08 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\GlarySoft
[2011/10/31 11:02:09 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Igdiat
[2010/09/11 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\MAGIX
[2010/10/19 22:36:35 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\MyHeritage
[2010/05/27 20:58:24 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Nokia
[2009/11/23 19:21:55 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\OpenOffice.org
[2010/04/16 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\PC Suite
[2011/10/17 18:49:19 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Peydid
[2011/07/23 22:16:32 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\ProtectDisc
[2012/06/07 20:13:48 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Rbsygqmzdja
[2010/02/20 23:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Steganos
[2012/05/30 21:36:48 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Systweak
[2010/02/23 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\TablePlanner
[2012/06/14 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\TeamViewer
[2010/04/12 19:51:58 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2009/11/20 22:43:27 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\TuneUp Software
[2010/02/23 19:50:22 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\XSManager
[2011/04/17 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\YoWindow
[2012/06/14 16:12:14 | 000,000,280 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012/06/13 22:21:57 | 000,000,288 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2012/04/17 18:25:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/30 18:30:00 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\TWIN XP 1-Klick-Optimierung.job
[2012/05/15 17:30:00 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\TWIN XP Live-Update.job

========== Purity Check ==========



< End of report >


on the Desktop he has a txt called "ACHTUNG-LESEN.txt" (i attached it). it is written in german (were from germany) and it says that he hast to pay a 200 € ukash-code to the email: "[email protected]". perhaps this helps to identify what virus exaclty he felt victim of.

Would be very gratefull, if someone can show me how to remove.

thx.

revnu

Mod Edit: Removed code tags.-ST.

Attached Files


  • 0

Advertisements


#2
revnu

revnu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OHHH i have bad news :(((

i just realised that ALL his personal Data is crypted now, and has randomnames without .jpg, .doc, etc.

:((((

i tried to add .jpg to few of the crypted pics.....they dont open. im reylly sure the virus has crypted it.

I heared of such viruses back in days, but this is the first time i see one of them in action.

such jerks, that they try to make money that way.

my friend now accepted the loss of all his data. hes new to computers and very old.....

he said i should make windows new....so i think itz the best to do that.

greetz
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP