| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.12.2011, 15:08
| #1 |
 |  GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr Hallo Ihr, ich habe leider so gut wie keine Ahnung von PCs, weswegen ich mich an euch wende. Folgendes ist passiert: Bei mir tauchte der bekannte gesperrte Bildschirm auf, der mir erzählte ich habe illegal Musik runtergeladen und solle doch bitte Geld per Ukash zahlen etc. Ich habe den PC neu gestartet (normaler Modus) und mein GData durchgejagt, dies fand 2 Viren, die er löschte. Danach hab ich den PC ne gestartet, woraufhin ich folgende Fehlermeldung erhielt: 'Firewall-service not running (0x80070433)' Beim Versuch etwas an der GData Firewall zu ändern erhielt ich eine weitere Fehlermeldung. Der jetzige Stand von GData ist der, dass das Fenster sich zwar öffnet und mir auch erzählt, mein PC wäre geschützt, im Unterpunkt 'Virenwächter' steht jedoch: "Nicht aktiv". Ich kann in GData nichts mehr anklicken oder ähnliches, deswegen kann ich euch auch leider nicht den log daraus schicken D: Nach einer Weile erscheint das Fenster: Server ist ausgelastet "Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist, Klicken Sie auf "Wechseln zu", um zu der anderen Anwendung zu wechseln und das Problem zu beheben." Wenn ich das versuche, passiert nichts, ausser, dass sich der "Start-tab" öffnet. Ansonsten läuft mein PC aber 'normal'. Habe die im Forum benannten Schritte durchgeführt. defogger forderte mich aus unbekannten Grund NICHT zu einem Neustart auf, wie beschrieben. Hier der OTL-log: [CODE]OTL logfile created on: 03.12.2011 14:53:06 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Trajian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 51,30% Memory free 7,73 Gb Paging File | 5,70 Gb Available in Paging File | 73,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,66 Gb Total Space | 349,18 Gb Free Space | 76,97% Space Free | Partition Type: NTFS Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 982,14 Mb Total Space | 317,08 Mb Free Space | 32,28% Space Free | Partition Type: FAT Computer Name: TRAJIAN-PC | User Name: Trajian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.03 14:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe PRC - [2011.12.03 13:53:36 | 000,044,544 | ---- | M] () -- C:\Windows\Temp\txiqmc\setup.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.05.26 15:30:36 | 001,105,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\GUI\GDSC.exe PRC - [2011.05.25 10:07:47 | 001,434,632 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.05.20 13:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.05.20 13:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe PRC - [2011.05.11 11:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe PRC - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.02.12 15:15:42 | 004,845,640 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe PRC - [2010.01.22 09:10:50 | 001,287,760 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.01.22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.01.22 09:10:50 | 000,268,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.01.13 03:25:14 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.01.07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.12.24 02:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.12.09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.19 17:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.07.14 02:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe PRC - [2009.07.14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.12.01 14:28:31 | 001,313,744 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\5052\components\AcroFF052.dll MOD - [2011.10.12 18:51:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.12 18:50:22 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.12 18:50:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.12 18:49:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.12 18:49:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.12 18:49:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.12 18:49:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.17 15:34:55 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.16 19:11:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.02.12 15:15:42 | 004,845,640 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe MOD - [2010.01.07 02:46:56 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2011.12.03 13:53:36 | 000,044,544 | ---- | M] () [Auto | Stopped] -- C:\Windows\TEMP\txiqmc\setup.exe -- (AMService) SRV - [2011.05.27 12:31:20 | 001,557,816 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2011.05.26 02:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2011.05.26 02:06:15 | 001,456,632 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2011.05.25 10:07:47 | 001,434,632 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.05.20 13:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.05.20 02:40:34 | 000,960,504 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.20 16:46:00 | 005,671,792 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.16 10:36:14 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.18 19:55:46 | 000,842,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.01.07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.12.09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.03 05:45:15 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2011.07.11 22:18:58 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2011.07.11 22:13:10 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011.07.11 22:12:49 | 000,110,456 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011.07.11 22:12:49 | 000,063,864 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011.07.11 22:12:49 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2011.07.11 22:12:44 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.15 11:36:06 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010.04.27 19:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.16 03:14:00 | 001,084,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009.12.11 09:25:06 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.11.12 02:44:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.09.21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.22 18:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 18:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2007.02.16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.02.14 21:51:11 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Trajian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.18 04:19:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 15:04:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Trajian\AppData\Roaming\5052 [2011.12.01 14:28:32 | 000,000,000 | ---D | M] [2010.05.16 18:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trajian\AppData\Roaming\mozilla\Extensions [2010.05.17 12:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trajian\AppData\Roaming\mozilla\Firefox\Profiles\ixuw6h0j.default\extensions [2011.11.09 19:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.11.14 20:17:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.13 19:51:06 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.12.01 14:28:32 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\TRAJIAN\APPDATA\ROAMING\5052 [2011.11.09 19:22:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IjmrHbDDJ3PyrXc] C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe File not found O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S1F3.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Trajian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Userinit] C:\Users\Trajian\AppData\Roaming\appconf32.exe () O4 - Startup: C:\Users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09842729-AEA3-4864-BA91-3B42E4F573E8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88AE970-A247-41F6-8CEE-1D964C06EBFB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 00:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{229fbf0b-dacf-11df-867e-705ab6c81618}\Shell - "" = AutoRun O33 - MountPoints2\{229fbf0b-dacf-11df-867e-705ab6c81618}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{60846ddb-d08a-11df-9cbf-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{60846ddb-d08a-11df-9cbf-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{60846dec-d08a-11df-9cbf-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{60846dec-d08a-11df-9cbf-70f1a1152e1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{795f538d-d160-11df-9eb6-705ab6c81618}\Shell - "" = AutoRun O33 - MountPoints2\{795f538d-d160-11df-9eb6-705ab6c81618}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb124aba-3f70-11e0-b2c0-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{bb124aba-3f70-11e0-b2c0-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bb124ac5-3f70-11e0-b2c0-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{bb124ac5-3f70-11e0-b2c0-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ca9f8b1f-30dc-11df-b232-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ca9f8b1f-30dc-11df-b232-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {TIXrGaSC-eWNX-NSWd-i9pl-PgdxpRdF4nbF} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.03 14:17:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe [2011.12.03 05:30:19 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011.12.02 04:18:01 | 000,000,000 | ---D | C] -- C:\Users\Trajian\Desktop\ndsemu [2011.12.01 14:28:40 | 000,326,608 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Trajian\AppData\Roaming\AcroIEHelpe054.dll [2011.12.01 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\5052 [2011.11.30 13:58:24 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\UAs [2011.11.30 04:23:13 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\5051 [2011.11.30 04:23:01 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\xmldm [2011.11.30 04:21:56 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\kock [2011.11.21 22:57:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett [2011.11.14 20:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.08 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Trajian\Desktop\Forschungsvorhabenkram [1 C:\Users\Trajian\AppData\Roaming\*.tmp files -> C:\Users\Trajian\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.03 14:52:32 | 000,000,036 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\blckdom.res [2011.12.03 14:51:20 | 000,017,468 | ---- | M] () -- C:\Users\Trajian\Desktop\Unbenannt 1.odt [2011.12.03 14:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.03 14:44:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000UA.job [2011.12.03 14:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe [2011.12.03 14:14:32 | 000,000,000 | ---- | M] () -- C:\Users\Trajian\defogger_reenable [2011.12.03 14:10:56 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 14:10:56 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.03 14:01:20 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.03 14:01:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.03 14:00:56 | 3113,308,160 | -HS- | M] () -- C:\hiberfil.sys [2011.12.03 05:50:58 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 05:50:58 | 000,654,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 05:50:58 | 000,616,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 05:50:58 | 000,130,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 05:50:58 | 000,106,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.03 05:45:15 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2011.12.02 17:43:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000Core.job [2011.11.27 04:12:33 | 000,272,442 | ---- | M] () -- C:\Users\Trajian\Desktop\nsdjusgh.png [2011.11.26 23:49:36 | 000,015,454 | ---- | M] () -- C:\Users\Trajian\Desktop\MedizinblablaVorlesungblabla.odt [2011.11.26 18:15:57 | 000,001,209 | ---- | M] () -- C:\Users\Trajian\Desktop\Eigene Musik.lnk [2011.11.26 01:24:10 | 000,390,898 | ---- | M] () -- C:\Users\Trajian\Desktop\ftz.png [2011.11.26 01:14:08 | 000,362,473 | ---- | M] () -- C:\Users\Trajian\Desktop\Unbenannt.png [2011.11.22 21:31:49 | 000,001,162 | ---- | M] () -- C:\Users\Trajian\Desktop\Bilder.lnk [2011.11.10 03:43:39 | 000,400,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Trajian\AppData\Roaming\*.tmp files -> C:\Users\Trajian\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.03 14:51:19 | 000,017,468 | ---- | C] () -- C:\Users\Trajian\Desktop\Unbenannt 1.odt [2011.12.03 14:14:32 | 000,000,000 | ---- | C] () -- C:\Users\Trajian\defogger_reenable [2011.12.02 17:19:51 | 003,349,594 | ---- | C] () -- C:\Users\Trajian\Desktop\Bread.mp3 [2011.11.30 04:23:08 | 000,000,036 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\blckdom.res [2011.11.27 04:12:33 | 000,272,442 | ---- | C] () -- C:\Users\Trajian\Desktop\nsdjusgh.png [2011.11.26 23:49:34 | 000,015,454 | ---- | C] () -- C:\Users\Trajian\Desktop\MedizinblablaVorlesungblabla.odt [2011.11.26 01:24:10 | 000,390,898 | ---- | C] () -- C:\Users\Trajian\Desktop\ftz.png [2011.11.26 01:14:07 | 000,362,473 | ---- | C] () -- C:\Users\Trajian\Desktop\Unbenannt.png [2011.11.22 21:31:49 | 000,001,162 | ---- | C] () -- C:\Users\Trajian\Desktop\Bilder.lnk [2011.11.22 21:31:26 | 000,001,209 | ---- | C] () -- C:\Users\Trajian\Desktop\Eigene Musik.lnk [2011.08.18 04:03:09 | 000,007,168 | ---- | C] () -- C:\Users\Trajian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 23:14:29 | 000,344,160 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.02.23 04:40:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.02.23 04:40:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.02.23 04:40:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.02.23 04:40:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.02.23 04:40:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.02.23 04:40:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.02.23 04:40:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.02.23 04:40:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.02.23 04:40:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.02.23 04:40:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.02.23 04:40:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.02.23 04:40:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.02.23 04:40:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.02.23 04:40:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.02.23 04:40:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.02.23 04:40:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.02.23 04:40:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.02.23 04:40:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.02.23 04:40:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.02.23 04:34:01 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini [2010.11.22 16:07:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.16 18:56:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.16 17:44:04 | 000,000,396 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\wklnhst.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.12.09 16:23:13 | 000,050,656 | RHS- | C] () -- C:\Users\Trajian\AppData\Roaming\appconf32.exe ========== LOP Check ========== [2011.11.30 04:23:13 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\5051 [2011.12.01 14:28:32 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\5052 [2011.02.28 23:41:09 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Downloaded Installations [2011.10.09 23:58:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Faerie Solitaire [2011.10.11 22:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Gaijin Ent [2010.07.15 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Gamelab [2011.10.13 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\IrfanView [2011.11.30 04:21:56 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\kock [2010.08.16 02:01:45 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Mp3tag [2010.05.16 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Neopets Toolbar [2010.10.17 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\OpenOffice.org [2011.08.31 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Opera [2010.05.16 18:48:41 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Packard Bell [2010.06.03 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\SNS [2011.08.24 15:14:42 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Sony [2010.05.16 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\SYSTEMAX Software Development [2011.02.23 07:11:27 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\TeamViewer [2010.05.16 17:44:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Template [2011.02.23 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\TS3Client [2011.12.03 14:37:22 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\UAs [2011.02.23 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Vodafone [2011.12.03 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\xmldm [2011.12.02 17:43:01 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000Core.job [2011.12.03 14:44:05 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000UA.job [2011.10.23 18:37:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.16 17:01:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.03.16 10:51:12 | 000,000,000 | -H-D | M] -- C:\AcerSW [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.29 22:02:57 | 000,000,000 | ---D | M] -- C:\Intel [2010.01.29 22:16:28 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.05.16 17:01:08 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.02.23 04:34:28 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.13 19:15:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.10.10 11:34:57 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Programme [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.03 14:55:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.16 16:59:25 | 000,000,000 | R--D | M] -- C:\Users [2011.12.03 05:30:19 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\system64\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit |
|
03.12.2011, 15:44
| #2 |
| /// Malware-holic   | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ich sehe es mir an.
__________________
__________________ |
|
03.12.2011, 15:55
| #3 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr hi
__________________achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Userinit] C:\Users\Trajian\AppData\Roaming\appconf32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
MOD - [2011.12.01 14:28:31 | 001,313,744 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\5052\components\AcroFF052.dll
SRV - [2011.12.03 13:53:36 | 000,044,544 | ---- | M] () [Auto | Stopped] -- C:\Windows\TEMP\txiqmc\setup.exe -- (AMService)
PRC - [2011.12.03 13:53:36 | 000,044,544 | ---- | M] () -- C:\Windows\Temp\txiqmc\setup.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O4 - HKLM..\Run: [IjmrHbDDJ3PyrXc] C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S1F3.tmp" /EF "HKCU" File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe) - File not found
[2011.12.01 14:28:40 | 000,326,608 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Trajian\AppData\Roaming\AcroIEHelpe054.dll
[2011.12.01 14:28:31 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\5052
[2011.11.30 04:23:13 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\5051
[2011.11.30 04:23:01 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\xmldm
[2011.11.30 04:21:56 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\kock
:Files
C:\Users\Trajian\AppData\Roaming\appconf32.exe
C:\Windows\Temp\txiqmc
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
03.12.2011, 16:14
| #4 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ok, habe alles so gemacht wie beschrieben. Nach dem Hochfahren kam von GData 2x die Meldung: Virus: Win32: DNSChanger-VJ [Trj] (Engine B) Es wurde versucht, auf eine infizierte Datei zuzugreifen. Datei: 80000032.@ Verzeichnis: C:\Windows\assembly\temp\U Daten habe ich als .zip im Uploadchannel hochgeladen. Tante Edith: Ach ja, die Meldung "Firewall-Service is not running (0x80070433)" erschien auch wieder nach dem Neustart. Geändert von Trajian (03.12.2011 um 16:19 Uhr) Grund: darstellungsfehler durch smilies...und was vergessen |
|
03.12.2011, 16:24
| #5 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr hi, das war ja nur der erste streich :-) combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.12.2011, 17:02
| #6 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ok, eine doofe frage noch: combofix sagt ja ich solle alle antiviren programm oder firewalls ausstellen, aber ich kann ja eben auf diese nicht zugreifen. soll ich den punkt also einfach ignorieren und combofix einfach so ausführen? oder soll ich GData lieber direkt deinstallieren? |
|
03.12.2011, 17:12
| #7 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ne ignoriere diesen punkt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.12.2011, 17:24
| #8 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr D: aber jetzt sagt mit combofix, dass GData noch läuft und ich es unbedingt beenden soll, alles andere geschieht auf eigene Verantwortung..... ist das wirklich ok so oder sollte ich lieber in den prozessen im taskmanager oder so nach Gdata prozessen suchen und sie von hand beenden? Denn combofix kann ich grade anscheinend nicht mehr abbrechen, bin quasi einen klick bevor er loslegt. |
|
03.12.2011, 17:32
| #9 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr das ist ok so, klicke auf ok und es geht weiter
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.12.2011, 17:35
| #10 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr oh je, na gut >_____<" falls nix mehr von mir kommt, hats mir das system geshreddert xD |
|
03.12.2011, 20:11
| #11 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ähm... habe genau die anleitung befolgt, aber es ist nichts passiert. Soll heissen: Combofix gestartet, Warnungen zu GData ignoriert. Das Programm lief dann bis zu diesem Bildschirm:  Danach passierte rein gar nichts mehr. Ich habe 2 Stunden gewartet. Der Rechner ging währenddessen in den Standbye-Modus, d.h. das Programm wurde anscheinend gar nicht ausgeführt (?) ach ja: habe grade gemerkt, sobald ich über google was suche und dann von dort aus eine URL anklicke, werde ich umgeleitet zu preisvergleichseiten o.ä. Ich muss jetzt grade los, aber ich werde morgen noch einmal versuchen ComboFix zu benutzen, ausser du sagst mir was anderes. Wenn gar nichts mehr hilft muss ich den Rechner halt einmal komplett neu aufsetzen. Danke schonmal im Voraus ^^ |
|
03.12.2011, 20:13
| #12 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr hi, starte mal in den abgesicherten modus, geht bei pc start mit f8 dann versuche dort cf noch mal. dann in den normalen modus und log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2011, 22:36
| #13 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ok shit, ich hatte die letzten tage durch uni-stress keine zeit was zu machen, weil ich den PC brauche... jetzt hab ich mir auch noch "Cloud AV 2012" eingefangen. Hab schon versucht mit TDSS was zu machen, aber hat nichts gebracht... dann muss ich jetzt wohl erstmal uni ignorieren und den PC sauber bekommen... =____=" hier nochmal ein aktueller log: [QUOTE]OTL logfile created on: 06.12.2011 22:37:39 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Trajian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,72% Memory free 7,73 Gb Paging File | 5,76 Gb Available in Paging File | 74,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,66 Gb Total Space | 349,77 Gb Free Space | 77,10% Space Free | Partition Type: NTFS Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 982,14 Mb Total Space | 306,59 Mb Free Space | 31,22% Space Free | Partition Type: FAT Computer Name: TRAJIAN-PC | User Name: Trajian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.06 21:29:03 | 000,176,128 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\8C9B6\C8161.exe PRC - [2011.12.06 21:10:59 | 000,196,096 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe PRC - [2011.12.06 21:02:07 | 000,286,720 | ---- | M] () -- C:\Users\Trajian\AppData\Local\Temp\dwme.exe PRC - [2011.12.06 21:02:01 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Trajian\AppData\Local\Temp\C7F33FF.exe PRC - [2011.12.06 16:44:44 | 000,040,448 | ---- | M] () -- C:\Windows\Temp\oyrvne\setup.exe PRC - [2011.12.03 14:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.05.25 10:07:47 | 001,434,632 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2011.05.20 13:50:48 | 000,368,136 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2011.05.20 13:50:36 | 001,540,616 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe PRC - [2011.05.11 11:18:59 | 000,923,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe PRC - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.02.12 15:15:42 | 004,845,640 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe PRC - [2010.01.22 09:10:50 | 001,287,760 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.01.22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.01.22 09:10:50 | 000,268,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.01.13 03:25:14 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2010.01.07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.12.24 02:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.12.09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.19 17:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.07.14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.12.06 21:29:03 | 000,176,128 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\8C9B6\C8161.exe MOD - [2011.12.06 21:10:59 | 000,196,096 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe MOD - [2011.12.06 21:02:07 | 000,286,720 | ---- | M] () -- C:\Users\Trajian\AppData\Local\Temp\dwme.exe MOD - [2011.10.12 18:51:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.12 18:50:22 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.12 18:50:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.12 18:49:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.12 18:49:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.12 18:49:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.12 18:49:35 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.12 18:49:29 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.17 15:34:55 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.02.12 15:15:42 | 004,845,640 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe MOD - [2010.01.07 02:46:56 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2011.05.27 12:31:20 | 001,557,816 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2011.05.26 02:11:13 | 001,929,104 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlx64.exe -- (AVKWCtl) SRV - [2011.05.26 02:06:15 | 001,456,632 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2011.05.25 10:07:47 | 001,434,632 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2011.05.20 13:50:48 | 000,368,136 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2011.05.20 02:40:34 | 000,960,504 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2011.03.04 19:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe -- (AVKService) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.20 16:46:00 | 005,671,792 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.16 10:36:14 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.01.22 09:10:50 | 000,310,352 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.18 19:55:46 | 000,842,784 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.01.07 02:50:02 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.12.24 02:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.12.09 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.09 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.03 05:45:15 | 000,059,256 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2011.07.11 22:18:58 | 000,106,488 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2011.07.11 22:13:10 | 000,051,576 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2011.07.11 22:12:49 | 000,110,456 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2011.07.11 22:12:49 | 000,063,864 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2011.07.11 22:12:49 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2011.07.11 22:12:44 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.15 11:36:06 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2010.04.27 19:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.12.17 19:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.16 03:14:00 | 001,084,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2009.12.11 09:25:06 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.11.12 02:44:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.11.06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.16 12:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.09.21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.22 18:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.06.22 18:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2007.02.16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2011.02.14 21:51:11 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Trajian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.18 04:19:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 19:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 15:04:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Trajian\AppData\Roaming\5052 [2010.05.16 18:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trajian\AppData\Roaming\mozilla\Extensions [2010.05.17 12:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trajian\AppData\Roaming\mozilla\Firefox\Profiles\ixuw6h0j.default\extensions [2011.11.09 19:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.11.14 20:17:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.07.13 19:51:06 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2011.11.09 19:22:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files (x86)\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iv39od7ft9] C:\ProgramData\iv39od7ft9.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [4Y3Y0C3A1F7W1E5EWCUS] C:\Recycle.Bin\B6232F3AA39.exe (Packard Bell BV) O4 - HKCU..\Run: [4Y3Y0C3A1G6CZFZWDFPNTTSNZYXKRGH] C:\serverg.Bin\873D3F8AA39.exe () O4 - HKCU..\Run: [AB6.exe] C:\Users\Trajian\AppData\Roaming\Microsoft\6188\AB6.exe () O4 - HKCU..\Run: [Facebook Update] C:\Users\Trajian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [GaQH6dWK7R9TqYe] C:\Users\Trajian\AppData\Roaming\dwme.exe () O4 - HKCU..\Run: [oYXwkUVelBz0c18234A] C:\Users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD\Cloud AV 2012v121.exe () O4 - HKCU..\Run: [Userinit] C:\Users\Trajian\AppData\Roaming\appconf32.exe File not found O4 - Startup: C:\Users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () F3:64bit: - HKCU WinNT: Load - (C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe) - C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe () F3 - HKCU WinNT: Load - (C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe) -C:\Users\Trajian\AppData\Roaming\B6673\lvvm.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09842729-AEA3-4864-BA91-3B42E4F573E8}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88AE970-A247-41F6-8CEE-1D964C06EBFB}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Trajian\AppData\Roaming\8C9B6\C8161.exe) -C:\Users\Trajian\AppData\Roaming\8C9B6\C8161.exe () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.22 00:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{229fbf0b-dacf-11df-867e-705ab6c81618}\Shell - "" = AutoRun O33 - MountPoints2\{229fbf0b-dacf-11df-867e-705ab6c81618}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{60846ddb-d08a-11df-9cbf-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{60846ddb-d08a-11df-9cbf-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{60846dec-d08a-11df-9cbf-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{60846dec-d08a-11df-9cbf-70f1a1152e1d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{795f538d-d160-11df-9eb6-705ab6c81618}\Shell - "" = AutoRun O33 - MountPoints2\{795f538d-d160-11df-9eb6-705ab6c81618}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb124aba-3f70-11e0-b2c0-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{bb124aba-3f70-11e0-b2c0-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{bb124ac5-3f70-11e0-b2c0-70f1a1152e1d}\Shell - "" = AutoRun O33 - MountPoints2\{bb124ac5-3f70-11e0-b2c0-70f1a1152e1d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ca9f8b1f-30dc-11df-b232-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ca9f8b1f-30dc-11df-b232-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 03:57:32 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {TIXrGaSC-eWNX-NSWd-i9pl-PgdxpRdF4nbF} - ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.06 22:27:33 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Trajian\Desktop\iexplore.exe.exe [2011.12.06 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\B6673 [2011.12.06 21:02:33 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\8C9B6 [2011.12.06 21:02:18 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012 [2011.12.06 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\SelIBtzPNc1v2b4 [2011.12.06 21:02:17 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\omG5sQJ6dKfZhXj [2011.12.06 21:02:09 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\rIBrzONyx0v2b3n [2011.12.06 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD [2011.12.06 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\hONtxP0uc1b3 [2011.12.03 17:35:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.03 17:35:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.03 17:35:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.03 17:35:07 | 000,000,000 | --SD | C] -- C:\ComboFix [2011.12.03 17:35:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.03 17:21:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.03 16:55:35 | 004,326,308 | R--- | C] (Swearware) -- C:\Users\Trajian\Desktop\ComboFix.exe [2011.12.03 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\kock [2011.12.03 15:58:28 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.03 15:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.12.03 15:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.12.03 14:17:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe [2011.12.03 05:30:19 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011.12.02 04:18:01 | 000,000,000 | ---D | C] -- C:\Users\Trajian\Desktop\ndsemu [2011.11.30 13:58:24 | 000,000,000 | ---D | C] -- C:\Users\Trajian\AppData\Roaming\UAs [2011.11.21 22:57:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett [2011.11.14 20:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.08 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Trajian\Desktop\Forschungsvorhabenkram [1 C:\Users\Trajian\AppData\Roaming\*.tmp files -> C:\Users\Trajian\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.06 22:29:27 | 000,286,720 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\firefox.exe [2011.12.06 21:56:15 | 000,015,686 | ---- | M] () -- C:\Users\Trajian\Desktop\shuumi.odt [2011.12.06 21:47:14 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.06 21:02:38 | 000,001,212 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\ahst.lni [2011.12.06 21:02:09 | 000,286,720 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\dwme.exe [2011.12.06 20:44:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000UA.job [2011.12.06 19:06:47 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000Core.job [2011.12.06 19:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.06 16:44:44 | 000,040,448 | ---- | M] () -- C:\ProgramData\iv39od7ft9.exe [2011.12.06 16:42:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.06 16:42:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.06 16:34:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.06 16:34:29 | 3113,308,160 | -HS- | M] () -- C:\hiberfil.sys [2011.12.06 16:33:09 | 000,000,000 | ---- | M] () -- C:\Users\Trajian\AppData\Local\{10B46088-1900-4FA2-9315-2BD238761496} [2011.12.06 01:09:57 | 000,303,506 | ---- | M] () -- C:\Users\Trajian\Desktop\CIMG0761.JPG [2011.12.04 23:28:22 | 000,012,312 | ---- | M] () -- C:\Users\Trajian\Desktop\stundenplandingsi.ods [2011.12.04 23:28:18 | 000,052,579 | ---- | M] () -- C:\Users\Trajian\Desktop\stundenplandingsi.pdf [2011.12.03 16:56:27 | 004,326,308 | R--- | M] (Swearware) -- C:\Users\Trajian\Desktop\ComboFix.exe [2011.12.03 15:01:06 | 000,000,036 | ---- | M] () -- C:\Users\Trajian\AppData\Roaming\blckdom.res [2011.12.03 14:17:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Trajian\Desktop\OTL.exe [2011.12.03 14:14:32 | 000,000,000 | ---- | M] () -- C:\Users\Trajian\defogger_reenable [2011.12.03 05:50:58 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.03 05:50:58 | 000,654,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.03 05:50:58 | 000,616,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.03 05:50:58 | 000,130,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.03 05:50:58 | 000,106,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.03 05:45:15 | 000,059,256 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2011.11.27 04:12:33 | 000,272,442 | ---- | M] () -- C:\Users\Trajian\Desktop\nsdjusgh.png [2011.11.26 23:49:36 | 000,015,454 | ---- | M] () -- C:\Users\Trajian\Desktop\MedizinblablaVorlesungblabla.odt [2011.11.26 18:15:57 | 000,001,209 | ---- | M] () -- C:\Users\Trajian\Desktop\Eigene Musik.lnk [2011.11.26 01:24:10 | 000,390,898 | ---- | M] () -- C:\Users\Trajian\Desktop\ftz.png [2011.11.26 01:14:08 | 000,362,473 | ---- | M] () -- C:\Users\Trajian\Desktop\Unbenannt.png [2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Trajian\Desktop\iexplore.exe.exe [2011.11.22 21:31:49 | 000,001,162 | ---- | M] () -- C:\Users\Trajian\Desktop\Bilder.lnk [2011.11.10 03:43:39 | 000,400,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Users\Trajian\AppData\Roaming\*.tmp files -> C:\Users\Trajian\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.06 22:24:22 | 000,286,720 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\firefox.exe [2011.12.06 21:08:26 | 000,015,686 | ---- | C] () -- C:\Users\Trajian\Desktop\shuumi.odt [2011.12.06 21:02:18 | 000,001,212 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\ahst.lni [2011.12.06 21:02:09 | 000,286,720 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\dwme.exe [2011.12.06 16:44:45 | 000,040,448 | ---- | C] () -- C:\ProgramData\iv39od7ft9.exe [2011.12.06 16:33:09 | 000,000,000 | ---- | C] () -- C:\Users\Trajian\AppData\Local\{10B46088-1900-4FA2-9315-2BD238761496} [2011.12.06 01:09:57 | 000,303,506 | ---- | C] () -- C:\Users\Trajian\Desktop\CIMG0761.JPG [2011.12.04 23:27:37 | 000,052,579 | ---- | C] () -- C:\Users\Trajian\Desktop\stundenplandingsi.pdf [2011.12.03 17:35:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.03 17:35:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.03 17:35:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.03 17:35:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.03 17:35:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.03 14:14:32 | 000,000,000 | ---- | C] () -- C:\Users\Trajian\defogger_reenable [2011.12.02 17:19:51 | 003,349,594 | ---- | C] () -- C:\Users\Trajian\Desktop\Bread.mp3 [2011.11.30 04:23:08 | 000,000,036 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\blckdom.res [2011.11.27 04:12:33 | 000,272,442 | ---- | C] () -- C:\Users\Trajian\Desktop\nsdjusgh.png [2011.11.26 23:49:34 | 000,015,454 | ---- | C] () -- C:\Users\Trajian\Desktop\MedizinblablaVorlesungblabla.odt [2011.11.26 01:24:10 | 000,390,898 | ---- | C] () -- C:\Users\Trajian\Desktop\ftz.png [2011.11.26 01:14:07 | 000,362,473 | ---- | C] () -- C:\Users\Trajian\Desktop\Unbenannt.png [2011.11.22 21:31:49 | 000,001,162 | ---- | C] () -- C:\Users\Trajian\Desktop\Bilder.lnk [2011.11.22 21:31:26 | 000,001,209 | ---- | C] () -- C:\Users\Trajian\Desktop\Eigene Musik.lnk [2011.08.18 04:03:09 | 000,007,168 | ---- | C] () -- C:\Users\Trajian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 23:14:29 | 000,344,160 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2011.02.23 04:40:24 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011.02.23 04:40:24 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011.02.23 04:40:24 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2011.02.23 04:40:24 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2011.02.23 04:40:24 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011.02.23 04:40:23 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011.02.23 04:40:23 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011.02.23 04:40:23 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011.02.23 04:40:23 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011.02.23 04:40:23 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011.02.23 04:40:23 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011.02.23 04:40:23 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011.02.23 04:40:23 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011.02.23 04:40:23 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2011.02.23 04:40:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011.02.23 04:40:23 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011.02.23 04:40:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011.02.23 04:40:23 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011.02.23 04:40:23 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011.02.23 04:34:01 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini [2010.11.22 16:07:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.16 18:56:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.05.16 17:44:04 | 000,000,396 | ---- | C] () -- C:\Users\Trajian\AppData\Roaming\wklnhst.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.12.06 21:29:03 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\8C9B6 [2011.12.06 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\B6673 [2011.02.28 23:41:09 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Downloaded Installations [2011.10.09 23:58:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Faerie Solitaire [2011.10.11 22:50:56 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Gaijin Ent [2010.07.15 00:02:09 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Gamelab [2011.12.06 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\hONtxP0uc1b3 [2011.10.13 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\IrfanView [2011.12.06 21:02:06 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD [2011.12.03 15:59:13 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\kock [2010.08.16 02:01:45 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Mp3tag [2010.05.16 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Neopets Toolbar [2011.12.06 21:02:18 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\omG5sQJ6dKfZhXj [2010.10.17 15:36:35 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\OpenOffice.org [2011.08.31 00:56:40 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Opera [2010.05.16 18:48:41 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Packard Bell [2011.12.06 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\rIBrzONyx0v2b3n [2011.12.06 21:02:17 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\SelIBtzPNc1v2b4 [2010.06.03 18:37:04 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\SNS [2011.08.24 15:14:42 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Sony [2010.05.16 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\SYSTEMAX Software Development [2011.02.23 07:11:27 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\TeamViewer [2010.05.16 17:44:15 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Template [2011.02.23 20:19:10 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\TS3Client [2011.12.03 14:37:22 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\UAs [2011.02.23 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Trajian\AppData\Roaming\Vodafone [2011.12.06 19:06:47 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000Core.job [2011.12.06 20:44:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000UA.job [2011.10.23 18:37:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.05.16 17:01:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.03.16 10:51:12 | 000,000,000 | -H-D | M] -- C:\AcerSW [2011.12.03 17:36:52 | 000,000,000 | --SD | M] -- C:\ComboFix [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.29 22:02:57 | 000,000,000 | ---D | M] -- C:\Intel [2010.01.29 22:16:28 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.05.16 17:01:08 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.02.23 04:34:28 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.03 15:10:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2011.12.06 16:44:45 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.03 17:35:07 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.05.16 16:59:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.06 21:02:01 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2011.12.06 01:02:36 | 000,000,000 | -H-D | M] -- C:\serverg.Bin [2011.12.06 22:40:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.16 16:59:25 | 000,000,000 | R--D | M] -- C:\Users [2011.12.03 17:35:12 | 000,000,000 | ---D | M] -- C:\Windows [2011.12.03 16:12:07 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\system64\drivers\afd.sys [2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26%3 Geändert von Trajian (06.12.2011 um 22:51 Uhr) |
|
07.12.2011, 12:14
| #14 |
| /// Malware-holic | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr die anweisung gilt trotzdem noch, sollte ja funktionieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.12.2011, 20:01
| #15 |
| | GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr ok, habe es im sicheren modus durchlaufen lassen und es ging. habe es dann wie es in der anleitung stand deinstalliert. beim hochfahren im normalen modus gerade eben kam erneut der firewall-hinweis, aber immerhin scheint dieses Cloud Av 2012 weg zu sein. hier der log von combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-03.01 - Trajian 07.12.2011 19:26:51.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2594 [GMT 1:00]
ausgeführt von:: c:\users\Trajian\Desktop\ComboFix.exe
AV: G Data TotalCare 2012 *Enabled/Outdated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Enabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data TotalCare 2012 *Enabled/Outdated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\LP
c:\programdata\iv39od7ft9.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoWebCamera.exe.lnk
C:\recycle.bin
c:\recycle.bin\485CA97FB0030D2
c:\recycle.bin\B6232F3AA39.exe
C:\serverg.Bin
c:\serverg.bin\873D3F8AA39.exe
c:\serverg.bin\A672A3F2B0030D2
c:\users\Trajian\AppData\Roaming\AcroIEHelpe.txt
c:\users\Trajian\AppData\Roaming\dwme.exe
c:\users\Trajian\AppData\Roaming\firefox.exe
c:\users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD\Cloud AV 2012v121.exe
c:\users\Trajian\AppData\Roaming\Microsoft\6188\AB6.exe
c:\users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012
c:\users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cloud AV 2012\Cloud AV 2012.lnk
c:\users\Trajian\AppData\Roaming\omG5sQJ6dKfZhXj
c:\users\Trajian\AppData\Roaming\omG5sQJ6dKfZhXj\Cloud AV 2012.ico
c:\users\Trajian\AppData\Roaming\srvblck2.tmp
c:\users\Trajian\AppData\Roaming\xelIBtzPNc1v2b
c:\users\Trajian\AppData\Roaming\xelIBtzPNc1v2b\Cloud AV 2012.ico
c:\users\Trajian\Desktop\Cloud AV 2012.lnk
c:\users\Trajian\iv39od7ft9.exe
c:\windows\System64
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-07 bis 2011-12-07 ))))))))))))))))))))))))))))))
.
.
2011-12-07 18:37 . 2011-12-07 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 18:24 . 2011-12-07 18:24 -------- d-----w- c:\program files (x86)\B6673
2011-12-07 18:12 . 2011-12-07 18:12 -------- d-----w- c:\users\Trajian\AppData\Roaming\IZ9hYXwjU
2011-12-06 20:03 . 2011-12-07 18:13 -------- d-----w- c:\users\Trajian\AppData\Roaming\B6673
2011-12-06 20:02 . 2011-12-06 20:02 102400 ----a-w- c:\users\Trajian\AppData\Roaming\Microsoft\6188\DA3C.tmp
2011-12-06 20:02 . 2011-12-07 18:24 -------- d-----w- c:\users\Trajian\AppData\Roaming\8C9B6
2011-12-06 20:02 . 2011-12-06 20:02 -------- d-----w- c:\users\Trajian\AppData\Roaming\SelIBtzPNc1v2b4
2011-12-06 20:02 . 2011-12-06 20:02 -------- d-----w- c:\users\Trajian\AppData\Roaming\rIBrzONyx0v2b3n
2011-12-06 20:02 . 2011-12-07 18:37 -------- d-----w- c:\users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD
2011-12-06 20:02 . 2011-12-06 20:02 -------- d-----w- c:\users\Trajian\AppData\Roaming\hONtxP0uc1b3
2011-12-03 14:59 . 2011-12-03 14:59 -------- d-----w- c:\users\Trajian\AppData\Roaming\kock
2011-12-03 14:58 . 2011-12-03 15:12 -------- d-----w- C:\_OTL
2011-12-03 14:10 . 2011-12-03 14:10 -------- d-----w- c:\program files (x86)\7-Zip
2011-12-02 15:57 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CC106258-1158-4028-B559-4676A5DE4598}\mpengine.dll
2011-11-30 12:58 . 2011-12-03 13:37 -------- d-----w- c:\users\Trajian\AppData\Roaming\UAs
2011-11-09 21:09 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:09 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:09 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:09 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 04:45 . 2010-07-13 18:51 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2011-10-08 13:56 . 2011-07-25 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25 . 2011-10-12 07:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 07:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-29 39408]
"Facebook Update"="c:\users\Trajian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-13 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Regedit32"="c:\windows\system32\regedit.exe" [2009-07-14 398336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-01-13 263936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-01-22 1287760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2011-05-20 1540616]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\users\Trajian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2011-05-26 1456632]
R3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe [2011-05-27 1557816]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x]
R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]
R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2011-05-20 960504]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-07-11 106488]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-05-25 1434632]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalCare\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe [2011-05-26 1929104]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-01-22 310352]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-01-18 842784]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-01-07 255744]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-09-20 5671792]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-05-20 368136]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000Core.job
- c:\users\Trajian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-13 15:38]
.
2011-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2152597713-157245681-270778561-1000UA.job
- c:\users\Trajian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-13 15:38]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 18:00]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 18:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-25 17398376]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-01-18 832544]
"combofix"="c:\combofix\CF3185.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tm87&r=27360510e215l0474z115f45m2a231
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Trajian\AppData\Roaming\Mozilla\Firefox\Profiles\ixuw6h0j.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-4Y3Y0C3A1G6CZFZWDFPNTTSNZYXKRGH - c:\serverg.bin\873D3F8AA39.exe
Wow6432Node-HKCU-Run-4Y3Y0C3A1F7W1E5EWCUS - c:\recycle.bin\B6232F3AA39.exe
Wow6432Node-HKCU-Run-oYXwkUVelBz0c18234A - c:\users\Trajian\AppData\Roaming\jCwkUVrlOtPySiD\Cloud AV 2012v121.exe
Wow6432Node-HKCU-Run-GaQH6dWK7R9TqYe - c:\users\Trajian\AppData\Roaming\dwme.exe
Wow6432Node-HKCU-Run-AB6.exe - c:\users\Trajian\AppData\Roaming\Microsoft\6188\AB6.exe
Wow6432Node-HKCU-Run-iv39od7ft9 - c:\users\Trajian\iv39od7ft9.exe
Wow6432Node-HKLM-Run-iv39od7ft9 - c:\programdata\iv39od7ft9.exe
Wow6432Node-HKU-Default-Run-IjmrHbDDJ3PyrXc - c:\windows\system32\config\systemprofile\AppData\Roaming\5suxrt589cxuftg.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-07 19:47:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-07 18:47
.
Vor Suchlauf: 8 Verzeichnis(se), 375.097.643.008 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 374.456.725.504 Bytes frei
.
- - End Of File - - C368CD4988F71181AE2B079DC02C2DD4
|
|
| Themen zu GEMA Scareware + Trojaner, G-Data + Firewall läuft nicht mehr |
| 0x80070433, 5suxrt589cxuftg.exe, acroiehelpe, aktiv, anwendung, ausgelastet, bildschirm, c:\windows\system32\rundll32.exe, fehlermeldung, firewall, forum, g-data, gdata, geld, illegal, klicke, launch, limited.com/facebook, log, musik, neu, neustart, nicht mehr, normaler modus, not, otl-log, packard bell, pcs, plug-in, problem, server, server ist ausgelastet, tablet, trojaner, viren, vodafone, webcheck, wildtangent games, wächter, ändern, öffnet |
Linear-Darstellung
