| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: verschlüsselter TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.05.2012, 16:02
| #1 |
| |  verschlüsselter Trojaner Hallo, ich habe nun den Malware gestartet und die Dateien gelöscht. Leider bin ich Anfänger und ich hoffe man kann mir, hier helfen. Mit dem 2,Schritt tue ich mich jetzt schon ziemlich schwer. Ich habe gestern abend die oben genannt ´Meldung erhalten, leider habe ich die 100 Euro gezahlt und bin den Betrügern auf den Leim gegangen. Ich bekomme häufig die Meldung im Internet das die URL nicht gültig ist.Den Bericht aus Teil 1 habe ich unten angehängt. Ich hoffe das man mir hier Schritt für Schritt helfen kann damit ich meinen PC wieder normal benutzen kann. Die schädlichen Mail habe ich kopiert und Anzeige erstattet. Bitte helft mir damit ich den unliebsamen Kollegen wieder los werde. Vielen Dank Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.16.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 TOSHIBA :: TOSHIBA-TOSH [Administrator] Schutz: Aktiviert 16.05.2012 15:35:10 mbam-log-2012-05-16 (15-35-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373059 Laufzeit: 48 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\TOSHIBA\AppData\Local\Temp\euvargavgv.pre (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOSHIBA\AppData\Local\Temp\PC Performer153307.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOSHIBA\AppData\Local\Temp\rhnlibhnbs.pre (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOSHIBA\Downloads\PcPerformer_SetupT.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOSHIBA\Downloads\WeatherLord_1660(1).exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\TOSHIBA\Downloads\WeatherLord_1660.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
16.05.2012, 16:24
| #2 |
| /// Malware-holic   | verschlüsselter Trojaner hi,
__________________bekannte und freunde warnen, damit keiner mehr zahlt. hast du auf deine dateien zugriff oder sind sie entschlüsselt? die infektions quelle war eine mail. an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann mail an: http://markusg.trojaner-board.de dort die soeben erstellte datei anhängen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________ |
|
16.05.2012, 17:36
| #3 |
| | verschlüsselter Trojaner Vielen Dank,
__________________ich schicke dir die Mails gerne weiter. Meine Mails bekomme ich über gmx.net. War ja meinen Schuld das ich sie geöffnert habe.Zugriff habe ich leider auch nicht auf meine Dateien aber ich weiß auch nicht wie ich das Problem beheben kann. Für Hilfe bin ich super dankbar. .DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by TOSHIBA at 20:21:23 on 2012-05-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3891.2194 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Protector by IB\ExtensionUpdaterService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://deutsch.eazel.com/de/index.php?rvs=hompag
uStart Page = hxxp://mystart.incredibar.com/mb139?a=1eynQBszpBj&i=26
uDefault_Page_URL = hxxp://toshiba.msn.com
mStart Page = hxxp://www.alawarspiele.de
mSearch Page = hxxp://deutsch.eazel.com/de/index.php?rvs=hompag
mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: GIGA Deutsch Toolbar: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIG0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: GIGA Deutsch Toolbar: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIG0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: GIGA Deutsch Toolbar: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIG0.dll
BHO: Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.: {1ed16e0a-e8c4-40a0-8bc2-79485d21f796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Protector by IB: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Protector by IB\Extension32.dll
BHO: DownloadnSave Class: {4b624b51-cbc0-4d2f-9bed-1a7c1fbc095f} - C:\ProgramData\DownloadnSave\bhoclass.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: ICQ Sparberater: {fe163f11-1919-4257-a280-ff5af8daeecb} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
TB: GIGA Deutsch Toolbar: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - C:\Program Files (x86)\GIGA_Deutsch\prxtbGIG0.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB: {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Spiele Post] C:\Program Files (x86)\OXXOGames\GPlayer\GameCenterNotifier.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\TOSHIBA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
StartupFolder: C:\Users\TOSHIBA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\TOSHIBA\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{A1C680D7-D66C-472D-B81F-89243DD65C09} : DhcpNameServer = 192.168.178.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}
{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
{3049C3E9-B461-4BC5-8870-4C09146192CA}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{336D0C35-8A85-403a-B9D2-65C292C39087}
{4B624B51-CBC0-4D2F-9BED-1A7C1FBC095F}
{64182481-4F71-486b-A045-B233BD0DA8FC}
{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F3C88694-EFFA-4d78-B409-54B7B2535B14}
{FE163F11-1919-4257-A280-FF5AF8DAEECB}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
{1ce76c93-a797-4ca2-ab3c-f4a6cfba3440}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{F9639E4A-801B-4843-AEE3-03D9DA199E77}
TB-X64: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No File
TB-X64: {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - No File
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\mxxwmgx1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - GIGA Deutsch Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2967869&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\mxxwmgx1.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\mxxwmgx1.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\mxxwmgx1.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Users\TOSHIBA\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\TOSHIBA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=1eynQBszpBj&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - c2e561ef0000000000001c659dba8c3e
FF - user.js: extensions.incredibar_i.instlDay - 15458
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:48:05
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 1eynQBszpBj
FF - user.js: extensions.incredibar_i.upn2n - 1036326126173201653
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 100
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-2-10 86224]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-1-31 1811456]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-8-28 247608]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-16 654408]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-2-23 103440]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 Protector by IB Updater;Protector by IB Updater;C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [2012-4-28 185856]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-31 2320920]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
R3 CeKbFilter;CeKbFilter;C:\Windows\system32\DRIVERS\CeKbFilter.sys --> C:\Windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-2-10 110032]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 257696]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 Boonty Games;Boonty Games;C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe [2011-5-14 69120]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-16 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 optousb;OPTO ELECTRONICS optousb;C:\Windows\system32\DRIVERS\optousb.sys --> C:\Windows\system32\DRIVERS\optousb.sys [?]
S3 optovcm;OPTO ELECTRONICS optovcm;C:\Windows\system32\DRIVERS\optovcm.sys --> C:\Windows\system32\DRIVERS\optovcm.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-31 51576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-16 17:58:03 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3D7B6D1B-BC35-4F77-9809-F55DD503B565}\mpengine.dll
2012-05-16 16:58:24 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-05-16 16:58:24 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-05-16 16:58:05 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\TuneUp Software
2012-05-16 16:57:55 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2012-05-16 16:57:03 -------- d-----w- C:\ProgramData\TuneUp Software
2012-05-16 16:56:57 -------- d--h--w- C:\ProgramData\Common Files
2012-05-16 12:14:18 -------- d-----w- C:\9e8dba1197d3ea9c427a407b476e89
2012-05-16 12:07:11 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Malwarebytes
2012-05-16 12:07:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-16 12:07:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-16 12:07:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-15 09:38:43 -------- d-----w- C:\Program Files\InterActual
2012-05-11 15:10:37 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Optimizer Pro
2012-05-11 15:00:25 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-05-10 22:42:27 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\WildTangent
2012-05-09 21:31:35 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\freshgames
2012-05-09 21:31:35 -------- d-----w- C:\ProgramData\freshgames
2012-05-08 13:28:38 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Boomzap
2012-05-05 16:47:12 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Faerie Solitaire
2012-05-04 11:23:55 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\Jane s ZOO
2012-04-30 08:38:51 -------- d-----w- C:\Windows\de
2012-04-30 08:34:33 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\115a53971cd26ac05\MeshBetaRemover.exe
2012-04-30 08:34:32 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ade4711cd26ac04\DSETUP.dll
2012-04-30 08:34:32 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ade4711cd26ac04\DXSETUP.exe
2012-04-30 08:34:32 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\10ade4711cd26ac04\dsetup32.dll
2012-04-30 08:26:52 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\{F9C50818-A207-4DDC-8336-97D20E41CF92}
2012-04-30 08:25:19 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\{9918AE83-7425-4784-92E4-8876E869DF89}
2012-04-30 08:24:14 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\{C66DF27E-25F7-4331-A8A3-91EC00378D0C}
2012-04-30 08:23:46 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\{CB4ADC4F-2B62-4331-852A-EA8036D0B5F8}
2012-04-28 11:27:42 -------- d-----w- C:\Users\TOSHIBA\AppData\Roaming\WeatherMaster
2012-04-28 11:27:42 -------- d-----w- C:\ProgramData\WeatherMaster
2012-04-28 00:52:59 -------- d-----w- C:\ProgramData\Premium
2012-04-28 00:48:05 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2012-04-28 00:47:50 -------- d-----w- C:\Program Files\Protector by IB
2012-04-28 00:47:37 -------- d-----w- C:\ProgramData\DownloadnSave
2012-04-28 00:09:59 -------- d-----w- C:\ProgramData\InstallMate
2012-04-26 13:39:06 -------- d-----w- C:\Users\TOSHIBA\AppData\Local\JollyBear
2012-04-26 13:39:06 -------- d-----w- C:\ProgramData\JollyBear
2012-04-25 03:55:27 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-25 03:55:23 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 03:55:23 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-08 21:34:16 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-05 01:38:11 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 01:38:11 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 01:38:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-08 23:39:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 20:22:03,59 ===============
--- --- --- --- --- --- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01.02.2011 11:56:52 System Uptime: 16.05.2012 19:51:29 (1 hours ago) . Motherboard: TOSHIBA | | PWWAA Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz | CPU | 2133/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 178,61 GiB free. D: is FIXED (NTFS) - 232 GiB total, 19,343 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP230: 15.05.2012 10:18:36 - Windows Update RP231: 16.05.2012 13:45:47 - Wiederherstellungsvorgang RP232: 16.05.2012 14:13:10 - Windows Update RP233: 16.05.2012 14:14:51 - Windows-Sicherung RP234: 16.05.2012 18:57:33 - TuneUp Utilities 2012 wird installiert RP235: 16.05.2012 18:58:46 - TuneUp Utilities Language Pack (de-DE) wird entfernt RP236: 16.05.2012 19:57:08 - Windows Update . ==== Installed Programs ====================== . . Adobe AIR Adobe Reader X (10.1.3) - Deutsch Alawar Game Box Albelli Fotobücher Avira Free Antivirus AVM FRITZ!Box Dokumentation Bing Bar Brother MFL-Pro Suite MFC-7320 Conduit Engine D3DX10 DEUTSCHLAND SPIELT GAME CENTER DEUTSCHLAND SPIELT Spiele Post DownloadnSave Driver Detective eBay Facebook Messenger 2.0.4478.0 Facebook Video Calling 1.2.0.159 Facemoods Toolbar Farm Mania: Hot Vacation GIGA Deutsch Toolbar GMX Softwareaktualisierung Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper ICQ Sparberater ICQ Toolbar Incredibar Toolbar on IE Intel(R) Graphics Media Accelerator Driver Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Jane's Realty 2 Java Auto Updater Java(TM) 6 Update 31 Junk Mail filter update Malwarebytes Anti-Malware Version 1.61.0.1400 McAfee Security Scan Plus McAfee SiteAdvisor Mein Gutscheincode Finder 1.0.0.0 Mesh Runtime Messenger Companion Microsoft Default Manager Microsoft Office 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office Starter 2010 - Deutsch Microsoft PowerPoint Viewer Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 12.0 (x86 de) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyHeritage Family Tree Builder Nero 10 Movie ThemePack Basic Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Express 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Essentials Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero Update Opticon USB Drivers Installer Panel Client 3.2 Photo Notifier and Animation Creator Photo Service - powered by myphotobook Rainbow Web 3 Ranch Rush 2 - Premium Edition RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Realtek WLAN Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Skype Toolbars Skype™ 4.2 Slingo Mystery 2: The Golden Escape TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Face Recognition TOSHIBA Flash Cards Support Utility TOSHIBA Hardware Setup Toshiba Manuals TOSHIBA Media Controller TOSHIBA Media Controller Plug-in TOSHIBA Online Product Information TOSHIBA Recovery Media Creator Reminder TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Supervisorkennwort Toshiba TEMPRO TOSHIBA Value Added Package TOSHIBA Web Camera Application TRORMCLauncher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update Installer for WildTangent Games App Utility Common Driver WildTangent-Spiele WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources World Riddles 2: Seven Wonders . ==== End Of File =========================== |
|
22.05.2012, 18:59
| #4 |
| /// Malware-holic | verschlüsselter Trojaner noch verschlüsselte dateien?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.05.2012, 20:11
| #5 |
| | verschlüsselter Trojaner Ja, Exel, Word und Bilddateien immer noch verschlüsselt  |
|
23.05.2012, 16:01
| #6 |
| /// Malware-holic | verschlüsselter Trojaner hiermit mal versuchen: http://www.trojaner-board.de/115496-...tml#post831090
__________________ --> verschlüsselter Trojaner |
|
| Themen zu verschlüsselter Trojaner |
| administrator, affiliate.downloader, anfänger, anti-malware, anzeige, appdata, autostart, bericht, dateien, dateisystem, erhalte, euro, explorer, genannt, gezahlt, helft, heuristiks/extra, heuristiks/shuriken, internet, mail, malware, pc performer, pcperformer, performer, pup.bundleinstaller.ib, quarantäne, service, setup, speicher, temp, test, trojan.agent.h, trojane, trojaner, version |
Linear-Darstellung
