| |
| |||||||
Log-Analyse und Auswertung: gvu trojaner 2.07 auf windows 7 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.07.2012, 17:14
| #1 |
| |  gvu trojaner 2.07 auf windows 7 64bit hallo, ich hab jetzt auch den auf der bka-seite als 2.07 bezeichneten trojaner, der sich bei internetverbindung einklingt und um geld erpresst. Habe Malwarebytes und otf checken lassen, hat auch sachen gefunden, das fenster erscheint aber immer noch bei inetverbindung. Ich hoffe ihr könnt mir helfen. vielen dank im voraus. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 esch :: ESCH-PC [Administrator] 28.07.2012 04:52:31 mbam-log-2012-07-28 (04-52-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 525666 Laufzeit: 59 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\esch\AppData\Roaming\AcroIEHelpe145.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\esch\Desktop\Programme\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\esch\Desktop\Programme\Anno 1404\Anno_1404\Anno1404_Crack.exe (Trojan.Bancos) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL logfile created on: 29.07.2012 14:14:57 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\esch\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 57,53% Memory free 7,96 Gb Paging File | 6,15 Gb Available in Paging File | 77,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 890,41 Gb Total Space | 666,76 Gb Free Space | 74,88% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 3,81 Gb Free Space | 9,53% Space Free | Partition Type: NTFS Drive H: | 7,42 Gb Total Space | 1,09 Gb Free Space | 14,63% Space Free | Partition Type: FAT32 Computer Name: ESCH-PC | User Name: esch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.28 10:49:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\esch\Desktop\OTL.exe PRC - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.06.01 17:33:28 | 002,446,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.06.01 17:03:22 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.04.20 12:39:03 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2012.03.01 19:23:50 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.07.25 11:03:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.12.18 00:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ========== Modules (No Company Name) ========== MOD - [2012.07.28 01:30:24 | 000,276,392 | ---- | M] () -- C:\Users\esch\AppData\Local\Temp\g7i0ol_kaz.exe MOD - [2012.04.20 12:39:48 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012.04.20 12:39:48 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.04.20 12:39:48 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012.04.20 12:39:48 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.04.20 12:39:48 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.07.04 23:06:01 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2012.04.30 21:08:10 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.23 22:50:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.01 17:33:28 | 002,446,392 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.04.20 12:39:48 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.07.26 15:19:03 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.25 11:03:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2010.11.06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.18 00:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009.12.02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2009.12.02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.30 21:08:32 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.11.01 23:41:49 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.11.01 23:41:49 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.07.25 11:03:53 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.25 11:03:53 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.05 01:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.05 01:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.02.16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.02.06 16:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2009.12.02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2009.12.02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2009.12.02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2009.12.02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2009.10.09 08:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.24 12:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {8E2FCE26-879B-462E-873C-B08EFC658C74} IE - HKCU\..\SearchScopes\{8E2FCE26-879B-462E-873C-B08EFC658C74}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_deDE440 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.6.0.10 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.06.21 02:39:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.06.21 02:07:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 16:59:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.19 16:49:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\esch\AppData\Roaming\13008 [2012.06.21 23:51:24 | 000,000,000 | ---D | M] [2011.07.16 13:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\esch\AppData\Roaming\mozilla\Extensions [2012.06.21 02:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\esch\AppData\Roaming\mozilla\Firefox\Profiles\nv6pi35s.default\extensions [2012.06.21 02:07:30 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\esch\AppData\Roaming\mozilla\Firefox\Profiles\nv6pi35s.default\extensions\ffxtlbr@zonealarm.com [2012.06.19 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.21 23:51:24 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\ESCH\APPDATA\ROAMING\13008 [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.25 20:59:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_S83A2.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7DEF7EC-503F-45DC-86F7-974B944A6D82}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{35fda87e-cdac-11e0-984b-8c89a528207b}\Shell - "" = AutoRun O33 - MountPoints2\{35fda87e-cdac-11e0-984b-8c89a528207b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{35fda883-cdac-11e0-984b-8c89a528207b}\Shell - "" = AutoRun O33 - MountPoints2\{35fda883-cdac-11e0-984b-8c89a528207b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8786c78d-f274-11e0-8d1d-8c89a528207b}\Shell - "" = AutoRun O33 - MountPoints2\{8786c78d-f274-11e0-8d1d-8c89a528207b}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{c5d5918e-e68d-11e0-9a97-8c89a528207b}\Shell - "" = AutoRun O33 - MountPoints2\{c5d5918e-e68d-11e0-9a97-8c89a528207b}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 11:06:19 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\esch\Desktop\OTL.exe [2012.07.29 11:05:11 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\esch\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.28 04:51:54 | 000,000,000 | ---D | C] -- C:\Users\esch\AppData\Roaming\Malwarebytes [2012.07.28 04:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.28 04:51:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.28 04:51:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.28 04:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.16 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\esch\AppData\Roaming\FileZilla [2012.07.16 13:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.07.16 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012.07.14 09:48:26 | 000,000,000 | ---D | C] -- C:\Users\esch\Desktop\stgeorgenmanual [2012.07.13 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\esch\AppData\Roaming\Skype [2012.07.13 12:37:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.13 12:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.13 12:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.13 12:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.04 23:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012.07.04 21:23:57 | 000,000,000 | ---D | C] -- C:\Users\esch\Desktop\Adobe CS4 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\esch\AppData\Roaming\*.tmp files -> C:\Users\esch\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.29 14:21:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 14:21:37 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 14:13:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.29 14:13:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 14:12:58 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys [2012.07.29 12:04:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.29 11:58:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.29 11:22:25 | 000,001,891 | ---- | M] () -- C:\Users\esch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.28 10:49:30 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\esch\Desktop\OTL.exe [2012.07.28 06:06:19 | 004,503,728 | ---- | M] () -- C:\ProgramData\zak_lo0i7g.pad [2012.07.28 06:03:43 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat [2012.07.28 04:51:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 04:36:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\esch\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.22 21:22:00 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.22 21:22:00 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.22 21:22:00 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.22 21:22:00 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.22 21:21:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.19 11:13:17 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.16 14:17:36 | 003,438,190 | ---- | M] () -- C:\Users\esch\Desktop\erikartflake.jpg [2012.07.15 16:39:54 | 006,861,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.04 22:47:06 | 000,096,034 | ---- | M] () -- C:\Users\esch\Desktop\klimt-schwebende-mit-einem-haengenden-und-einem-ausgestreckten-arm-1897.thumb.333x0x0x0x100x0x0x0.rar [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Users\esch\AppData\Roaming\*.tmp files -> C:\Users\esch\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.28 06:03:43 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat [2012.07.28 04:51:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.28 01:30:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\zak_lo0i7g.pad [2012.07.28 01:30:25 | 000,001,891 | ---- | C] () -- C:\Users\esch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.16 14:17:33 | 003,438,190 | ---- | C] () -- C:\Users\esch\Desktop\erikartflake.jpg [2012.07.13 12:37:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.04 23:07:14 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS4 (64 Bit).lnk [2012.07.04 22:47:06 | 000,096,034 | ---- | C] () -- C:\Users\esch\Desktop\klimt-schwebende-mit-einem-haengenden-und-einem-ausgestreckten-arm-1897.thumb.333x0x0x0x100x0x0x0.rar [2012.06.25 12:43:58 | 000,000,299 | ---- | C] () -- C:\Users\esch\AppData\Roaming\burnaware.ini [2012.06.12 22:08:21 | 000,000,052 | ---- | C] () -- C:\ProgramData\fdogmjuwajxihal [2012.05.31 10:03:27 | 000,000,025 | ---- | C] () -- C:\Users\esch\AppData\Roaming\urhtps.dat [2012.05.22 21:04:46 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.05.22 21:04:46 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.05.22 21:04:46 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.05.22 21:04:46 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.05.22 21:04:46 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.05.22 21:04:46 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.05.22 21:04:46 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.05.22 21:04:46 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.05.22 21:04:46 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.05.22 21:04:46 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.05.22 21:04:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.05.22 21:04:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.05.22 21:04:46 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.05.22 21:04:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.05.22 21:04:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.05.22 21:04:46 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.05.22 21:04:46 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.05.22 21:04:46 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.05.22 21:04:46 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.05.09 13:33:14 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.09 13:33:14 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.09 13:33:14 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.05.09 13:11:40 | 000,018,213 | ---- | C] () -- C:\Windows\DIIUnin.dat [2012.02.01 00:00:12 | 000,040,910 | ---- | C] () -- C:\Users\esch\Mildenburg.jpg [2012.01.31 23:36:11 | 000,232,231 | ---- | C] () -- C:\Users\esch\schund.jpg [2011.11.30 20:08:03 | 000,030,436 | ---- | C] () -- C:\Users\esch\1565_Akt-Studie.jpg [2011.11.30 20:06:11 | 000,042,285 | ---- | C] () -- C:\Users\esch\Akt_1956_02_05.jpg [2011.10.31 21:57:22 | 000,313,243 | ---- | C] () -- C:\Users\esch\00008165.gif [2011.10.31 21:52:07 | 000,352,690 | ---- | C] () -- C:\Users\esch\explo.jpg [2011.10.21 17:37:38 | 000,000,158 | ---- | C] () -- C:\Windows\ChssBase.ini [2011.08.24 19:14:02 | 000,020,990 | ---- | C] () -- C:\Users\esch\r5.jpg [2011.08.24 19:13:23 | 000,027,127 | ---- | C] () -- C:\Users\esch\M2981001_2.jpg [2011.08.08 16:16:05 | 000,113,567 | ---- | C] () -- C:\Users\esch\googleplus.jpg [2011.08.05 10:49:46 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.25 21:09:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.20 07:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat < End of report > |
|
29.07.2012, 19:58
| #2 |
| /// Malware-holic   | gvu trojaner 2.07 auf windows 7 64bit hi
__________________für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel
__________________ |
|
30.07.2012, 13:51
| #3 |
| | gvu trojaner 2.07 auf windows 7 64bit ok, habs gepackt und wie beschrieben hochgeladen
__________________ |
|
30.07.2012, 15:19
| #4 |
| /// Malware-holic | gvu trojaner 2.07 auf windows 7 64bit hi danke ich sehe im log grade folgenes: C:\Users\esch\Desktop\Programme\keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\esch\Desktop\Programme\Anno 1404\Anno_1404\Anno1404_Crack.exe (Trojan.Bancos) -> Erfolgreich gelöscht und in Quarantäne gestellt. keygens sind illegal, und deswegen haben wir im forum festgelegt, dass wir solche pcs nicht bereinigen. du hast außerdem noch nen banking trojan, falls du onlinebanking machst, lasse es sperren. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu gvu trojaner 2.07 auf windows 7 64bit |
| antivir, autorun, avira, bho, browser, defender, desktop, error, firefox, flash player, format, geld, google, helper, home, kaspersky, logfile, mozilla, plug-in, realtek, registry, scan, searchscopes, security, software, trojaner, windows |
Linear-Darstellung
