| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner Windows 7 Exploit.Drop.UR.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.08.2012, 18:30
| #1 |
| |  BKA Trojaner Windows 7 Exploit.Drop.UR.2 Hallo, ich habe mir heute den BKA Trojaner eingefangen. Bitte um Hilfe um den wieder sauber runter zu bekommen Hier ist schon mal das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.10 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Commander :: MARCEL [Administrator] 20.08.2012 16:37:55 mbam-log-2012-08-20 (19-33-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 368324 Laufzeit: 52 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Commander\0.8395653502523105.exe (Exploit.Drop.UR.2) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 20.08.2012 19:36:38 - Run 2 OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Commander\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 66,48% Memory free 7,93 Gb Paging File | 6,73 Gb Available in Paging File | 84,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,31 Gb Total Space | 86,46 Gb Free Space | 46,41% Space Free | Partition Type: NTFS Drive D: | 185,91 Gb Total Space | 73,08 Gb Free Space | 39,31% Space Free | Partition Type: NTFS Computer Name: MARCEL | User Name: Commander | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.20 17:03:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Commander\Desktop\OTL.exe PRC - [2012.08.03 14:17:19 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\pluginwrapper\opera_plugin_wrapper.exe PRC - [2012.08.03 14:17:18 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ========== Modules (No Company Name) ========== MOD - [2012.08.15 18:31:45 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll MOD - [2012.08.03 14:17:33 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.08.03 14:17:32 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.08.03 14:17:32 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.08.03 14:17:32 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.08.03 14:17:32 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.08.03 14:17:32 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.08.03 14:17:32 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012.08.03 14:17:32 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.08.03 14:17:32 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012.08.03 14:17:31 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.08.03 14:17:31 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.08.03 14:17:31 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.08.03 14:17:31 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.30 00:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2012.08.15 18:31:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.08 19:14:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 19:14:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012.03.02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.15 11:13:38 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2009.12.24 21:15:07 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.08.27 14:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2009.08.05 15:20:12 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.08.04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2009.08.03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2009.07.30 06:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.08 19:14:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 19:14:30 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.21 09:23:14 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.07.07 16:27:00 | 000,053,080 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio) DRV:64bit: - [2011.03.15 11:18:58 | 000,240,640 | ---- | M] (© Guillemot R&D, 2011. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJMidi.sys -- (HDJMidi) DRV:64bit: - [2011.03.15 11:18:50 | 000,192,000 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HDJBulk.sys -- (Bulk) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.02 10:14:00 | 001,111,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010.03.13 15:14:50 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010.03.13 15:14:49 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010.02.09 00:18:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.11.19 03:34:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009.10.06 15:58:48 | 000,750,304 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM) DRV:64bit: - [2009.10.06 15:58:16 | 000,669,792 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA) DRV:64bit: - [2009.08.05 15:45:28 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2009.08.05 13:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2009.07.30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter) DRV:64bit: - [2009.07.30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.30 18:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.30 13:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.28 21:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2009.07.24 12:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.20 18:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.13 23:12:36 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.07.07 22:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2009.06.22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.19 11:01:28 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Toshidpt.sys -- (toshidpt) DRV:64bit: - [2009.06.19 11:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 10:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 13:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.20 19:04:56 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.01.09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.11.03 14:33:20 | 000,040,256 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapitd.sys -- (elcapitd) DRV - [2007.01.23 16:28:30 | 000,151,296 | ---- | M] (Funkwerk Enterprise Communications GmbH) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ELCAPI20.SYS -- (elcapi20) DRV - [2004.03.10 18:17:16 | 000,118,381 | ---- | M] (elmeg communication systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\elcapibs.sys -- (elcapibs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKCU\..\SearchScopes\{FE3508E7-A255-444F-AEAC-4EA8489C38EC}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{FE4ACC4B-E07B-4E3A-B850-C1736DF73080}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.08.09 18:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Commander\AppData\Roaming\mozilla\Firefox\extensions [2012.08.09 18:27:24 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Commander\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [volhosicicdrnii] C:\ProgramData\volhosic.exe () O4 - HKCU..\RunOnce: [Flags] Reg Error: Invalid data type. File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Commander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Commander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Commander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Commander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blackberry.com ([mobileapps] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC70C09-14EF-4B2D-98B0-F49C1DA60A6B}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC99755-BD59-461A-A825-05070B7216B2}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75550961-DD8C-421C-854C-A07EC32B4AED}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8154A228-826D-425E-B3E0-CF68E7BF8470}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6556F80-DEDB-4C79-BEDB-9EB447F983CF}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1f1807e3-1500-11df-aad5-002622eb2cd3}\Shell - "" = AutoRun O33 - MountPoints2\{1f1807e3-1500-11df-aad5-002622eb2cd3}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{3b1270db-589e-11e0-bc6f-002622eb2cd3}\Shell - "" = AutoRun O33 - MountPoints2\{3b1270db-589e-11e0-bc6f-002622eb2cd3}\Shell\AutoRun\command - "" = G:\Login.exe O33 - MountPoints2\{4c4b2059-5f90-11e0-b7f6-002622eb2cd3}\Shell - "" = AutoRun O33 - MountPoints2\{4c4b2059-5f90-11e0-b7f6-002622eb2cd3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e90515c1-5fe8-11df-9143-002622eb2cd3}\Shell - "" = AutoRun O33 - MountPoints2\{e90515c1-5fe8-11df-9143-002622eb2cd3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Login.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.20 17:03:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Commander\Desktop\OTL.exe [2012.08.20 16:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\obzjadkkifioayh [2012.08.16 19:17:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 19:17:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 19:17:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 19:17:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 19:17:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 19:17:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 19:17:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 19:17:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 19:17:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 19:17:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 19:17:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 19:17:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 19:17:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 19:13:41 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.08.16 19:13:39 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.16 19:13:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.08.16 19:13:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.08.16 19:13:27 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.08.16 19:13:25 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.08.16 19:13:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 19:13:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 19:13:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 19:02:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.09 18:27:25 | 000,000,000 | ---D | C] -- C:\Users\Commander\AppData\Local\CRE [2012.08.09 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.08.09 18:27:19 | 000,000,000 | ---D | C] -- C:\Users\Commander\AppData\Local\Conduit [2012.08.09 18:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentBar_DE [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.20 17:03:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Commander\Desktop\OTL.exe [2012.08.20 16:35:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.20 16:35:13 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys [2012.08.20 16:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.20 16:30:16 | 000,000,051 | ---- | M] () -- C:\ProgramData\rxbebeizuspprrl [2012.08.20 16:30:10 | 000,057,344 | ---- | M] () -- C:\ProgramData\volhosic.exe [2012.08.20 16:30:10 | 000,057,344 | ---- | M] () -- C:\Users\Commander\0.8395653502523105.exe [2012.08.20 09:48:33 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.20 09:48:33 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.16 19:34:05 | 000,362,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.16 19:12:46 | 015,712,766 | ---- | M] () -- C:\Users\Commander\Desktop\Remady feat. Manu-L & J-Son - Single Ladies.mp3 [2012.08.16 19:12:46 | 012,472,531 | ---- | M] () -- C:\Users\Commander\Desktop\Taio Cruz - Troublemaker.mp3 [2012.08.16 19:12:46 | 006,592,832 | ---- | M] () -- C:\Users\Commander\Desktop\Taio Cruz - There She Goes.mp3 [2012.08.15 18:31:45 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 18:31:45 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.09 18:00:46 | 000,228,203 | ---- | M] () -- C:\Users\Commander\Desktop\Rechnung 2120444.pdf [2012.08.01 18:14:00 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.01 18:14:00 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.01 18:14:00 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.01 18:14:00 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.01 18:14:00 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.31 18:07:22 | 000,067,019 | ---- | M] () -- C:\Users\Commander\Desktop\R28-64543001.pdf [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.20 16:30:16 | 000,057,344 | ---- | C] () -- C:\ProgramData\volhosic.exe [2012.08.20 16:30:12 | 000,000,051 | ---- | C] () -- C:\ProgramData\rxbebeizuspprrl [2012.08.20 16:30:10 | 000,057,344 | ---- | C] () -- C:\Users\Commander\0.8395653502523105.exe [2012.08.09 18:00:46 | 000,228,203 | ---- | C] () -- C:\Users\Commander\Desktop\Rechnung 2120444.pdf [2012.07.31 18:07:22 | 000,067,019 | ---- | C] () -- C:\Users\Commander\Desktop\R28-64543001.pdf [2012.07.29 20:08:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.21 13:08:28 | 000,000,218 | ---- | C] () -- C:\Users\Commander\.recently-used.xbel [2012.07.16 21:49:31 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.07.16 21:49:31 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.07.05 20:10:08 | 000,000,051 | ---- | C] () -- C:\ProgramData\psxgpeskfkqdxon [2012.01.26 17:22:45 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\elcapitd.exe [2012.01.26 17:22:43 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\NetCapiConfig.exe [2011.11.27 22:10:11 | 000,007,597 | ---- | C] () -- C:\Users\Commander\AppData\Local\Resmon.ResmonCfg [2011.10.02 19:28:17 | 000,004,608 | ---- | C] () -- C:\Users\Commander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.19 17:05:06 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\systeminfo.dll [2011.05.03 13:41:11 | 000,000,000 | ---- | C] () -- C:\Users\Commander\AppData\Local\{7A3A93E7-3B16-4EAA-8EB0-30289C9B8A18} [2011.02.21 15:49:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.02.08 12:24:41 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.01.15 12:36:41 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini [2010.11.09 21:20:14 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini [2010.09.13 12:45:17 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI [2010.09.13 11:34:45 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_1VVTV9VTMVFBF1VJWVBH4P6XLVVVVVVVVVVVVVV @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_1VPTV1VTMVFBFLVHKV6FYJ6VDVPMF7LBWK96HUTVVVVVVVVVVVVV < End of report > Geändert von Commander86 (20.08.2012 um 18:38 Uhr) |
| Themen zu BKA Trojaner Windows 7 Exploit.Drop.UR.2 |
| abgesicherte, administrator, aktion, anti-malware, autostart, bösartige, code, conduit, dateien, explorer, google earth, heute, index, logfile, malwarebytes, minute, plug-in, registrierung, runter, safer networking, sauber, service, speicher, troja, trojaner, version, verzeichnisse, windows, windows 7, wrapper |
Baum-Darstellung