| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Gvu-trojaner mit webcam / gmer hängt geradeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.12.2012, 23:03
| #1 |
 |  Gvu-trojaner mit webcam / gmer hängt gerade Hallo Trojaner-board Team, leider habe ich mir den GVU Trojaner gefangen. Die Schuld gebe ich mir, da Flash 2x updaten wollte und ich aus Zeitgründen eben 2x "später" geklickt habe. Nicht zuviel schimpfen, die Strafe folgte ja umgehend. - Über den User meiner Frau konnte ich Zugriff auf meinen Rechner erhalten. - Kaspersky windowsunlocker auf USB Stick geladen, leider keine Verbesserung - Start im abgesicherten Modus, Wiederherstellung durchgeführt und danach war der Zugriff wieder voll möglich - danach Scans mit GData (mein Virenscanner usw.), Kaspersky vom Stick (tief, 12h Laufzeit), Malewarebites durchgeführt......was der Laie so macht. Naja, ich will es jetzt richtig machen und bitte um eure Hilfe. Wie in eurer Anleitung für Hilfesuchende beschrieben habe ich durchgeführt: - defrogger laufen lassen - OTL laufen lassen ACHTUNG extra.txt finde ich nicht - msinfo32 ausgeführt - mein System ist ein 32 Bit System (Win7) - gmer geladen PROBLEM hängt im Moment! Eine Frage, was soll ich tun, abbrechen? Die im Moment verfügbaren Logs werde ich nach eurer Anweisung für das weitere Handeln posten (solange GMER aktiv ist soll man ja die Finger vom System lassen). Ich schreibe im Moment vom Tablett, daher habt Nachsicht bei Schreibfehlern. Vorab besten Dank für eure Geduld und eure Hilfe. Gruß, Andreas |
|
28.12.2012, 09:57
| #2 |
| /// Helfer-Team  | Gvu-trojaner mit webcam / gmer hängt gerade__________________
__________________ |
|
28.12.2012, 11:08
| #3 |
| | Gvu-trojaner mit webcam / gmer hängt gerade Hallo t'john,
__________________sorry der Hauptfehler sitzt leider vorm Rechner und hat das Programm Malewarebytes bereits wieder gelöscht. OTL hänge ich an, wenn es sinnvoller ist, fange natürlich auch gerne von null an und folge dann deinen Anweisungen....  OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2012 21:50:14 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy und Nicki\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,57% Memory free 5,99 Gb Paging File | 4,57 Gb Available in Paging File | 76,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 107,25 Gb Free Space | 23,03% Space Free | Partition Type: NTFS Computer Name: TOSHIBA | User Name: Andy und Nicki | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.27 21:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy und Nicki\Desktop\OTL.exe PRC - [2012.09.17 04:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\AVK\AVKWCtl.exe PRC - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\Firewall\GDFwSvc.exe PRC - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) -- C:\Programme\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 04:13:02 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Programme\G Data\TotalProtection\AVK\AVKService.exe PRC - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.10.28 08:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.10.25 10:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe PRC - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () -- C:\Programme\Join Air\AssistantServices.exe PRC - [2010.01.07 16:51:46 | 000,427,320 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe PRC - [2009.11.10 17:57:00 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2009.11.05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009.08.03 14:03:08 | 000,832,856 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe PRC - [2009.07.29 23:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.07.29 23:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.29 16:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 14:07:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.17 14:07:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 14:06:09 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.17 14:05:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.17 14:04:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.17 14:04:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.17 14:04:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.17 14:03:15 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2010.11.21 16:52:54 | 001,736,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2010.11.21 16:52:54 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3497.38885__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2010.11.21 16:52:54 | 000,339,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.11.21 16:52:54 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.11.21 16:52:54 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.11.21 16:52:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.11.21 16:52:54 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.11.21 16:52:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.11.21 16:52:53 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.11.21 16:52:53 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.11.21 16:52:52 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:52 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.11.21 16:52:52 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.11.21 16:52:52 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:51 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.11.21 16:52:50 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.11.21 16:52:49 | 000,950,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:49 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:49 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:49 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:49 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:49 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.11.21 16:52:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.11.21 16:52:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.11.21 16:52:48 | 000,749,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3497.38881__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:48 | 000,360,448 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3497.38851__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:48 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:48 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.11.21 16:52:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.11.21 16:52:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.11.21 16:52:47 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:47 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.11.21 16:52:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.11.21 16:52:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.11.21 16:52:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.11.21 16:52:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.11.21 16:52:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.11.21 16:52:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.11.21 16:52:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.11.21 16:52:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.11.21 16:52:45 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.11.21 16:52:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.11.21 16:52:44 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.11.21 16:52:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.11.21 16:52:43 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.11.21 16:52:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.11.21 16:52:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.11.21 16:52:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.11.21 16:52:43 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.11.21 16:52:42 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.11.21 16:52:42 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.11.21 16:52:42 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.11.21 16:52:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.11.21 16:52:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.11.21 16:52:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.11.21 16:52:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.11.21 16:52:42 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.11.21 16:52:41 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.11.21 16:52:41 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.11.21 16:52:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.11.21 16:52:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.11.21 16:52:40 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.11.21 16:52:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.11.21 16:52:39 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.11.21 16:52:38 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.11.21 16:52:38 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.11.21 16:52:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.11.21 16:52:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.11.21 16:52:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.11.21 16:52:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.11.21 16:52:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.11.21 16:52:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.11.21 16:52:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.11.21 16:52:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.11.21 16:52:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.11.21 16:52:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.11.21 16:52:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.11.21 16:52:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.11.21 16:52:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.11.21 16:52:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.11.21 16:52:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.11.21 16:52:34 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.11.21 16:52:33 | 001,212,416 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.11.21 16:52:33 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.11.21 16:52:33 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.11.21 16:52:33 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.11.21 16:52:33 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.11.21 16:52:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll MOD - [2010.11.21 16:52:32 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.07 16:51:46 | 000,427,320 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe MOD - [2009.11.03 13:26:26 | 000,058,680 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009.10.18 15:20:10 | 007,980,344 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2009.07.29 15:35:38 | 000,014,648 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2009.05.04 10:45:14 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.03.12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\SelfUpdater\SystemStore.exe -- (SystemStoreService) SRV - File not found [Auto | Stopped] -- C:\Program Files\SelfUpdater\SelfUpdate.exe -- (SelfUpdateService) SRV - [2012.12.19 21:42:00 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 21:38:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.11 04:04:03 | 001,617,432 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2012.08.30 04:05:55 | 001,584,112 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalProtection\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2012.08.23 14:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.28 17:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.06.04 10:49:40 | 001,899,816 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\G Data\TotalProtection\Firewall\GDFwSvc.exe -- (GDFwSvc) SRV - [2012.05.24 11:19:14 | 000,306,216 | ---- | M] (G Data Software) [Auto | Running] -- C:\Programme\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2012.05.14 04:26:47 | 001,218,552 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 03:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Programme\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.07.15 15:39:38 | 000,031,232 | ---- | M] (SoftwareForMe Inc) [On_Demand | Stopped] -- C:\Programme\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe -- (PhoneMyPC_Helper) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.28 08:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2010.10.25 10:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.11 09:40:52 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.04.27 15:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Programme\Join Air\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.05 22:04:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.07.29 23:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (GLogin) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012.12.19 12:45:49 | 000,030,416 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\GRD.sys -- (GRD) DRV - [2012.11.02 18:00:29 | 000,050,080 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt) DRV - [2012.11.02 17:58:27 | 000,093,728 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2012.11.02 17:58:27 | 000,053,664 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd) DRV - [2012.11.02 17:58:27 | 000,041,888 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave) DRV - [2012.09.20 05:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.20 05:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.07.07 20:20:24 | 000,103,928 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TS4nt.sys -- (TS4NT) DRV - [2012.07.07 20:19:51 | 000,050,040 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre) DRV - [2012.07.03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb) DRV - [2012.07.03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem) DRV - [2012.07.03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag) DRV - [2012.03.02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2012.03.02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2012.03.02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2012.03.02 16:02:00 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2012.03.02 16:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2012.03.02 16:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2012.03.02 16:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2012.03.02 16:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2011.12.17 17:06:23 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.11.28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - [2011.03.18 12:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2011.03.18 12:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.10.25 10:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.07.28 11:46:02 | 006,814,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2010.01.05 10:31:26 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.01.05 10:31:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.01.05 10:31:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.01.05 10:31:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.09.29 07:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009.09.29 07:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009.09.29 07:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009.09.15 03:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.09.15 02:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.09.07 08:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.07.30 12:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.04.10 17:09:40 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR) DRV - [2008.01.19 03:25:04 | 000,041,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stusb2ir.sys -- (stusb2ir) DRV - [2007.04.09 16:13:00 | 000,008,192 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem) DRV - [2006.11.19 22:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 9A 3D EB 41 46 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www2.mystart.com/results.php?pr=vmn&id=yolobartb&v=1_0&ent=ch&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search The Web" FF - prefs.js..browser.startup.homepage: "yahoo.de" FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy und Nicki\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy und Nicki\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.23 23:11:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.23 23:11:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.31 20:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy und Nicki\AppData\Roaming\mozilla\Extensions [2012.12.15 21:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy und Nicki\AppData\Roaming\mozilla\Firefox\Profiles\p5gofnvt.default\extensions [2012.12.05 21:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.05 21:38:23 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.05 21:38:23 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{906305F7-AAFC-45E9-8BBD-941950A84DAD} [2012.12.05 21:38:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.30 22:02:14 | 000,002,242 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mystarttb.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Andy und Nicki\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Andy und Nicki\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Error reading preferences file CHR - Extension: YouTube = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Lamborghini Sesto Elemento Theme = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb\1.0_0\ CHR - Extension: Google Mail = C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Andy und Nicki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DFE866B-720A-4F60-AF17-9BFF3A2E0FB0}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69223D6B-543A-4B7C-B352-B2584499FE34}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A28A86C9-8A37-497A-B456-CC84CAB1522C}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.23 23:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.12.19 18:18:39 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\Malwarebytes [2012.12.19 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.19 17:21:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andy und Nicki\Desktop\OTL.exe [2012.12.19 12:45:50 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.12.19 12:08:11 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.12.19 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.14 14:40:03 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\LG Electronics [2012.12.14 14:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite [2012.12.14 11:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2012.12.13 23:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\SelfUpdater [2012.12.13 23:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec [2012.12.13 23:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Freetec [2012.12.13 23:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2012.12.13 22:25:58 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\dvdcss [2012.12.13 22:24:49 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\Documents\Any Video Converter Ultimate [2012.12.13 22:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.13 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\AnvSoft [2012.12.13 22:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft [2012.12.13 22:21:36 | 000,032,896 | ---- | C] (AnvSoft Inc.) -- C:\Windows\System32\drivers\anvsnddrv.sys [2012.12.13 22:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft [2012.12.13 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\tiger-k [2012.12.13 21:50:55 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\Documents\Leawo [2012.12.13 21:50:55 | 000,000,000 | ---D | C] -- C:\Users\Andy und Nicki\AppData\Roaming\Leawo [2012.12.12 20:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.12 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.12 20:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.12 20:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.12 20:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.12.12 20:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.12 20:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.12.05 21:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.04 21:54:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.12.04 20:14:52 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.12.04 20:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\URE [2012.12.04 20:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\share [2012.12.04 20:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2012.12.04 20:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\program [2012.12.04 20:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Basis ========== Files - Modified Within 30 Days ========== [2012.12.27 21:43:53 | 000,929,918 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.12.27 21:43:53 | 000,050,539 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.12.27 21:42:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy und Nicki\Desktop\OTL.exe [2012.12.27 21:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 21:40:56 | 000,000,000 | ---- | M] () -- C:\Users\Andy und Nicki\defogger_reenable [2012.12.27 21:39:55 | 000,050,477 | ---- | M] () -- C:\Users\Andy und Nicki\Desktop\Defogger.exe [2012.12.27 21:33:37 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 21:33:37 | 000,014,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 21:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.27 21:25:27 | 2414,342,144 | -HS- | M] () -- C:\hiberfil.sys [2012.12.23 23:13:25 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.12.23 23:11:23 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3634486295-1998763040-3046787692-1000UA.job [2012.12.23 22:41:59 | 000,312,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.19 12:45:50 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2012.12.19 12:45:49 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2012.12.19 11:56:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.16 14:11:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3634486295-1998763040-3046787692-1000Core.job [2012.12.14 15:39:30 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.14 15:39:30 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.14 15:39:30 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.14 15:39:30 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.14 15:39:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf [2012.12.14 14:49:42 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini [2012.12.14 14:47:20 | 000,000,831 | ---- | M] () -- C:\Users\Andy und Nicki\Desktop\LGMobile Support Tool.lnk [2012.12.14 14:39:56 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite.lnk [2012.12.14 11:24:17 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2012.12.13 23:03:26 | 000,002,509 | ---- | M] () -- C:\Users\Public\Desktop\Freetec TubeBox.lnk [2012.12.13 22:52:50 | 000,000,393 | ---- | M] () -- C:\Users\Andy und Nicki\AppData\Local\HamsterVideoConverterSettings.cfg [2012.12.13 22:23:33 | 000,001,246 | ---- | M] () -- C:\Users\Andy und Nicki\Desktop\Any Video Converter Ultimate.lnk [2012.12.13 11:13:39 | 000,002,531 | ---- | M] () -- C:\Users\Andy und Nicki\Desktop\Google Chrome.lnk [2012.12.12 20:19:23 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.12 20:11:14 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.04 20:14:52 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk ========== Files Created - No Company Name ========== [2012.12.27 21:40:56 | 000,000,000 | ---- | C] () -- C:\Users\Andy und Nicki\defogger_reenable [2012.12.27 21:39:55 | 000,050,477 | ---- | C] () -- C:\Users\Andy und Nicki\Desktop\Defogger.exe [2012.12.19 21:28:18 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.12.19 21:09:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.19 10:35:29 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.14 15:39:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf [2012.12.14 14:39:56 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite.lnk [2012.12.14 11:24:17 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\NAVIGON Fresh.lnk [2012.12.13 23:03:26 | 000,002,509 | ---- | C] () -- C:\Users\Public\Desktop\Freetec TubeBox.lnk [2012.12.13 22:52:48 | 000,000,393 | ---- | C] () -- C:\Users\Andy und Nicki\AppData\Local\HamsterVideoConverterSettings.cfg [2012.12.13 22:23:33 | 000,001,246 | ---- | C] () -- C:\Users\Andy und Nicki\Desktop\Any Video Converter Ultimate.lnk [2012.12.13 21:50:37 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.12.12 20:19:23 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.12 20:11:14 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.04 20:14:52 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.09.01 19:57:13 | 000,000,021 | ---- | C] () -- C:\Users\Andy und Nicki\AppData\Local\mc.pixel.data [2012.08.28 09:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.08.13 11:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files\readme.html [2012.05.08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link [2011.07.17 12:57:37 | 000,929,918 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.06.10 05:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.05.21 20:25:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.05.21 20:25:17 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.01 20:29:30 | 000,003,854 | ---- | C] () -- C:\Users\Andy und Nicki\AppData\Roaming\Kommagetrennte Werte (Windows).NOT [2010.11.10 21:37:27 | 000,000,017 | ---- | C] () -- C:\Users\Andy und Nicki\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.10.03 10:02:54 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Amazon [2012.12.13 22:24:39 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\AnvSoft [2011.07.20 16:49:59 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Canon [2011.08.23 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\DATA BECKER Shared [2011.09.30 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\DVDVideoSoft [2011.09.30 17:27:15 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.28 14:41:42 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\elsterformular [2012.11.11 10:12:32 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\G Data [2010.11.29 15:22:43 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\HamsterSoft [2012.02.20 22:09:43 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\HTC [2011.12.21 14:43:34 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.09.30 17:31:08 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Jens Lorek [2012.12.13 21:50:55 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Leawo [2012.12.19 12:25:49 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\LG Electronics [2011.11.12 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\MP3Find [2010.11.07 01:59:56 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Nexway [2010.11.13 22:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\OpenOffice.org [2010.11.06 23:36:16 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Opera [2012.04.13 16:54:52 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Outlook [2010.11.11 20:04:44 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Philipp Winterberg [2011.08.26 16:20:30 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\ProtectDisc [2012.10.17 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Samsung [2012.12.13 21:56:51 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\ScanMaster-ElmScan [2012.12.13 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\tiger-k [2010.11.10 21:20:25 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\toshiba [2010.11.10 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\WinBatch [2010.11.06 23:52:49 | 000,000,000 | ---D | M] -- C:\Users\Andy und Nicki\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:BF3D62E7 < End of report > |
|
28.12.2012, 13:20
| #4 |
| /// Helfer-Team | Gvu-trojaner mit webcam / gmer hängt gerade Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 187 bytes -> C:\ProgramData\Temp:BF3D62E7
[2012.12.19 11:56:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Andy und Nicki\*.tmp
C:\Users\Andy und Nicki\AppData\Local\Temp\*.exe
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
28.12.2012, 14:21
| #5 |
| | Gvu-trojaner mit webcam / gmer hängt gerade Hallo t'john, hier die Logs: OTL Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\Temp:BF3D62E7 deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Andy und Nicki\*.tmp not found.
C:\Users\Andy und Nicki\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Andy und Nicki\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe moved successfully.
C:\Users\Andy und Nicki\AppData\Local\Temp\tmp7480.tmp.exe moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Andy und Nicki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andy und Nicki\Desktop\cmd.bat deleted successfully.
C:\Users\Andy und Nicki\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Andy und Nicki
->Temp folder emptied: 457859350 bytes
->Temporary Internet Files folder emptied: 7526935 bytes
->FireFox cache emptied: 116591092 bytes
->Google Chrome cache emptied: 55320762 bytes
->Opera cache emptied: 1328381 bytes
->Flash cache emptied: 77870 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Nicki
->Temp folder emptied: 18850157 bytes
->Temporary Internet Files folder emptied: 3338550 bytes
->Java cache emptied: 247916 bytes
->Opera cache emptied: 6027714 bytes
->Flash cache emptied: 951 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40650060 bytes
RecycleBin emptied: 3950550900 bytes
Total Files Cleaned = 4.443,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_133114
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET68C0.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Malewarebytes Anti Rootkit Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.28.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andy und Nicki :: TOSHIBA [administrator]
28.12.2012 13:58:57
mbar-log-2012-12-28 (13-58-57).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29823
Time elapsed: 16 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.103 - Datei am 28/12/2012 um 14:01:01 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andy und Nicki - TOSHIBA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andy und Nicki\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\498B9978CE49397903524B0761200F43EC650044
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\67170FB0228B69BCCBEF8CE14A76953A5505D8EA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\84BA15BD1DFEAA8A233F801B29BDC48DEE17B71F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Andy und Nicki\AppData\Roaming\Mozilla\Firefox\Profiles\p5gofnvt.default\prefs.js
Gelöscht : user_pref("browser.search.selectedEngine", "Search The Web");
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Andy und Nicki\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.625] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp",
Gelöscht [l.873] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp", "hxxp:/[...]
Gelöscht [l.880] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp",
Gelöscht [l.883] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp"],
-\\ Opera v12.12.1707.0
Datei : C:\Users\Andy und Nicki\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Nicki\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2834 octets] - [28/12/2012 14:01:01]
########## EOF - C:\AdwCleaner[S1].txt - [2894 octets] ##########
Kleine Info noch, während des Scans von Malewarebytes hat GDate Total Protektion 2013 eine rundll32.exe / gestartet von wermgr.exe gemeldet, die Zugriff zum Netz haben wollte, ich hab mal gegoogled, scheint harmlos zu sein, oder? Besten Dank für deine Hilfe und Antwort. |
|
28.12.2012, 20:26
| #6 |
| /// Helfer-Team | Gvu-trojaner mit webcam / gmer hängt gerade Sehr gut!  ESET Online Scanner Vorbereitung
__________________ --> Gvu-trojaner mit webcam / gmer hängt gerade |
|
29.12.2012, 08:51
| #7 |
| | Gvu-trojaner mit webcam / gmer hängt gerade Guten Morgen t'john, Eset ist nun fertig mit dem Scan vier Funde. Nachfolgend das Log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=2df53dc38624084698f6fe13f5c998a6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 07:44:56
# local_time=2012-12-29 08:44:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 41538 108398287 0 0
# scanned=432295
# found=4
# cleaned=4
# scan_time=40628
C:\_OTL\MovedFiles\12282012_133114\C_Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\19a537f0-2c54f8f2 Java/Agent.FH trojan (cleaned by deleting - quarantined) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 C
C:\_OTL\MovedFiles\12282012_133114\C_Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\19a537f0-54b9e0a1 Java/Agent.FH trojan (cleaned by deleting - quarantined) 5D83DCF74FABC5A777F39B3BAA61C355FF28F6D8 C
E:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3617d61e-305ade35 multiple threats (deleted - quarantined) 8C9A38A07B6BDB3585F47EE1ADCE9BE93CE81492 C
E:\Users\Andy und Nicki\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\5229ea5e-2a11b557 multiple threats (deleted - quarantined) 7EC62C7D74B3D6A883AF2BE5AE8789273F5FA5BE C
Andreas |
|
29.12.2012, 16:47
| #8 |
| /// Helfer-Team | Gvu-trojaner mit webcam / gmer hängt gerade Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
30.12.2012, 08:54
| #9 |
| | Gvu-trojaner mit webcam / gmer hängt gerade Hallo t'john, das hat leider nicht richtig funktioniert. Die Info vom Plugin Check nach der Java Deaktivierung: Java ist nicht Installiert oder nicht aktiviert. Davor das hatte ich kopiert, ist leider jetzt weg. Ich weiß aber, das der Acrobat Reader nicht mehr aktuell war. Viele Grüße und einen guten Rutsch ins neue Jahr, Andreas |
|
30.12.2012, 10:11
| #10 | |
| /// Helfer-Team | Gvu-trojaner mit webcam / gmer hängt geradeZitat:
 Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
02.01.2013, 20:33
| #11 |
| | Gvu-trojaner mit webcam / gmer hängt gerade Hallo t'john, leider gibt´s nicht nur im WWW Viren.....daher erst jetzt mein für die tolle, unkomplizierte Hilfe von eurem Board und im Speziellen von dir. Ich bin immerwieder verwundert, dass es noch derart uneigennützige Personen gibt, die Foren am Leben halten und anderen (Fremden) mit Rat und Tat zur Seite stehen. SUPER TOLL  Mein Dank ist in ein paar Minuten unterwegs. Ich kann jedem nur raten, eure Tipps regelmäßig zu verinnerlichen. Euch und dir ein gutes neues Jahr und weiterhin viel Erfolg für euer Board. Viele Grüße, Andreas |
|
03.01.2013, 04:44
| #12 |
| /// Helfer-Team | Gvu-trojaner mit webcam / gmer hängt geradewir wuenschen eine virenfreie Zeit! |
|
| Themen zu Gvu-trojaner mit webcam / gmer hängt gerade |
| 32 bit, abgesicherten, aktiv, anleitung, besten, frage, gdata, gmer, gvu-trojaner, hängt, kaspersky, laufzeit, problem, rechner, scanner, schreibfehler, start, stick, system, tablet, trojaner-board, update, updaten, usb, usb stick, virenscanner, voll, webcam, wiederherstellung, win7, zugriff, zuviel |
Linear-Darstellung
