| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit 100€ Paysafecard, ComputersperrungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 20:13
| #1 |
 |  GVU Trojaner mit 100€ Paysafecard, Computersperrung Hallo ... habe mir soeben den o.g. Trojaner eingefangen. Der PC ist gesperrt. Was soll ich nun tun? Wie gehe ich vor? Kann mir jemand helfen? Mir wurde hier schon einmal wegen eines BKA-Trojaners sehr gut geholfen. Grüße |
|
09.01.2013, 20:15
| #2 |
| /// Malware-holic   | GVU Trojaner mit 100€ Paysafecard, Computersperrung Hi
__________________neustart, f8 drücken, abgesicherter Modus mit Netzwerk wählen, im betroffenen Konto anmelden. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.01.2013, 20:58
| #3 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung ok.
__________________hier die OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.01.2013 20:23:35 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,46% Memory free 6,18 Gb Paging File | 5,92 Gb Available in Paging File | 95,72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 3,51 Gb Free Space | 3,73% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 45,34 Gb Free Space | 23,24% Space Free | Partition Type: NTFS Drive E: | 7,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 1,95 Gb Total Space | 1,09 Gb Free Space | 55,73% Space Free | Partition Type: FAT Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Unlocker\UnlockerCOM.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (ThreatFire) -- C:\Program Files\ThreatFire\TFService.exe service File not found SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <公司名稱>) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys (PC Tools) DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools) DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys (PC Tools) DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys () DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI) DRV - (k750bus) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Arcor.de - Startseite - Free E-Mail, News & Service IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Free: Avira Search Free powered by Ask.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms} IE - HKCU\..\SearchScopes\{08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\..\SearchScopes\{880DF7F5-F0D3-4051-B68C-5A2C2D315E4F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{BE27B176-5C73-46E5-8966-7CA95CFD3E51}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=1ea6e2e7-3b1e-4489-89db-7515d2f9ad76&apn_sauid=9368D956-E6F7-48BE-9E7F-85992E45AB92 IE - HKCU\..\SearchScopes\{EB825AC3-D8CE-4F1E-8986-F095BB93D20B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.haz.de" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=1ea6e2e7-3b1e-4489-89db-7515d2f9ad76&apn_ptnrs=%5EABT&apn_sauid=9368D956-E6F7-48BE-9E7F-85992E45AB92&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 14:52:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 13:28:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 14:52:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.20 13:28:14 | 000,000,000 | ---D | M] [2010.06.02 08:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2013.01.02 20:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions [2012.10.06 22:32:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.11.22 08:20:37 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\toolbar@ask.com [2013.01.02 20:21:54 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\i7r22a7o.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.01.17 11:17:40 | 000,002,354 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\i7r22a7o.default\searchplugins\aol-web-search.xml [2012.11.22 08:20:37 | 000,002,344 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\i7r22a7o.default\searchplugins\askcom.xml [2010.12.31 16:58:19 | 000,001,196 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\i7r22a7o.default\searchplugins\winamp-search.xml [2013.01.02 19:36:59 | 000,002,112 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\i7r22a7o.default\searchplugins\wot-safe-search.xml [2012.12.06 14:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.12.06 14:52:32 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 14:52:32 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2009.09.02 19:40:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.12.06 14:52:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.13 18:38:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.13 18:38:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.13 18:38:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.13 18:38:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.13 18:38:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.13 18:38:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Search Free: Avira Search Free powered by Ask.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.14.1.0_0\background/registryAccess.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Sopcast Toolbar = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.14.1.0_0\ CHR - Extension: Skype Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Business - English Newsfeed.lnk = File not found O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell - "" = AutoRun O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{a33d52cc-48c1-4126-b861-c8e0d55083c8} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: FSCRecovery - hkey= - key= - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) MsConfig - StartUpReg: msnmsgr - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - Reg Error: Value error. File not found MsConfig - StartUpReg: sidebar.exe - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - Reg Error: Value error. File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 20:20:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe [2013.01.09 20:19:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.01.09 16:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.09 16:37:57 | 000,189,192 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Martin\wgsdgsdgdsgsd.dll [2013.01.05 15:09:52 | 068,037,104 | ---- | C] (Samsung Electronics Co., Ltd. ) -- C:\Users\Martin\Desktop\Kies251Setup.exe [2012.12.20 13:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.12.20 13:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.12.20 13:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ] [10 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [1 C:\Users\Martin\AppData\Local\*.tmp files -> C:\Users\Martin\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.09 20:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe [2013.01.09 20:19:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2013.01.09 20:10:24 | 105,661,272 | ---- | M] () -- C:\Users\Martin\Desktop\avira_free_antivirus_de.exe [2013.01.09 20:08:06 | 105,661,272 | ---- | M] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de(2).exe [2013.01.09 20:08:02 | 002,086,216 | ---- | M] () -- C:\Users\Martin\Desktop\avira_antivirus_premium.exe [2013.01.09 20:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 19:44:13 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.09 19:44:00 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job [2013.01.09 19:43:13 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.01.09 19:43:13 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.01.09 19:42:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 19:42:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 19:42:24 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 19:40:39 | 003,222,238 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.09 19:40:39 | 001,403,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.09 19:40:39 | 000,975,944 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.09 19:40:39 | 000,879,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 19:03:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.01.09 19:03:48 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2013.01.09 17:59:16 | 105,661,272 | ---- | M] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de(1).exe [2013.01.09 16:53:49 | 105,661,272 | ---- | M] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de.exe [2013.01.09 16:52:48 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.09 16:38:07 | 000,002,914 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 16:38:07 | 000,000,892 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 16:37:57 | 000,189,192 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Martin\wgsdgsdgdsgsd.dll [2013.01.09 16:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 16:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 13:19:18 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2013.01.06 09:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2013.01.05 18:06:02 | 015,248,310 | ---- | M] () -- C:\Users\Martin\Desktop\147e57810b1ecb0ad285eec97e70a2f8.pdf [2013.01.05 17:12:24 | 000,219,073 | ---- | M] () -- C:\Users\Martin\Desktop\Bedienungsanleitung-VODAFONE-DSL-EASYBOX 802-D.pdf [2013.01.05 15:11:26 | 068,037,104 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\Martin\Desktop\Kies251Setup.exe [2013.01.05 09:04:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2013.01.04 16:33:22 | 000,000,958 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.04 10:50:17 | 000,028,713 | ---- | M] () -- C:\Users\Martin\Desktop\VJ-01-2013.pdf [2013.01.04 09:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.01.03 19:22:14 | 013,509,836 | ---- | M] () -- C:\Users\Martin\Desktop\GT-I9300_UM_Open_Icecream_Ger_Rev.1.0_120601_Screen.pdf [2012.12.31 10:29:39 | 258,244,555 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.30 17:59:03 | 000,237,056 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.27 18:41:57 | 000,370,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.20 16:20:22 | 000,041,525 | ---- | M] () -- C:\Users\Martin\Desktop\_Mannschaftsliste.pdf [2012.12.20 13:29:00 | 000,001,921 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.13 19:42:09 | 000,647,722 | ---- | M] () -- C:\Users\Martin\Desktop\notonly_sf.pdf [2012.12.13 12:00:13 | 000,232,622 | ---- | M] () -- C:\Users\Martin\Desktop\Last_Christmas_George_Michael.pdf [2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ] [10 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] [1 C:\Users\Martin\AppData\Local\*.tmp files -> C:\Users\Martin\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 20:07:57 | 002,086,216 | ---- | C] () -- C:\Users\Martin\Desktop\avira_antivirus_premium.exe [2013.01.09 20:07:42 | 105,661,272 | ---- | C] () -- C:\Users\Martin\Desktop\avira_free_antivirus_de.exe [2013.01.09 19:40:51 | 105,661,272 | ---- | C] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de(2).exe [2013.01.09 17:56:28 | 105,661,272 | ---- | C] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de(1).exe [2013.01.09 16:51:25 | 105,661,272 | ---- | C] () -- C:\Users\Martin\Desktop\avira_free_antivirus_2890de.exe [2013.01.09 16:38:07 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 16:38:07 | 000,000,892 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 16:38:00 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.05 18:05:58 | 015,248,310 | ---- | C] () -- C:\Users\Martin\Desktop\147e57810b1ecb0ad285eec97e70a2f8.pdf [2013.01.05 17:12:23 | 000,219,073 | ---- | C] () -- C:\Users\Martin\Desktop\Bedienungsanleitung-VODAFONE-DSL-EASYBOX 802-D.pdf [2013.01.04 16:33:22 | 000,000,958 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.04 10:50:16 | 000,028,713 | ---- | C] () -- C:\Users\Martin\Desktop\VJ-01-2013.pdf [2013.01.03 19:22:13 | 013,509,836 | ---- | C] () -- C:\Users\Martin\Desktop\GT-I9300_UM_Open_Icecream_Ger_Rev.1.0_120601_Screen.pdf [2012.12.20 16:20:22 | 000,041,525 | ---- | C] () -- C:\Users\Martin\Desktop\_Mannschaftsliste.pdf [2012.12.20 13:29:00 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.12.20 13:28:14 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.12.14 03:06:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.14 03:06:44 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.13 19:42:07 | 000,647,722 | ---- | C] () -- C:\Users\Martin\Desktop\notonly_sf.pdf [2012.12.13 12:00:12 | 000,232,622 | ---- | C] () -- C:\Users\Martin\Desktop\Last_Christmas_George_Michael.pdf [2012.09.01 11:46:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.09.01 11:21:10 | 000,000,022 | -HS- | C] () -- C:\Users\Martin\AppData\Roaming\Windows1569_SettingsRepository.bin [2012.09.01 11:21:10 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys [2012.03.11 22:15:28 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.03.08 15:49:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2012.03.08 14:54:53 | 007,367,726 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat [2011.10.13 16:45:00 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.10.02 19:49:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.10.02 19:49:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.05.05 17:42:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.29 17:56:20 | 000,090,624 | ---- | C] () -- C:\Users\Martin\Steuer 09.elfo [2009.03.29 20:55:40 | 000,298,997 | ---- | C] () -- C:\Users\Martin\AppData\Local\yeeggys_nav.dat [2009.03.29 20:55:40 | 000,003,803 | ---- | C] () -- C:\Users\Martin\AppData\Local\yeeggys_navps.dat [2009.03.29 20:55:40 | 000,003,005 | ---- | C] () -- C:\Users\Martin\AppData\Local\yeeggys.dat [2009.03.03 23:12:21 | 000,000,091 | ---- | C] () -- C:\Users\Martin\AppData\Local\ucqemcq.bat [2008.11.05 17:27:38 | 000,001,356 | ---- | C] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2008.10.06 15:10:18 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat [2008.10.06 15:08:15 | 000,237,056 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.03 05:11:42 | 000,111,182 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.03 05:11:42 | 000,111,182 | ---- | C] () -- C:\ProgramData\nvModes.001 [2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-825052527-3090018616-2224713232-1000\$9fb2fde4565cc117a6b0ee8e49626e55\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$9fb2fde4565cc117a6b0ee8e49626e55\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.06 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\3D RealityMaps Viewer [2011.11.06 18:11:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Alpen 3D Online [2008.12.15 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Buhl Data Service [2009.01.15 09:55:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Canon [2012.11.22 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\digital publishing [2013.01.09 19:44:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dropbox [2010.06.29 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\elsterformular [2010.09.13 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Erekgy [2010.08.04 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\fotobuch.de AG [2011.07.16 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\go [2009.06.19 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Langenscheidt [2009.05.07 08:35:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2009.03.19 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\live-player [2010.11.19 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Maekxy [2010.05.25 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MioNetApplet [2009.03.03 23:24:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MMToolz [2012.05.09 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Navigram [2012.01.17 11:14:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenCandy [2012.11.22 08:59:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\QuickStoresToolbar [2010.11.20 17:53:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Seeky [2010.04.17 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony [2010.04.17 22:39:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Setup [2012.03.11 22:29:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Systweak [2008.10.06 17:53:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template [2012.03.08 18:16:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrojanHunter [2011.12.30 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software [2012.05.25 12:39:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Xilisoft [2010.09.24 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ypaqc ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.19 18:38:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.03.11 22:40:46 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2009.11.03 18:08:36 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.10.06 13:35:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.07.03 04:55:59 | 000,000,000 | R--D | M] -- C:\DRIVER [2008.10.06 13:39:36 | 000,000,000 | ---D | M] -- C:\ebay [2008.10.06 13:40:25 | 000,000,000 | ---D | M] -- C:\Google [2008.07.03 04:55:59 | 000,000,000 | R--D | M] -- C:\MANUAL [2008.07.03 05:04:28 | 000,000,000 | ---D | M] -- C:\Nero [2008.10.06 13:42:00 | 000,000,000 | ---D | M] -- C:\NVC [2008.10.06 13:42:05 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial [2010.06.25 22:45:06 | 000,000,000 | ---D | M] -- C:\output [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.20 13:28:57 | 000,000,000 | ---D | M] -- C:\Program Files [2013.01.09 19:43:37 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.10.06 13:35:36 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.22 08:29:31 | 000,000,000 | -H-D | M] -- C:\swidjuwadj.exe [2013.01.06 16:57:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.07.03 06:44:49 | 000,000,000 | ---D | M] -- C:\TMP [2008.10.06 14:47:02 | 000,000,000 | R--D | M] -- C:\Users [2013.01.09 16:45:44 | 000,000,000 | ---D | M] -- C:\Windows [2008.07.03 05:09:21 | 000,000,000 | ---D | M] -- C:\Works [2012.03.09 10:40:04 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > [2007.03.12 17:59:00 | 000,299,008 | ---- | M] () -- C:\Program Files\navigram_register.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009.04.11 07:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,592 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.03.29 21:01:34 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2009.07.02 18:40:11 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.07.02 18:40:11 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2009.07.21 12:31:05 | 000,000,398 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2012.02.11 18:58:58 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.05.01 17:46:57 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\drivers\ahcix86s.sys [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) MD5=0DEE2B628D4C6E23285BB91EFFDABFDE -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_71554ba4\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.07.03 14:24:50 | 013,115,392 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.07.03 14:24:42 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.09 20:22:33 | 002,883,584 | ---- | M] () -- C:\Users\Martin\ntuser.dat [2012.03.11 22:19:42 | 003,670,016 | -HS- | M] () -- C:\Users\Martin\ntuser.dat.bak [2013.01.09 20:22:33 | 000,262,144 | -H-- | M] () -- C:\Users\Martin\ntuser.dat.LOG1 [2012.01.16 13:40:27 | 000,262,144 | -H-- | M] () -- C:\Users\Martin\ntuser.dat.LOG2 [2012.03.11 22:19:43 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\ntuser.dat.sav.LOG1 [2012.03.11 22:19:43 | 000,000,000 | -H-- | M] () -- C:\Users\Martin\ntuser.dat.sav.LOG2 [2012.08.25 01:59:38 | 002,883,584 | ---- | M] () -- C:\Users\Martin\ntuser.dat_previous [2012.01.16 13:40:27 | 001,048,576 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75cd-0976-11e1-aafe-00030da1c51a}.TxR.0.regtrans-ms [2012.01.16 13:40:27 | 001,048,576 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75cd-0976-11e1-aafe-00030da1c51a}.TxR.1.regtrans-ms [2012.01.16 13:40:27 | 001,048,576 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75cd-0976-11e1-aafe-00030da1c51a}.TxR.2.regtrans-ms [2012.01.16 13:40:27 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75cd-0976-11e1-aafe-00030da1c51a}.TxR.blf [2012.03.11 22:19:43 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75ce-0976-11e1-aafe-00030da1c51a}.TM.blf [2012.03.11 22:19:43 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75ce-0976-11e1-aafe-00030da1c51a}.TMContainer00000000000000000001.regtrans-ms [2011.11.09 20:41:52 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{0e8d75ce-0976-11e1-aafe-00030da1c51a}.TMContainer00000000000000000002.regtrans-ms [2013.01.09 19:44:30 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{2f239c65-ee4e-11e1-931d-00030da1c51a}.TM.blf [2013.01.09 19:44:30 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{2f239c65-ee4e-11e1-931d-00030da1c51a}.TMContainer00000000000000000001.regtrans-ms [2012.08.25 12:06:45 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{2f239c65-ee4e-11e1-931d-00030da1c51a}.TMContainer00000000000000000002.regtrans-ms [2010.09.02 20:49:47 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.02 20:49:47 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2008.10.06 18:13:28 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.11.06 19:41:36 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{56efa521-bccc-11df-a65b-00030da1c51a}.TM.blf [2011.11.06 19:41:36 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{56efa521-bccc-11df-a65b-00030da1c51a}.TMContainer00000000000000000001.regtrans-ms [2010.09.10 12:13:27 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT{56efa521-bccc-11df-a65b-00030da1c51a}.TMContainer00000000000000000002.regtrans-ms [2012.08.25 01:59:35 | 000,065,536 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{96f2a7f8-6bbf-11e1-9801-806e6f6e6963}.TM.blf [2012.08.25 01:59:35 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{96f2a7f8-6bbf-11e1-9801-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012.03.11 22:20:56 | 000,524,288 | -HS- | M] () -- C:\Users\Martin\ntuser.dat{96f2a7f8-6bbf-11e1-9801-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2008.10.06 14:47:03 | 000,000,020 | -HS- | M] () -- C:\Users\Martin\ntuser.ini [2010.06.29 18:26:16 | 000,090,624 | ---- | M] () -- C:\Users\Martin\Steuer 09.elfo [2013.01.09 16:37:57 | 000,189,192 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Martin\wgsdgsdgdsgsd.dll < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Wo find ich die Extra.txt? wie gehts weiter? |
|
10.01.2013, 00:51
| #4 |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.09 16:38:07 | 000,002,914 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 16:38:07 | 000,000,892 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 16:38:00 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 07:59
| #5 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung All processes killed ========== OTL ========== C:\ProgramData\dsgsdgdsgdsgw.js moved successfully. C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Martin ->Flash cache emptied: 5129 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Martin ->Temp folder emptied: 3039 bytes ->Temporary Internet Files folder emptied: 8859802 bytes ->Java cache emptied: 1767244 bytes ->FireFox cache emptied: 70451855 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608590 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7514272 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 19425295 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 104,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01102013_075545 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... vielen dank schon mal für die unterstützung das (also oben) ist die gewünschte textdatei ... pc hat neu gestartet. bin jetzt im normalen modus unterwegs, nicht mehr im abgesicherten wie gehts weiter? |
|
10.01.2013, 14:35
| #6 |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung Dann mal weiter: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> GVU Trojaner mit 100€ Paysafecard, Computersperrung |
|
10.01.2013, 15:19
| #7 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung ok, das ist der report ... 15:15:20.0432 10420 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:15:20.0674 10420 ============================================================ 15:15:20.0674 10420 Current date / time: 2013/01/10 15:15:20.0674 15:15:20.0674 10420 SystemInfo: 15:15:20.0674 10420 15:15:20.0674 10420 OS Version: 6.0.6002 ServicePack: 2.0 15:15:20.0674 10420 Product type: Workstation 15:15:20.0674 10420 ComputerName: MARTIN-PC 15:15:20.0675 10420 UserName: Martin 15:15:20.0675 10420 Windows directory: C:\Windows 15:15:20.0675 10420 System windows directory: C:\Windows 15:15:20.0675 10420 Processor architecture: Intel x86 15:15:20.0675 10420 Number of processors: 2 15:15:20.0675 10420 Page size: 0x1000 15:15:20.0675 10420 Boot type: Normal boot 15:15:20.0675 10420 ============================================================ 15:15:21.0643 10420 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:15:21.0645 10420 ============================================================ 15:15:21.0645 10420 \Device\Harddisk0\DR0: 15:15:21.0646 10420 MBR partitions: 15:15:21.0646 10420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1194800, BlocksNum 0xBC51800 15:15:21.0646 10420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCDE6000, BlocksNum 0x186482B0 15:15:21.0646 10420 ============================================================ 15:15:21.0678 10420 C: <-> \Device\Harddisk0\DR0\Partition1 15:15:21.0731 10420 D: <-> \Device\Harddisk0\DR0\Partition2 15:15:21.0731 10420 ============================================================ 15:15:21.0731 10420 Initialize success 15:15:21.0731 10420 ============================================================ 15:16:08.0901 10728 ============================================================ 15:16:08.0901 10728 Scan started 15:16:08.0901 10728 Mode: Manual; SigCheck; TDLFS; 15:16:08.0901 10728 ============================================================ 15:16:09.0175 10728 ================ Scan system memory ======================== 15:16:09.0175 10728 System memory - ok 15:16:09.0176 10728 ================ Scan services ============================= 15:16:09.0372 10728 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:16:09.0508 10728 ACPI - ok 15:16:09.0593 10728 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:16:09.0606 10728 AdobeARMservice - ok 15:16:09.0699 10728 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:16:09.0718 10728 AdobeFlashPlayerUpdateSvc - ok 15:16:09.0749 10728 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:16:09.0796 10728 adp94xx - ok 15:16:09.0848 10728 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:16:09.0865 10728 adpahci - ok 15:16:09.0889 10728 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:16:09.0907 10728 adpu160m - ok 15:16:09.0927 10728 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:16:09.0945 10728 adpu320 - ok 15:16:09.0971 10728 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:16:10.0018 10728 AeLookupSvc - ok 15:16:10.0060 10728 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 15:16:10.0122 10728 AFD - ok 15:16:10.0140 10728 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:16:10.0156 10728 agp440 - ok 15:16:10.0182 10728 [ 0DEE2B628D4C6E23285BB91EFFDABFDE ] ahcix86s C:\Windows\system32\drivers\ahcix86s.sys 15:16:10.0204 10728 ahcix86s - ok 15:16:10.0230 10728 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:16:10.0245 10728 aic78xx - ok 15:16:10.0254 10728 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:16:10.0400 10728 ALG - ok 15:16:10.0417 10728 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:16:10.0431 10728 aliide - ok 15:16:10.0445 10728 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:16:10.0460 10728 amdagp - ok 15:16:10.0474 10728 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:16:10.0487 10728 amdide - ok 15:16:10.0507 10728 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:16:10.0551 10728 AmdK7 - ok 15:16:10.0570 10728 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:16:10.0608 10728 AmdK8 - ok 15:16:10.0680 10728 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:16:10.0693 10728 AntiVirSchedulerService - ok 15:16:10.0715 10728 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:16:10.0729 10728 AntiVirService - ok 15:16:10.0767 10728 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:16:10.0805 10728 AntiVirWebService - ok 15:16:10.0860 10728 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:16:10.0914 10728 Appinfo - ok 15:16:10.0934 10728 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:16:10.0951 10728 arc - ok 15:16:10.0985 10728 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:16:11.0001 10728 arcsas - ok 15:16:11.0015 10728 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:16:11.0060 10728 AsyncMac - ok 15:16:11.0093 10728 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 15:16:11.0110 10728 atapi - ok 15:16:11.0145 10728 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:16:11.0186 10728 AudioEndpointBuilder - ok 15:16:11.0211 10728 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:16:11.0234 10728 Audiosrv - ok 15:16:11.0259 10728 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:16:11.0271 10728 avgntflt - ok 15:16:11.0306 10728 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:16:11.0319 10728 avipbb - ok 15:16:11.0331 10728 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:16:11.0342 10728 avkmgr - ok 15:16:11.0360 10728 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:16:11.0395 10728 Beep - ok 15:16:11.0453 10728 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 15:16:11.0524 10728 BITS - ok 15:16:11.0541 10728 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:16:11.0582 10728 blbdrive - ok 15:16:11.0634 10728 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:16:11.0653 10728 Bonjour Service - ok 15:16:11.0697 10728 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:16:11.0729 10728 bowser - ok 15:16:11.0748 10728 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:16:11.0783 10728 BrFiltLo - ok 15:16:11.0804 10728 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:16:11.0854 10728 BrFiltUp - ok 15:16:11.0892 10728 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:16:11.0940 10728 Browser - ok 15:16:11.0959 10728 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:16:12.0122 10728 Brserid - ok 15:16:12.0142 10728 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:16:12.0207 10728 BrSerWdm - ok 15:16:12.0229 10728 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:16:12.0288 10728 BrUsbMdm - ok 15:16:12.0309 10728 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:16:12.0371 10728 BrUsbSer - ok 15:16:12.0393 10728 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:16:12.0464 10728 BTHMODEM - ok 15:16:12.0490 10728 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:16:12.0537 10728 cdfs - ok 15:16:12.0613 10728 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:16:12.0654 10728 cdrom - ok 15:16:12.0682 10728 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 15:16:12.0733 10728 CertPropSvc - ok 15:16:12.0769 10728 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 15:16:12.0811 10728 circlass - ok 15:16:12.0840 10728 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 15:16:12.0857 10728 CLFS - ok 15:16:12.0927 10728 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:16:12.0940 10728 clr_optimization_v2.0.50727_32 - ok 15:16:12.0996 10728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:16:13.0013 10728 clr_optimization_v4.0.30319_32 - ok 15:16:13.0044 10728 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:16:13.0092 10728 CmBatt - ok 15:16:13.0120 10728 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:16:13.0136 10728 cmdide - ok 15:16:13.0152 10728 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:16:13.0168 10728 Compbatt - ok 15:16:13.0175 10728 COMSysApp - ok 15:16:13.0194 10728 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:16:13.0210 10728 crcdisk - ok 15:16:13.0231 10728 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:16:13.0290 10728 Crusoe - ok 15:16:13.0324 10728 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:16:13.0374 10728 CryptSvc - ok 15:16:13.0417 10728 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:16:13.0453 10728 DcomLaunch - ok 15:16:13.0486 10728 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:16:13.0523 10728 DfsC - ok 15:16:13.0591 10728 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 15:16:13.0799 10728 DFSR - ok 15:16:13.0884 10728 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:16:13.0931 10728 Dhcp - ok 15:16:13.0973 10728 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 15:16:13.0990 10728 disk - ok 15:16:14.0012 10728 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:16:14.0059 10728 Dnscache - ok 15:16:14.0089 10728 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:16:14.0135 10728 dot3svc - ok 15:16:14.0163 10728 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:16:14.0212 10728 DPS - ok 15:16:14.0249 10728 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:16:14.0296 10728 drmkaud - ok 15:16:14.0335 10728 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:16:14.0405 10728 DXGKrnl - ok 15:16:14.0478 10728 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:16:14.0528 10728 E1G60 - ok 15:16:14.0554 10728 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:16:14.0597 10728 EapHost - ok 15:16:14.0628 10728 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:16:14.0647 10728 Ecache - ok 15:16:14.0730 10728 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:16:14.0762 10728 ehRecvr - ok 15:16:14.0781 10728 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:16:14.0838 10728 ehSched - ok 15:16:14.0854 10728 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:16:14.0882 10728 ehstart - ok 15:16:14.0929 10728 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:16:14.0948 10728 elxstor - ok 15:16:14.0993 10728 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:16:15.0046 10728 EMDMgmt - ok 15:16:15.0090 10728 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:16:15.0140 10728 ErrDev - ok 15:16:15.0181 10728 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 15:16:15.0242 10728 EventSystem - ok 15:16:15.0280 10728 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 15:16:15.0348 10728 exfat - ok 15:16:15.0383 10728 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:16:15.0419 10728 fastfat - ok 15:16:15.0435 10728 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:16:15.0486 10728 fdc - ok 15:16:15.0516 10728 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:16:15.0541 10728 fdPHost - ok 15:16:15.0553 10728 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:16:15.0598 10728 FDResPub - ok 15:16:15.0607 10728 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:16:15.0621 10728 FileInfo - ok 15:16:15.0635 10728 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:16:15.0679 10728 Filetrace - ok 15:16:15.0698 10728 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:16:15.0732 10728 flpydisk - ok 15:16:15.0771 10728 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:16:15.0787 10728 FltMgr - ok 15:16:15.0846 10728 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 15:16:15.0917 10728 FontCache - ok 15:16:15.0975 10728 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:16:15.0987 10728 FontCache3.0.0.0 - ok 15:16:16.0013 10728 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:16:16.0063 10728 Fs_Rec - ok 15:16:16.0091 10728 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:16:16.0105 10728 gagp30kx - ok 15:16:16.0116 10728 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:16:16.0130 10728 GEARAspiWDM - ok 15:16:16.0152 10728 [ 9E6B5241CB0B11DDDDF162865041D193 ] GpdDevDPort C:\Windows\system32\directport.sys 15:16:16.0173 10728 GpdDevDPort ( UnsignedFile.Multi.Generic ) - warning 15:16:16.0173 10728 GpdDevDPort - detected UnsignedFile.Multi.Generic (1) 15:16:16.0188 10728 [ E48C4E69E2126AAC01888C60CC6ED966 ] GpdKbFilter C:\Windows\system32\kbfiltr.sys 15:16:16.0214 10728 GpdKbFilter ( UnsignedFile.Multi.Generic ) - warning 15:16:16.0214 10728 GpdKbFilter - detected UnsignedFile.Multi.Generic (1) 15:16:16.0256 10728 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 15:16:16.0348 10728 gpsvc - ok 15:16:16.0403 10728 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b622bf6eb280 C:\Program Files\Google\Update\GoogleUpdate.exe 15:16:16.0417 10728 gupdate1c9b622bf6eb280 - ok 15:16:16.0436 10728 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:16:16.0449 10728 gupdatem - ok 15:16:16.0494 10728 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:16:16.0588 10728 HdAudAddService - ok 15:16:16.0634 10728 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:16:16.0696 10728 HDAudBus - ok 15:16:16.0725 10728 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:16:16.0800 10728 HidBth - ok 15:16:16.0819 10728 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 15:16:16.0865 10728 HidIr - ok 15:16:16.0922 10728 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 15:16:16.0968 10728 hidserv - ok 15:16:17.0005 10728 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:16:17.0038 10728 HidUsb - ok 15:16:17.0068 10728 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:16:17.0110 10728 hkmsvc - ok 15:16:17.0131 10728 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:16:17.0144 10728 HpCISSs - ok 15:16:17.0174 10728 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:16:17.0252 10728 HTTP - ok 15:16:17.0303 10728 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:16:17.0325 10728 i2omp - ok 15:16:17.0347 10728 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:16:17.0397 10728 i8042prt - ok 15:16:17.0446 10728 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\drivers\iastor.sys 15:16:17.0475 10728 iaStor - ok 15:16:17.0499 10728 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:16:17.0535 10728 iaStorV - ok 15:16:17.0586 10728 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:16:17.0681 10728 idsvc - ok 15:16:17.0718 10728 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:16:17.0730 10728 iirsp - ok 15:16:17.0813 10728 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 15:16:17.0823 10728 IJPLMSVC - ok 15:16:17.0862 10728 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 15:16:17.0942 10728 IKEEXT - ok 15:16:18.0037 10728 [ 2DEB2538C9372568BB67B5FDF2359790 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:16:18.0207 10728 IntcAzAudAddService - ok 15:16:18.0236 10728 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:16:18.0253 10728 intelide - ok 15:16:18.0266 10728 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:16:18.0291 10728 intelppm - ok 15:16:18.0354 10728 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:16:18.0400 10728 IPBusEnum - ok 15:16:18.0419 10728 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:16:18.0460 10728 IpFilterDriver - ok 15:16:18.0465 10728 IpInIp - ok 15:16:18.0486 10728 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:16:18.0533 10728 IPMIDRV - ok 15:16:18.0549 10728 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:16:18.0589 10728 IPNAT - ok 15:16:18.0630 10728 [ 6E27978A4755F4789F912F5F49392F7C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:16:18.0668 10728 iPod Service - ok 15:16:18.0683 10728 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:16:18.0719 10728 IRENUM - ok 15:16:18.0737 10728 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:16:18.0760 10728 isapnp - ok 15:16:18.0792 10728 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:16:18.0812 10728 iScsiPrt - ok 15:16:18.0825 10728 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:16:18.0840 10728 iteatapi - ok 15:16:18.0848 10728 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:16:18.0863 10728 iteraid - ok 15:16:18.0891 10728 [ C36F3A1A4E8416EF43F30DEAB7701730 ] JRAID C:\Windows\system32\drivers\jraid.sys 15:16:18.0960 10728 JRAID - ok 15:16:19.0003 10728 [ FE8300320281D658A7854D5CFC02A63F ] k750bus C:\Windows\system32\DRIVERS\k750bus.sys 15:16:19.0049 10728 k750bus - ok 15:16:19.0089 10728 [ 81CA2D57B2C14F76F4BA80846784BB3D ] k750obex C:\Windows\system32\DRIVERS\k750obex.sys 15:16:19.0131 10728 k750obex - ok 15:16:19.0152 10728 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:16:19.0173 10728 kbdclass - ok 15:16:19.0192 10728 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:16:19.0232 10728 kbdhid - ok 15:16:19.0261 10728 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 15:16:19.0304 10728 KeyIso - ok 15:16:19.0346 10728 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:16:19.0392 10728 KSecDD - ok 15:16:19.0440 10728 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:16:19.0487 10728 KtmRm - ok 15:16:19.0534 10728 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 15:16:19.0569 10728 LanmanServer - ok 15:16:19.0612 10728 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:16:19.0660 10728 LanmanWorkstation - ok 15:16:19.0694 10728 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:16:19.0748 10728 lltdio - ok 15:16:19.0778 10728 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:16:19.0824 10728 lltdsvc - ok 15:16:19.0846 10728 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:16:19.0902 10728 lmhosts - ok 15:16:19.0927 10728 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:16:19.0953 10728 LSI_FC - ok 15:16:19.0976 10728 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:16:19.0994 10728 LSI_SAS - ok 15:16:20.0011 10728 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:16:20.0037 10728 LSI_SCSI - ok 15:16:20.0056 10728 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:16:20.0105 10728 luafv - ok 15:16:20.0154 10728 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys 15:16:20.0182 10728 MBAMSwissArmy - ok 15:16:20.0224 10728 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe 15:16:20.0262 10728 McComponentHostService - ok 15:16:20.0299 10728 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:16:20.0341 10728 Mcx2Svc - ok 15:16:20.0357 10728 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:16:20.0380 10728 megasas - ok 15:16:20.0408 10728 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:16:20.0448 10728 MegaSR - ok 15:16:20.0478 10728 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:16:20.0518 10728 MMCSS - ok 15:16:20.0535 10728 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:16:20.0583 10728 Modem - ok 15:16:20.0607 10728 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:16:20.0633 10728 monitor - ok 15:16:20.0643 10728 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:16:20.0662 10728 mouclass - ok 15:16:20.0675 10728 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:16:20.0724 10728 mouhid - ok 15:16:20.0746 10728 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:16:20.0761 10728 MountMgr - ok 15:16:20.0807 10728 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:16:20.0830 10728 MozillaMaintenance - ok 15:16:20.0849 10728 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 15:16:20.0872 10728 mpio - ok 15:16:20.0889 10728 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:16:20.0940 10728 mpsdrv - ok 15:16:20.0960 10728 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:16:20.0982 10728 Mraid35x - ok 15:16:21.0010 10728 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:16:21.0053 10728 MRxDAV - ok 15:16:21.0068 10728 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:16:21.0107 10728 mrxsmb - ok 15:16:21.0141 10728 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:16:21.0181 10728 mrxsmb10 - ok 15:16:21.0213 10728 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:16:21.0242 10728 mrxsmb20 - ok 15:16:21.0302 10728 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys 15:16:21.0458 10728 msahci - ok 15:16:21.0495 10728 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:16:21.0550 10728 msdsm - ok 15:16:21.0579 10728 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:16:21.0696 10728 MSDTC - ok 15:16:21.0708 10728 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:16:21.0808 10728 Msfs - ok 15:16:21.0833 10728 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:16:21.0878 10728 msisadrv - ok 15:16:22.0046 10728 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:16:22.0136 10728 MSiSCSI - ok 15:16:22.0140 10728 msiserver - ok 15:16:22.0164 10728 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:16:22.0207 10728 MSKSSRV - ok 15:16:22.0228 10728 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:16:22.0256 10728 MSPCLOCK - ok 15:16:22.0290 10728 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:16:22.0358 10728 MSPQM - ok 15:16:22.0370 10728 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:16:22.0388 10728 MsRPC - ok 15:16:22.0410 10728 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:16:22.0423 10728 mssmbios - ok 15:16:22.0436 10728 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:16:22.0466 10728 MSTEE - ok 15:16:22.0488 10728 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 15:16:22.0503 10728 Mup - ok 15:16:22.0539 10728 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 15:16:22.0576 10728 napagent - ok 15:16:22.0611 10728 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:16:22.0635 10728 NativeWifiP - ok 15:16:22.0665 10728 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:16:22.0690 10728 NDIS - ok 15:16:22.0712 10728 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:16:22.0758 10728 NdisTapi - ok 15:16:22.0775 10728 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:16:22.0810 10728 Ndisuio - ok 15:16:22.0829 10728 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:16:22.0864 10728 NdisWan - ok 15:16:22.0870 10728 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:16:22.0902 10728 NDProxy - ok 15:16:23.0001 10728 [ B044BB341E164DA6750A9B8E6A5FF6A1 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 15:16:23.0067 10728 Nero BackItUp Scheduler 3 - ok 15:16:23.0101 10728 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:16:23.0151 10728 NetBIOS - ok 15:16:23.0183 10728 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:16:23.0235 10728 netbt - ok 15:16:23.0253 10728 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 15:16:23.0272 10728 Netlogon - ok 15:16:23.0300 10728 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:16:23.0332 10728 Netman - ok 15:16:23.0358 10728 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:16:23.0387 10728 netprofm - ok 15:16:23.0418 10728 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:16:23.0441 10728 NetTcpPortSharing - ok 15:16:23.0556 10728 [ 840D89327C45B0CB9E1AB130249046E2 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys 15:16:24.0260 10728 NETw5v32 - ok 15:16:24.0373 10728 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:16:24.0394 10728 nfrd960 - ok 15:16:24.0418 10728 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:16:24.0453 10728 NlaSvc - ok 15:16:24.0532 10728 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 15:16:24.0582 10728 NMIndexingService - ok 15:16:24.0602 10728 Norman NJeeves - ok 15:16:24.0632 10728 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:16:24.0673 10728 Npfs - ok 15:16:24.0698 10728 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:16:24.0743 10728 nsi - ok 15:16:24.0775 10728 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:16:24.0819 10728 nsiproxy - ok 15:16:24.0874 10728 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:16:24.0980 10728 Ntfs - ok 15:16:25.0020 10728 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:16:25.0067 10728 ntrigdigi - ok 15:16:25.0084 10728 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:16:25.0131 10728 Null - ok 15:16:25.0341 10728 [ CEF89AD9AAABF89C9C36C65ADC62F1ED ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:16:25.0788 10728 nvlddmkm - ok 15:16:25.0830 10728 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:16:25.0852 10728 nvraid - ok 15:16:25.0867 10728 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:16:25.0881 10728 nvstor - ok 15:16:25.0910 10728 [ CC0AA0355DED3D34B7D975B6815CF30A ] nvsvc C:\Windows\system32\nvvsvc.exe 15:16:25.0943 10728 nvsvc - ok 15:16:25.0968 10728 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:16:25.0990 10728 nv_agp - ok 15:16:25.0995 10728 NwlnkFlt - ok 15:16:26.0001 10728 NwlnkFwd - ok 15:16:26.0024 10728 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:16:26.0098 10728 ohci1394 - ok 15:16:26.0137 10728 [ B7EDD9FD6387802DFAA795372AECF212 ] OsdService C:\Program Files\OEM\OSD_1.12\OsdService.exe 15:16:26.0156 10728 OsdService ( UnsignedFile.Multi.Generic ) - warning 15:16:26.0156 10728 OsdService - detected UnsignedFile.Multi.Generic (1) 15:16:26.0202 10728 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:16:26.0303 10728 p2pimsvc - ok 15:16:26.0315 10728 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 15:16:26.0347 10728 p2psvc - ok 15:16:26.0372 10728 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:16:26.0456 10728 Parport - ok 15:16:26.0483 10728 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:16:26.0504 10728 partmgr - ok 15:16:26.0519 10728 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:16:26.0580 10728 Parvdm - ok 15:16:26.0610 10728 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:16:26.0666 10728 PcaSvc - ok 15:16:26.0706 10728 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 15:16:26.0725 10728 pci - ok 15:16:26.0826 10728 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 15:16:26.0846 10728 pciide - ok 15:16:26.0865 10728 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:16:26.0879 10728 pcmcia - ok 15:16:26.0935 10728 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:16:27.0039 10728 PEAUTH - ok 15:16:27.0424 10728 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:16:27.0548 10728 pla - ok 15:16:27.0597 10728 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe 15:16:27.0605 10728 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning 15:16:27.0605 10728 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1) 15:16:27.0718 10728 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:16:27.0756 10728 PlugPlay - ok 15:16:27.0791 10728 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:16:27.0816 10728 PNRPAutoReg - ok 15:16:27.0847 10728 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:16:27.0872 10728 PNRPsvc - ok 15:16:27.0900 10728 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:16:27.0978 10728 PolicyAgent - ok 15:16:28.0036 10728 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:16:28.0079 10728 PptpMiniport - ok 15:16:28.0118 10728 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:16:28.0150 10728 Processor - ok 15:16:28.0173 10728 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 15:16:28.0200 10728 ProfSvc - ok 15:16:28.0211 10728 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 15:16:28.0226 10728 ProtectedStorage - ok 15:16:28.0253 10728 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:16:28.0293 10728 PSched - ok 15:16:28.0329 10728 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 15:16:28.0339 10728 PxHelp20 - ok 15:16:28.0377 10728 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:16:28.0501 10728 ql2300 - ok 15:16:28.0523 10728 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:16:28.0544 10728 ql40xx - ok 15:16:28.0573 10728 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:16:28.0606 10728 QWAVE - ok 15:16:28.0630 10728 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:16:28.0658 10728 QWAVEdrv - ok 15:16:28.0704 10728 [ 432F5B15E21A54B48072593F03570326 ] RalinkRegistryWriter C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe 15:16:28.0749 10728 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - warning 15:16:28.0749 10728 RalinkRegistryWriter - detected UnsignedFile.Multi.Generic (1) 15:16:28.0771 10728 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:16:28.0807 10728 RasAcd - ok 15:16:28.0848 10728 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:16:28.0882 10728 RasAuto - ok 15:16:28.0894 10728 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:16:28.0945 10728 Rasl2tp - ok 15:16:29.0006 10728 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 15:16:29.0038 10728 RasMan - ok 15:16:29.0061 10728 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:16:29.0127 10728 RasPppoe - ok 15:16:29.0155 10728 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:16:29.0173 10728 RasSstp - ok 15:16:29.0189 10728 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:16:29.0234 10728 rdbss - ok 15:16:29.0271 10728 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:16:29.0311 10728 RDPCDD - ok 15:16:29.0335 10728 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:16:29.0374 10728 rdpdr - ok 15:16:29.0398 10728 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:16:29.0446 10728 RDPENCDD - ok 15:16:29.0482 10728 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:16:29.0507 10728 RDPWD - ok 15:16:29.0558 10728 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:16:29.0584 10728 RemoteAccess - ok 15:16:29.0613 10728 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:16:29.0636 10728 RemoteRegistry - ok 15:16:29.0680 10728 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:16:29.0730 10728 RpcLocator - ok 15:16:29.0760 10728 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 15:16:29.0791 10728 RpcSs - ok 15:16:29.0852 10728 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:16:29.0883 10728 rspndr - ok 15:16:29.0918 10728 [ 8CCA591019216E9523E3CB385CE643E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 15:16:29.0985 10728 RTL8169 - ok 15:16:30.0059 10728 [ 69013A123A00B3042C260B0056DF0152 ] s1029bus C:\Windows\system32\DRIVERS\s1029bus.sys 15:16:30.0082 10728 s1029bus - ok 15:16:30.0112 10728 [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl C:\Windows\system32\DRIVERS\s1029mdfl.sys 15:16:30.0126 10728 s1029mdfl - ok 15:16:30.0165 10728 [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm C:\Windows\system32\DRIVERS\s1029mdm.sys 15:16:30.0185 10728 s1029mdm - ok 15:16:30.0216 10728 [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt C:\Windows\system32\DRIVERS\s1029mgmt.sys 15:16:30.0235 10728 s1029mgmt - ok 15:16:30.0264 10728 [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5 C:\Windows\system32\DRIVERS\s1029nd5.sys 15:16:30.0279 10728 s1029nd5 - ok 15:16:30.0308 10728 [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex C:\Windows\system32\DRIVERS\s1029obex.sys 15:16:30.0326 10728 s1029obex - ok 15:16:30.0357 10728 [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic C:\Windows\system32\DRIVERS\s1029unic.sys 15:16:30.0368 10728 s1029unic - ok 15:16:30.0398 10728 [ D7A84EF8F953A2D704580E4E73E00011 ] s716bus C:\Windows\system32\DRIVERS\s716bus.sys 15:16:30.0416 10728 s716bus - ok 15:16:30.0461 10728 [ C5B509CDEEB733EFAFADC2D93BC77712 ] s716mdfl C:\Windows\system32\DRIVERS\s716mdfl.sys 15:16:30.0475 10728 s716mdfl - ok 15:16:30.0501 10728 [ DC3DEC64860878540B374DC7D15D921F ] s716mdm C:\Windows\system32\DRIVERS\s716mdm.sys 15:16:30.0523 10728 s716mdm - ok 15:16:30.0544 10728 [ CC6C212585891614CC2059BA48D27A86 ] s716obex C:\Windows\system32\DRIVERS\s716obex.sys 15:16:30.0569 10728 s716obex - ok 15:16:30.0591 10728 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 15:16:30.0608 10728 SamSs - ok 15:16:30.0633 10728 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:16:30.0656 10728 sbp2port - ok 15:16:30.0682 10728 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:16:30.0710 10728 SCardSvr - ok 15:16:30.0748 10728 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 15:16:30.0831 10728 Schedule - ok 15:16:30.0871 10728 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:16:30.0896 10728 SCPolicySvc - ok 15:16:30.0911 10728 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:16:30.0984 10728 SDRSVC - ok 15:16:31.0017 10728 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:16:31.0109 10728 secdrv - ok 15:16:31.0126 10728 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:16:31.0161 10728 seclogon - ok 15:16:31.0178 10728 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 15:16:31.0212 10728 SENS - ok 15:16:31.0269 10728 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:16:31.0342 10728 Serenum - ok 15:16:31.0359 10728 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:16:31.0415 10728 Serial - ok 15:16:31.0435 10728 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:16:31.0463 10728 sermouse - ok 15:16:31.0501 10728 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:16:31.0528 10728 SessionEnv - ok 15:16:31.0548 10728 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:16:31.0572 10728 sffdisk - ok 15:16:31.0589 10728 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:16:31.0632 10728 sffp_mmc - ok 15:16:31.0653 10728 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:16:31.0695 10728 sffp_sd - ok 15:16:31.0713 10728 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:16:31.0777 10728 sfloppy - ok 15:16:31.0835 10728 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:16:31.0884 10728 ShellHWDetection - ok 15:16:31.0910 10728 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:16:31.0925 10728 sisagp - ok 15:16:31.0939 10728 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:16:31.0958 10728 SiSRaid2 - ok 15:16:31.0979 10728 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:16:32.0001 10728 SiSRaid4 - ok 15:16:32.0040 10728 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 15:16:32.0100 10728 SkypeUpdate - ok 15:16:32.0204 10728 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 15:16:32.0382 10728 slsvc - ok 15:16:32.0416 10728 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:16:32.0444 10728 SLUINotify - ok 15:16:32.0502 10728 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:16:32.0548 10728 Smb - ok 15:16:32.0599 10728 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:16:32.0635 10728 SNMPTRAP - ok 15:16:32.0677 10728 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:16:32.0694 10728 spldr - ok 15:16:32.0732 10728 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 15:16:32.0761 10728 Spooler - ok 15:16:32.0791 10728 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:16:32.0827 10728 srv - ok 15:16:32.0853 10728 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:16:32.0895 10728 srv2 - ok 15:16:32.0923 10728 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:16:32.0957 10728 srvnet - ok 15:16:33.0005 10728 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:16:33.0050 10728 SSDPSRV - ok 15:16:33.0071 10728 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 15:16:33.0084 10728 ssmdrv - ok 15:16:33.0105 10728 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:16:33.0122 10728 SstpSvc - ok 15:16:33.0162 10728 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 15:16:33.0187 10728 stisvc - ok 15:16:33.0222 10728 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:16:33.0243 10728 swenum - ok 15:16:33.0273 10728 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 15:16:33.0324 10728 swprv - ok 15:16:33.0343 10728 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:16:33.0366 10728 Symc8xx - ok 15:16:33.0383 10728 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:16:33.0403 10728 Sym_hi - ok 15:16:33.0422 10728 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:16:33.0437 10728 Sym_u3 - ok 15:16:33.0481 10728 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 15:16:33.0551 10728 SysMain - ok 15:16:33.0584 10728 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:16:33.0626 10728 TabletInputService - ok 15:16:33.0660 10728 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:16:33.0704 10728 TapiSrv - ok 15:16:33.0726 10728 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:16:33.0773 10728 TBS - ok 15:16:33.0828 10728 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:16:33.0931 10728 Tcpip - ok 15:16:33.0999 10728 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:16:34.0060 10728 Tcpip6 - ok 15:16:34.0090 10728 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:16:34.0147 10728 tcpipreg - ok 15:16:34.0177 10728 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:16:34.0216 10728 TDPIPE - ok 15:16:34.0245 10728 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:16:34.0274 10728 TDTCP - ok 15:16:34.0311 10728 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:16:34.0331 10728 tdx - ok 15:16:34.0354 10728 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:16:34.0374 10728 TermDD - ok 15:16:34.0403 10728 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 15:16:34.0489 10728 TermService - ok 15:16:34.0557 10728 [ 250B9120C7C103AFDC0C6643F9691055 ] TestHandler C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe 15:16:34.0579 10728 TestHandler ( UnsignedFile.Multi.Generic ) - warning 15:16:34.0579 10728 TestHandler - detected UnsignedFile.Multi.Generic (1) 15:16:34.0649 10728 [ A56EC942ECABFB7849BFA76060F929FB ] TfFsMon C:\Windows\system32\drivers\TfFsMon.sys 15:16:34.0662 10728 TfFsMon - ok 15:16:34.0698 10728 [ 917EF522563F6047685486EFA486FB3C ] TfNetMon C:\Windows\system32\drivers\TfNetMon.sys 15:16:34.0715 10728 TfNetMon - ok 15:16:34.0758 10728 [ 57EDBB5FE7FF09BB21121D13BB950BA5 ] TfSysMon C:\Windows\system32\drivers\TfSysMon.sys 15:16:34.0771 10728 TfSysMon - ok 15:16:34.0793 10728 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 15:16:34.0815 10728 Themes - ok 15:16:34.0831 10728 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:16:34.0864 10728 THREADORDER - ok 15:16:34.0868 10728 ThreatFire - ok 15:16:34.0898 10728 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:16:34.0926 10728 TrkWks - ok 15:16:34.0978 10728 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:16:35.0018 10728 TrustedInstaller - ok 15:16:35.0056 10728 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:16:35.0099 10728 tssecsrv - ok 15:16:35.0120 10728 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:16:35.0167 10728 tunmp - ok 15:16:35.0187 10728 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:16:35.0215 10728 tunnel - ok 15:16:35.0232 10728 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:16:35.0251 10728 uagp35 - ok 15:16:35.0283 10728 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:16:35.0311 10728 udfs - ok 15:16:35.0339 10728 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:16:35.0374 10728 UI0Detect - ok 15:16:35.0397 10728 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:16:35.0422 10728 uliagpkx - ok 15:16:35.0445 10728 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:16:35.0465 10728 uliahci - ok 15:16:35.0484 10728 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:16:35.0509 10728 UlSata - ok 15:16:35.0534 10728 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:16:35.0551 10728 ulsata2 - ok 15:16:35.0564 10728 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:16:35.0616 10728 umbus - ok 15:16:35.0705 10728 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys 15:16:35.0730 10728 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 15:16:35.0730 10728 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 15:16:35.0767 10728 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:16:35.0826 10728 upnphost - ok 15:16:35.0851 10728 USBAAPL - ok 15:16:35.0878 10728 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:16:35.0920 10728 usbccgp - ok 15:16:35.0957 10728 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:16:36.0038 10728 usbcir - ok 15:16:36.0062 10728 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:16:36.0098 10728 usbehci - ok 15:16:36.0127 10728 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:16:36.0167 10728 usbhub - ok 15:16:36.0180 10728 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:16:36.0238 10728 usbohci - ok 15:16:36.0267 10728 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:16:36.0304 10728 usbprint - ok 15:16:36.0335 10728 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:16:36.0368 10728 usbscan - ok 15:16:36.0412 10728 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:16:36.0439 10728 USBSTOR - ok 15:16:36.0457 10728 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:16:36.0496 10728 usbuhci - ok 15:16:36.0528 10728 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:16:36.0572 10728 usbvideo - ok 15:16:36.0608 10728 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 15:16:36.0655 10728 UxSms - ok 15:16:36.0694 10728 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 15:16:36.0731 10728 vds - ok 15:16:36.0743 10728 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:16:36.0780 10728 vga - ok 15:16:36.0795 10728 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:16:36.0839 10728 VgaSave - ok 15:16:36.0854 10728 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:16:36.0873 10728 viaagp - ok 15:16:36.0892 10728 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:16:36.0923 10728 ViaC7 - ok 15:16:36.0941 10728 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:16:36.0959 10728 viaide - ok 15:16:36.0975 10728 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:16:36.0989 10728 volmgr - ok 15:16:37.0020 10728 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:16:37.0041 10728 volmgrx - ok 15:16:37.0071 10728 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:16:37.0090 10728 volsnap - ok 15:16:37.0116 10728 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:16:37.0137 10728 vsmraid - ok 15:16:37.0187 10728 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 15:16:37.0272 10728 VSS - ok 15:16:37.0299 10728 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 15:16:37.0329 10728 W32Time - ok 15:16:37.0348 10728 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:16:37.0413 10728 WacomPen - ok 15:16:37.0426 10728 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:16:37.0470 10728 Wanarp - ok 15:16:37.0474 10728 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:16:37.0496 10728 Wanarpv6 - ok 15:16:37.0521 10728 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:16:37.0564 10728 wcncsvc - ok 15:16:37.0622 10728 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:16:37.0645 10728 WcsPlugInService - ok 15:16:37.0673 10728 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:16:37.0692 10728 Wd - ok 15:16:37.0721 10728 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:16:37.0761 10728 Wdf01000 - ok 15:16:37.0774 10728 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:16:37.0832 10728 WdiServiceHost - ok 15:16:37.0835 10728 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:16:37.0864 10728 WdiSystemHost - ok 15:16:37.0893 10728 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 15:16:37.0932 10728 WebClient - ok 15:16:37.0955 10728 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:16:38.0006 10728 Wecsvc - ok 15:16:38.0030 10728 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:16:38.0078 10728 wercplsupport - ok 15:16:38.0113 10728 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 15:16:38.0142 10728 WerSvc - ok 15:16:38.0149 10728 WinHttpAutoProxySvc - ok 15:16:38.0204 10728 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:16:38.0230 10728 Winmgmt - ok 15:16:38.0282 10728 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:16:38.0387 10728 WinRM - ok 15:16:38.0443 10728 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:16:38.0527 10728 Wlansvc - ok 15:16:38.0556 10728 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:16:38.0579 10728 WmiAcpi - ok 15:16:38.0618 10728 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:16:38.0639 10728 wmiApSrv - ok 15:16:38.0702 10728 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:16:38.0818 10728 WMPNetworkSvc - ok 15:16:38.0826 10728 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:16:38.0892 10728 WPCSvc - ok 15:16:38.0942 10728 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:16:38.0973 10728 WPDBusEnum - ok 15:16:39.0008 10728 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 15:16:39.0031 10728 WpdUsb - ok 15:16:39.0132 10728 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:16:39.0177 10728 WPFFontCache_v0400 - ok 15:16:39.0214 10728 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:16:39.0272 10728 ws2ifsl - ok 15:16:39.0276 10728 WSearch - ok 15:16:39.0364 10728 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:16:39.0570 10728 wuauserv - ok 15:16:39.0646 10728 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:16:39.0683 10728 WudfPf - ok 15:16:39.0747 10728 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:16:39.0775 10728 WUDFRd - ok 15:16:39.0822 10728 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:16:39.0842 10728 wudfsvc - ok 15:16:39.0852 10728 ================ Scan global =============================== 15:16:39.0913 10728 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:16:39.0947 10728 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:16:39.0969 10728 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:16:40.0001 10728 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 15:16:40.0005 10728 [Global] - ok 15:16:40.0006 10728 ================ Scan MBR ================================== 15:16:40.0024 10728 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 15:16:40.0746 10728 \Device\Harddisk0\DR0 - ok 15:16:40.0746 10728 ================ Scan VBR ================================== 15:16:40.0749 10728 [ 1F9CCAC58E67F66B2676906E14044B77 ] \Device\Harddisk0\DR0\Partition1 15:16:40.0751 10728 \Device\Harddisk0\DR0\Partition1 - ok 15:16:40.0782 10728 [ 2E8119675E5F4A5D83E35072BAE43E85 ] \Device\Harddisk0\DR0\Partition2 15:16:40.0784 10728 \Device\Harddisk0\DR0\Partition2 - ok 15:16:40.0784 10728 ============================================================ 15:16:40.0784 10728 Scan finished 15:16:40.0784 10728 ============================================================ 15:16:40.0793 10612 Detected object count: 7 15:16:40.0793 10612 Actual detected object count: 7 15:17:34.0072 10612 GpdDevDPort ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0072 10612 GpdDevDPort ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0075 10612 GpdKbFilter ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0075 10612 GpdKbFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0076 10612 OsdService ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0076 10612 OsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0078 10612 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0078 10612 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0079 10612 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0080 10612 RalinkRegistryWriter ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0081 10612 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0082 10612 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:34.0083 10612 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:34.0083 10612 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
10.01.2013, 15:21
| #8 | |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 16:50
| #9 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung ich weiß leider nicht, ob ich das antivir deaktivieren konnte. hab es einfach gelöscht. weiß nicht, wie man das deaktiviert. das ist die combotix logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-08.01 - Martin 10.01.2013 16:27:37.1.2 - x86
6.0.6002.2.1252.49.1031.18.3066.1795 [GMT 1:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll
c:\programdata\ism_0_llatsni.pad
C:\swidjuwadj.exe
c:\swidjuwadj.exe\config.bin
c:\users\Martin\AppData\Local\yeeggys.dat
c:\users\Martin\AppData\Local\yeeggys_nav.dat
c:\users\Martin\AppData\Local\yeeggys_navps.dat
c:\users\Martin\Documents\~WRL0004.tmp
c:\users\Martin\Documents\~WRL3869.tmp
c:\users\Martin\wgsdgsdgdsgsd.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-10 bis 2013-01-10 ))))))))))))))))))))))))))))))
.
.
2013-01-10 15:33 . 2013-01-10 15:42 -------- d-----w- c:\users\Martin\AppData\Local\temp
2013-01-09 12:38 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 12:37 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 12:37 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-05 20:56 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-22 08:36 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:36 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 20:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AC4C787-0801-42BF-9E22-DB43F7AEE9CF}\mpengine.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-12-14 02:06 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-14 02:06 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-14 02:06 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-14 02:06 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2012-12-14 02:06 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-14 02:06 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-14 02:06 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-14 02:06 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-14 02:06 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-14 02:06 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-14 02:06 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 08:34 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 08:34 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-13 08:34 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 08:34 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 13:18 . 2012-05-01 16:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 13:18 . 2011-09-05 08:53 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
2012-12-06 13:52 . 2012-12-06 13:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-05-04 992256]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2008-05-29 381200]
.
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Business - English Newsfeed.lnk - c:\program files\digital publishing\FEEDBTE_11_999999\dpFeeds.exe [N/A]
Dropbox.lnk - c:\users\Martin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2008-10-6 1777664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk003B7DF6.startup
backupExtension=003B7DF6.startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-05-08 08:59 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sidebar.exe]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"dcomnatt"=rundll32 "c:\users\Martin\AppData\Local\Temp\ipcoPost.dll",ClientDllStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:18]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 19:14]
.
2013-01-10 c:\windows\Tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job
- c:\windows\system32\msfeedssync.exe [2011-04-10 19:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - Nachrichten / HAZ - Hannoversche Allgemeine
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query=
FF - ExtSQL: 2012-11-22 08:20; toolbar@ask.com; c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-11-22 08:59; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 6c5113300000000000000016eaae499c
FF - user.js: extensions.Softonic.instlDay - 15469
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.010:25
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-10 16:43
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3412)
c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\OEM\OSD_1.12\OsdService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Ralink\Common\RalinkRegistryWriter.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-10 16:46:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-10 15:46
.
Vor Suchlauf: 2.699.440.128 Bytes frei
Nach Suchlauf: 2.910.547.968 Bytes frei
.
- - End Of File - - 0DBA23DC6213BFE47A34A3360F18CBAE
|
|
10.01.2013, 17:31
| #10 |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung Hi und hier nachfragen war zu anstrengend? einfach avira schirm rechtsklick, deaktivieren. Reinstaliere Avira wieder. hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
c:\users\Martin\AppData\Local\Temp\ipcoPost.dll
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 20:00
| #11 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung d.h. den haken hinter echtzeitscanner entfernen? All processes killed ========== OTL ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Martin ->Flash cache emptied: 877 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Martin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1099004 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5882791 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 7,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01102013_200219 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... das ist die textdatei |
|
10.01.2013, 20:36
| #12 |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung Ja, genau lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 08:42
| #13 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung hallo ... hier die liste - ich hoffe ich hab das richtig gemacht. viele programme sagen mir einfach nichts, was wahrscheinlich nicht heißt, dass man sie nicht braucht oder haben muss. Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 11.5.502.146 notwendig Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 10.01.2013 120MB 10.1.5 notwendig Adobe® Photoshop® Album Starter Edition 3.0 Adobe Systems, Inc. 11.02.2009 16,3MB 3.00.000 unnötig Apple Application Support Apple Inc. 23.11.2010 52,7MB 1.4.1 unnötig Apple Software Update Apple Inc. 15.03.2009 2,15MB 2.1.1.116 unnötig Avira Free Antivirus Avira 10.01.2013 198MB 13.0.0.2890 notwendig Avira SearchFree Toolbar plus Web Protection Ask.com 10.01.2013 10,1MB 1.15.13.0 notwendig Avira SearchFree Toolbar plus Web Protection Updater Ask.com 10.01.2013 1,54MB 1.2.3.33021 notwendig Bonjour Apple Inc. 23.11.2010 990KB 2.0.4.0 unbekannt Canon MP Navigator EX 1.2 14.01.2009 65,7MB notwendig Canon MP190 series Benutzerregistrierung 14.01.2009 532KB notwendig Canon MP190 series MP Drivers 14.01.2009 notwendig Canon My Printer 14.01.2009 2,14MB notwendig Canon Utilities Easy-PhotoPrint EX 14.01.2009 207MB notwendig Canon Utilities Solution Menu 14.01.2009 1,59MB notwendig CCleaner Piriform 19.12.2012 4,85MB 3.26 notwendig Cisco EAP-FAST Module Cisco Systems, Inc. 06.10.2008 1,04MB 2.1.6 unbekannt Cisco LEAP Module Cisco Systems, Inc. 06.10.2008 1,04MB 1.0.12 unbekannt Cisco PEAP Module Cisco Systems, Inc. 06.10.2008 868KB 1.0.13 unbekannt CutePDF Writer 2.5 14.05.2009 notwendig Defraggler Piriform 29.05.2011 4,15MB 2.05 notwendig DivX Plus DirectShow Filters DivX, Inc. 04.03.2011 1,21MB unnötig Download Updater (AOL LLC) 17.01.2012 unnötig Dropbox Dropbox, Inc. 04.01.2013 23,9MB 1.6.11 notwendig ElsterFormular Landesfinanzdirektion Thüringen 29.06.2010 141MB 11.5.0.4546 notwendig Favorit 03.03.2009 unbekannt Free PDF to Word Doc Converter v1.1 Free PDF to Word Doc Converter - easy and powerful pdf converter software. 16.07.2009 2,73MB 1.1 notwendig FSCLounge Fujitsu Siemens Computers 06.10.2008 8,47MB 1.0.0 notwendig Fujitsu Siemens Computers Recovery Fujitsu Siemens Computers 06.10.2008 7,05MB 1.3.8 notwendig Google Chrome Google Inc. 05.04.2009 53,6MB 23.0.1271.97 notwendig Google Earth Plug-in Google 16.11.2011 40,9MB 6.1.0.5001 notwendig Inkjet Printer/Scanner Extended Survey Program 14.01.2009 968KB notwendig Interaktive Sprachreise - Vokabeltrainer English digital publishing AG 22.11.2012 649MB notwendig iTunes Apple Inc. 03.01.2011 144MB 10.1.1.4 notwendig Java 7 Update 10 Oracle 06.09.2012 128MB 7.0.100 notwendig Java(TM) 6 Update 27 Sun Microsystems, Inc. 11.12.2008 94,3MB 6.0.270 unbekannt Java(TM) 6 Update 7 Sun Microsystems, Inc. 07.10.2008 136MB 1.6.0.70 unbekannt jv16 PowerTools 2012 Macecraft Software 01.09.2012 2,78GB unbekannt Luxor Amun Rising (remove only) 06.10.2008 18,0MB unnötig Mahjong Towers Eternity EU (remove only) 06.10.2008 15,6MB unnötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.08.2009 36,9MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.07.2009 27,8MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120MB 4.0.30319 unbekannt Microsoft Office 2000 SR-1 Premium Microsoft Corporation 11.01.2009 219MB 9.00.3821 notwendig Microsoft PhotoDraw 2000 V2 Microsoft Corporation 11.01.2009 106MB 2.00.00.1429 notwendig Microsoft Silverlight Microsoft Corporation 11.05.2012 29,0MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.11.2009 1,74MB 3.1.0000 unbekannt Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 25.11.2009 624KB 1.0.1215.0 unbekannt Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 25.11.2009 1,44MB 1.0.1215.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 30.07.2009 251KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 294KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 05.11.2009 199KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 01.05.2011 592KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 25.05.2012 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.11.2009 586KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 17.04.2010 589KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.02.2012 11,1MB 10.0.40219 unbekannt Microsoft Works Microsoft Corporation 12.10.2012 376MB 9.7.0621 notwendig MobileMe Control Panel Apple Inc. 03.01.2011 11,9MB 3.1.5.0 unnötig Move Networks Media Player for Internet Explorer 02.08.2009 1,09MB unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 09.12.2012 42,7MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 09.12.2012 216KB 17.0.1 unbekannt MSXML 4.0 SP2 (KB936181) Microsoft Corporation 07.10.2008 1,26MB 4.20.9848.0 unbekannt MSXML 4.0 SP2 (KB941833) Microsoft Corporation 08.10.2008 1,26MB 4.20.9849.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,33MB 4.20.9876.0 unbekannt Nero 8 Essentials Nero AG 03.07.2008 1,71GB 8.3.161 notwendig NVIDIA Drivers 03.11.2009 unbekannt OpenOffice.org Installer 1.0 Sun Microsystems 07.10.2008 2,38MB 1.0.9221 unbekannt OSD_1.12 OEM 06.10.2008 1,23MB 1.0.0 notwendig PDFCreator Frank Heindörfer, Philip Chinery 14.05.2009 21,4MB 0.9.8 notwendig pdfforge Toolbar v1.0 GreenTree Applications, Inc. 14.05.2009 2,74MB 1.00.0000 unbekannt PlayStation(R)Network Downloader Sony Computer Entertainment Inc. 17.04.2010 662KB 2.00.00005 unbekannt PlayStation(R)Store Sony Computer Entertainment Inc. 17.04.2010 3,21MB 2.7.6.06777 unbekannt QuickStores-Toolbar 1.1.0 AB-Tools.com 22.11.2012 988KB 1.1.0 unbekannt Ralink Wireless LAN Ralink 10.10.2008 7,87MB 1.0.3.0 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.07.2008 notwendig Skype Toolbars Skype Technologies S.A. 16.07.2011 7,69MB 5.3.7555 notwendig Skype™ 5.10 Skype Technologies S.A. 13.09.2012 19,4MB 5.10.116 notwendig SopCast 3.5.0 SopCast - Free P2P internet TV | live football, NBA, cricket 13.03.2012 9,01MB 3.5.0 notwendig SystemDiagnostics Fujitsu Siemens Computers 14.01.2009 18,8MB 2.02.0004 notwendig Ulead Photo Explorer 6.0 11.02.2009 1,04MB unbekannt Unlocker 1.9.1 Cedrick Collomb 22.11.2012 248KB 1.9.1 notwendig Virtual Villagers (remove only) 06.10.2008 20,0MB unbekannt VLC media player 2.0.2 VideoLAN 09.08.2012 49,0MB 2.0.2 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 23.05.2009 1,93MB 5.000.818.5 notwendig Windows Live Essentials Microsoft Corporation 25.11.2009 44,0MB 14.0.8089.0726 unbekannt Windows Live Sync Microsoft Corporation 25.11.2009 2,79MB 14.0.8089.726 unbekannt Windows Live-Uploadtool Microsoft Corporation 23.05.2009 225KB 14.0.8014.1029 unbekannt WinRAR 07.10.2008 3,72MB notwendig Xilisoft MKV Converter 6 Xilisoft 25.05.2012 89,8MB 6.0.3.0419 unbekannt bin jetzt erst mal ne woche im skiurlaub können wir ab dem 20. weitermachen?! danke!!!! |
|
11.01.2013, 16:25
| #14 |
| /// Malware-holic | GVU Trojaner mit 100€ Paysafecard, Computersperrung deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe® Photoshop® Avira SearchFree : beide bitte keine Toolbars verwenden, Zusatzrisiko, und verlangsamen den Browser. DivX Download Updater Favorit Java(TM) 6 : beide Luxor Mahjong Move OpenOffice pdfforge PlayStation: beide Skype Toolbars Virtual Villagers Windows Live : alle für dich unnötigen. öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
ps: schönen Urlaub
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 08:24
| #15 |
| | GVU Trojaner mit 100€ Paysafecard, Computersperrung hallo ... bin ausm skiurlaub zurück. war schön. weiter gehts hier ... hab alles so gemacht wie du geschrieben hast - hoffentlich richtig. nachfolgend die textdatei vom adwcleaner # AdwCleaner v2.106 - Datei am 21/01/2013 um 08:22:39 erstellt # Aktualisiert am 17/01/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Martin - MARTIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner06.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url Datei Gefunden : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\aol-web-search.xml Datei Gefunden : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\Askcom.xml Ordner Gefunden : C:\Program Files\ICQ6Toolbar Ordner Gefunden : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de Ordner Gefunden : C:\Program Files\Softonic Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar Ordner Gefunden : C:\Users\Martin\AppData\Local\APN Ordner Gefunden : C:\Users\Martin\AppData\Roaming\OpenCandy Ordner Gefunden : C:\Users\Martin\AppData\Roaming\QuickStoresToolbar Ordner Gefunden : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuickStores-Toolbar_is1 Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1 Schlüssel Gefunden : HKU\S-1-5-21-825052527-3090018616-2224713232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gefunden : HKU\S-1-5-21-825052527-3090018616-2224713232-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\prefs.js Gefunden : user_pref("aol_toolbar.surf.date", "40"); Gefunden : user_pref("aol_toolbar.surf.lastDate", "21"); Gefunden : user_pref("aol_toolbar.surf.lastMonth", "4"); Gefunden : user_pref("aol_toolbar.surf.lastYear", "2012"); Gefunden : user_pref("aol_toolbar.surf.month", "961"); Gefunden : user_pref("aol_toolbar.surf.prevMonth", "6217"); Gefunden : user_pref("aol_toolbar.surf.total", "18183"); Gefunden : user_pref("aol_toolbar.surf.week", "60"); Gefunden : user_pref("aol_toolbar.surf.year", "18129"); Gefunden : user_pref("browser.search.defaultengine", "Ask.com"); Gefunden : user_pref("browser.search.defaultenginename", "Ask.com"); Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...] Gefunden : user_pref("browser.search.order.1", "Ask.com"); Gefunden : user_pref("browser.search.selectedEngine", "Ask.com"); Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...] Gefunden : user_pref("extensions.Softonic.admin", false); Gefunden : user_pref("extensions.Softonic.aflt", "orgnl"); Gefunden : user_pref("extensions.Softonic.autoRvrt", "false"); Gefunden : user_pref("extensions.Softonic.cntry", "DE"); Gefunden : user_pref("extensions.Softonic.cv", "cv5"); Gefunden : user_pref("extensions.Softonic.dfltLng", ""); Gefunden : user_pref("extensions.Softonic.dfltSrch", false); Gefunden : user_pref("extensions.Softonic.dfltlng", "en"); Gefunden : user_pref("extensions.Softonic.dfltsrch", "false"); Gefunden : user_pref("extensions.Softonic.envrmnt", "production"); Gefunden : user_pref("extensions.Softonic.excTlbr", false); Gefunden : user_pref("extensions.Softonic.firsttimeinstallation", "true"); Gefunden : user_pref("extensions.Softonic.hdrMd5", "FAE09E3D96B7DCBB6C124CF3D05271A8"); Gefunden : user_pref("extensions.Softonic.hmpg", false); Gefunden : user_pref("extensions.Softonic.hrdid", "6c5113300000000000000016eaae499c"); Gefunden : user_pref("extensions.Softonic.id", "6c5113300000000000000016eaae499c"); Gefunden : user_pref("extensions.Softonic.instlDay", "15469"); Gefunden : user_pref("extensions.Softonic.instlRef", "MON00001"); Gefunden : user_pref("extensions.Softonic.instlday", "15469"); Gefunden : user_pref("extensions.Softonic.instlref", "MON00001"); Gefunden : user_pref("extensions.Softonic.isdcmntcmplt", false); Gefunden : user_pref("extensions.Softonic.keywordurl", ""); Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.5.21.010:25:25"); Gefunden : user_pref("extensions.Softonic.local_cookie_stats_stats_site_irrelevant", 2); Gefunden : user_pref("extensions.Softonic.local_cookie_stats_stats_site_not_supported", 1); Gefunden : user_pref("extensions.Softonic.local_cookie_stats_stats_site_supported", 24); Gefunden : user_pref("extensions.Softonic.logicsmngrdailyreporttime", "05-07-2012"); Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Gefunden : user_pref("extensions.Softonic.newTab", false); Gefunden : user_pref("extensions.Softonic.newtab", "false"); Gefunden : user_pref("extensions.Softonic.newtaburl", ""); Gefunden : user_pref("extensions.Softonic.prdct", "Softonic"); Gefunden : user_pref("extensions.Softonic.propectorlck", 86079701); Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic"); Gefunden : user_pref("extensions.Softonic.prtnrid", "softonic"); Gefunden : user_pref("extensions.Softonic.savedVrsnTs", "1"); Gefunden : user_pref("extensions.Softonic.sg", "tz"); Gefunden : user_pref("extensions.Softonic.similarsitesstorage-pid2", "a9f6089b0f625d56"); Gefunden : user_pref("extensions.Softonic.smplGrp", "none"); Gefunden : user_pref("extensions.Softonic.smplgrp", "none"); Gefunden : user_pref("extensions.Softonic.srch", ""); Gefunden : user_pref("extensions.Softonic.srchprvdr", ""); Gefunden : user_pref("extensions.Softonic.tlbrId", "base"); Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.Softonic.tlbrid", "base"); Gefunden : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.Softonic.vrsn", "1.5.21.0"); Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.5.21.010:25:25"); Gefunden : user_pref("extensions.Softonic.vrsni", "1.5.21.0"); Gefunden : user_pref("extensions.Softonic.vrsnts", "1.5.21.010:25:25"); Gefunden : user_pref("extensions.Softonic_i.newTab", false); Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none"); Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.010:25:25"); Gefunden : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocati[...] -\\ Google Chrome v24.0.1312.52 Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.660] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE", ************************* AdwCleaner[R1].txt - [9167 octets] - [21/01/2013 08:22:39] ########## EOF - C:\AdwCleaner[R1].txt - [9227 octets] ########## |
|
| Themen zu GVU Trojaner mit 100€ Paysafecard, Computersperrung |
| 100€ paysafecard, compu, computersperrung, gvu trojaner, paysafecard, troja, trojaner |
Linear-Darstellung
