| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner blockiert abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.07.2013, 12:48
| #1 |
| |  GVU Trojaner blockiert abgesicherten Modus Hallo @all, Habe seit eben einen sehr hartnäckigen Vertreter des GVU Trojaners auf meinem PC. Abgesicherter Modus wird sofort wieder "Heruntergefahren". Hab mir grade schon OTLPENet.exe auf eine CD gebrannt und einen Scan durchlaufen lassen. Hier der Inhalt der OTL.txt Datei was kann ich nun tun? Code:
ATTFilter OTL logfile created on: 7/29/2013 3:35:02 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 100.00 Mb Total Space | 74.19 Mb Free Space | 74.19% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 88.13 Gb Free Space | 90.24% Space Free | Partition Type: NTFS
Drive E: | 119.53 Mb Total Space | 58.87 Mb Free Space | 49.25% Space Free | Partition Type: FAT32
Drive F: | 292.97 Gb Total Space | 197.10 Gb Free Space | 67.28% Space Free | Partition Type: NTFS
Drive G: | 540.79 Gb Total Space | 365.79 Gb Free Space | 67.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - [2013/06/19 19:15:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/06/12 12:57:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto] -- F:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/02/28 12:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto] -- F:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/08 06:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- F:\Program Files\StarMoney 7.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2010/09/20 19:15:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/28 02:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto] -- F:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/07 12:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- F:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (dgderdrv)
DRV - [2013/06/19 12:50:40 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot] -- F:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/22 12:14:18 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130728.020\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 12:14:18 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130728.020\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- F:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,339,544 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS -- (SymNetS)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/03/26 15:27:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/03/26 15:27:47 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/12/04 22:06:12 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System] -- F:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130726.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/28 19:57:26 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 01:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 01:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 01:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 01:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/15 04:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/09/06 13:51:55 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- F:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/07/27 02:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2010/07/27 02:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 02:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 12:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/26 22:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010/04/26 22:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2010/04/26 22:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2009/09/28 04:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- F:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/06 14:00:00 | 000,906,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- F:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- F:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2004/08/13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/29 10:29:58 | 000,211,072 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\RT2500.sys -- (RT2500)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- F:\Windows\System32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\PG_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 9B 07 62 D4 8B CE 01 [binary data]
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\PG_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: F:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: F:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: F:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: F:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: F:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: F:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: F:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/07/29 06:41:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 19:40:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2012/12/08 08:39:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/31 19:55:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/14 12:23:29 | 000,000,000 | ---D | M]
[2013/02/14 12:14:25 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files\Mozilla Firefox\extensions
[2012/01/29 12:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 10:02:49 | 000,001,392 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 09:50:55 | 000,002,252 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 10:02:49 | 000,001,153 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 10:02:49 | 000,006,805 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 10:02:49 | 000,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 10:02:49 | 000,001,105 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/01/09 19:02:53 | 000,428,601 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14755 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - F:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKU\PG_ON_F\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - F:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] F:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] F:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] F:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser] F:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [IJNetworkScanUtility] F:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] F:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LWS] F:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] F:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\PG_ON_F..\Run: [AdobeBridge] File not found
O4 - HKU\PG_ON_F..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] F:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\PG_ON_F..\Run: [KiesHelper] F:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\PG_ON_F..\Run: [KiesPDLR] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\PG_ON_F..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] F:\Users\PG\AppData\Local\Temp\gysfsrsacvhhtsltp.exe ()
O4 - HKLM..\RunOnce: [*WerKernelReporting] F:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] F:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - F:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\PG_ON_F Winlogon: Shell - (cmd.exe) - F:\Windows\System32\cmd.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/28 16:52:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/21 16:27:26 | 000,000,000 | ---D | C] -- F:\Users\PG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013/07/21 16:27:26 | 000,000,000 | ---D | C] -- F:\Program Files\GPU-Z
[2013/07/09 20:00:51 | 002,706,432 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mshtml.tlb
[2013/07/09 20:00:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript.dll
[2013/07/09 20:00:49 | 002,877,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jscript9.dll
[2013/07/09 20:00:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\jsproxy.dll
[2013/07/09 20:00:48 | 000,391,168 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ieui.dll
[2013/07/09 20:00:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesetup.dll
[2013/07/09 20:00:47 | 000,493,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\msfeeds.dll
[2013/07/09 20:00:47 | 000,042,496 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\ie4uinit.exe
[2013/07/09 20:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iernonce.dll
[2013/07/09 20:00:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\iesysprep.dll
[2013/07/09 20:00:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/09 16:08:03 | 000,509,440 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\qedit.dll
[2013/07/09 16:08:02 | 001,620,480 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMVDECOD.DLL
[2013/07/09 16:08:01 | 001,247,744 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\DWrite.dll
[2013/07/09 16:07:58 | 002,347,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\win32k.sys
[2013/06/30 13:54:00 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/30 13:53:04 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2013/06/30 13:53:03 | 000,000,000 | ---D | C] -- F:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/09/05 10:25:28 | 000,642,685 | ---- | C] (Xvid team ) -- F:\Users\PG\AppData\Roaming\xvid.exe
[2010/09/05 10:25:22 | 004,284,535 | ---- | C] (ffdshow ) -- F:\Users\PG\AppData\Roaming\ffdshow.exe
[2010/09/05 10:25:22 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- F:\Users\PG\AppData\Roaming\Imgburn.exe
[2010/09/05 10:25:12 | 004,182,178 | ---- | C] (The Public) -- F:\Users\PG\AppData\Roaming\Avisynth.exe
========== Files - Modified Within 30 Days ==========
[2013/07/29 06:46:45 | 000,013,472 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 06:46:45 | 000,013,472 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/29 06:39:31 | 000,001,086 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/29 06:39:20 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/07/29 06:39:19 | 000,000,000 | ---- | M] () -- F:\Windows\System32\drivers\lvuvc.hs
[2013/07/29 06:39:15 | 1610,014,720 | -HS- | M] () -- F:\hiberfil.sys
[2013/07/29 06:30:00 | 000,001,090 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/29 06:11:37 | 360,750,586 | ---- | M] () -- F:\Windows\MEMORY.DMP
[2013/07/29 05:50:47 | 001,084,737 | ---- | M] () -- F:\ProgramData\2433f433
[2013/07/29 05:50:47 | 001,084,703 | ---- | M] () -- F:\Users\PG\AppData\Local\2433f433
[2013/07/29 05:50:47 | 001,084,691 | ---- | M] () -- F:\Users\PG\AppData\Roaming\2433f433
[2013/07/28 18:57:00 | 000,000,884 | ---- | M] () -- F:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/28 16:52:25 | 000,002,170 | ---- | M] () -- F:\Users\Public\Desktop\Google Earth.lnk
[2013/07/28 16:52:25 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/21 16:37:13 | 000,001,165 | ---- | M] () -- F:\Users\PG\Desktop\CoreTemp.ini
[2013/07/21 16:35:08 | 000,000,624 | ---- | M] () -- F:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/07/16 11:00:27 | 004,319,740 | ---- | M] () -- F:\Users\PG\Desktop\KSKBild.jpg
[2013/07/14 15:10:35 | 000,654,150 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2013/07/14 15:10:35 | 000,616,032 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2013/07/14 15:10:35 | 000,130,022 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2013/07/14 15:10:35 | 000,106,412 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2013/07/14 07:31:34 | 000,101,551 | ---- | M] () -- F:\Users\PG\Desktop\Unbenannt.jpg
[2013/07/14 07:31:27 | 000,154,775 | ---- | M] () -- F:\Users\PG\Desktop\Unbenannt.png
[2013/07/10 18:09:54 | 003,838,192 | ---- | M] () -- F:\Windows\System32\FNTCACHE.DAT
[2013/07/09 19:43:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/30 18:56:44 | 002,366,615 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2497.JPG
[2013/06/30 18:56:36 | 002,678,879 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2299.JPG
[2013/06/30 18:16:04 | 000,139,082 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2699.JPG
[2013/06/30 18:11:42 | 000,225,275 | ---- | M] () -- F:\Users\PG\Desktop\gymshark-copy.jpg
[2013/06/30 17:12:58 | 000,120,335 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2700.JPG
[2013/06/30 17:12:57 | 000,115,321 | ---- | M] () -- F:\Users\PG\Desktop\IMG_2698.JPG
[2013/06/30 13:54:03 | 000,001,753 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2013/06/30 13:54:03 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
========== Files Created - No Company Name ==========
[2013/07/29 05:50:47 | 001,084,737 | ---- | C] () -- F:\ProgramData\2433f433
[2013/07/29 05:50:47 | 001,084,703 | ---- | C] () -- F:\Users\PG\AppData\Local\2433f433
[2013/07/29 05:50:47 | 001,084,691 | ---- | C] () -- F:\Users\PG\AppData\Roaming\2433f433
[2013/07/28 16:52:23 | 000,002,170 | ---- | C] () -- F:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:33:56 | 000,001,165 | ---- | C] () -- F:\Users\PG\Desktop\CoreTemp.ini
[2013/07/21 16:33:35 | 000,763,856 | ---- | C] () -- F:\Users\PG\Desktop\Core Temp.exe
[2013/07/21 16:33:35 | 000,000,067 | ---- | C] () -- F:\Users\PG\Desktop\Core Temp Gadget & Addons.url
[2013/07/21 16:30:04 | 000,000,624 | ---- | C] () -- F:\Users\PG\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013/07/21 16:28:18 | 000,208,739 | ---- | C] () -- F:\Users\PG\Desktop\All_CPU_Meter_V4.7.gadget
[2013/07/16 11:00:24 | 004,319,740 | ---- | C] () -- F:\Users\PG\Desktop\KSKBild.jpg
[2013/07/14 07:31:34 | 000,101,551 | ---- | C] () -- F:\Users\PG\Desktop\Unbenannt.jpg
[2013/07/14 07:31:27 | 000,154,775 | ---- | C] () -- F:\Users\PG\Desktop\Unbenannt.png
[2013/06/30 18:56:26 | 002,678,879 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2299.JPG
[2013/06/30 18:56:25 | 002,366,615 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2497.JPG
[2013/06/30 18:56:25 | 000,071,373 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2039.JPG
[2013/06/30 17:48:46 | 000,225,275 | ---- | C] () -- F:\Users\PG\Desktop\gymshark-copy.jpg
[2013/06/30 16:58:47 | 000,120,335 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2700.JPG
[2013/06/30 16:58:46 | 000,139,082 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2699.JPG
[2013/06/30 16:58:45 | 000,115,321 | ---- | C] () -- F:\Users\PG\Desktop\IMG_2698.JPG
[2013/06/30 13:54:01 | 000,001,753 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2013/02/13 19:43:54 | 095,023,320 | ---- | C] () -- F:\ProgramData\3028783.pad
[2012/04/02 18:58:13 | 000,000,000 | ---- | C] () -- F:\Windows\System32\cd.dat
[2012/02/02 20:19:10 | 000,116,224 | ---- | C] () -- F:\Windows\System32\pdfcmnnt.dll
[2011/12/14 21:42:41 | 000,000,132 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/12 18:08:40 | 000,000,100 | ---- | C] () -- F:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/07/26 11:26:48 | 000,030,568 | ---- | C] () -- F:\Windows\MusiccityDownload.exe
[2011/06/21 10:48:00 | 000,252,928 | ---- | C] () -- F:\Windows\System32\DShowRdpFilter.dll
[2011/06/21 10:47:17 | 000,066,048 | ---- | C] () -- F:\Windows\System32\PrintBrmUi.exe
[2011/06/07 05:13:38 | 000,974,848 | ---- | C] () -- F:\Windows\System32\cis-2.4.dll
[2011/06/07 05:13:38 | 000,081,920 | ---- | C] () -- F:\Windows\System32\issacapi_bs-2.3.dll
[2011/06/07 05:13:38 | 000,065,536 | ---- | C] () -- F:\Windows\System32\issacapi_pe-2.3.dll
[2011/06/07 05:13:38 | 000,057,344 | ---- | C] () -- F:\Windows\System32\issacapi_se-2.3.dll
[2011/03/26 20:06:00 | 000,022,328 | ---- | C] () -- F:\Windows\System32\drivers\PnkBstrK.sys
[2011/03/26 20:05:26 | 000,103,736 | ---- | C] () -- F:\Windows\System32\PnkBstrB.exe
[2011/03/26 20:05:22 | 000,066,872 | ---- | C] () -- F:\Windows\System32\PnkBstrA.exe
[2011/03/26 20:05:09 | 000,000,301 | ---- | C] () -- F:\Windows\game.ini
[2011/02/18 14:18:23 | 000,000,132 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/12 16:18:25 | 000,000,400 | ---- | C] () -- F:\Windows\ODBC.INI
[2010/10/10 19:02:12 | 000,110,592 | ---- | C] () -- F:\Windows\System32\FsUsbExDevice.Dll
[2010/10/10 19:02:12 | 000,036,640 | ---- | C] () -- F:\Windows\System32\FsUsbExDisk.Sys
[2010/09/09 18:23:14 | 000,000,056 | -H-- | C] () -- F:\ProgramData\ezsidmv.dat
[2010/09/05 10:25:27 | 000,022,328 | ---- | C] () -- F:\Users\PG\AppData\Roaming\PnkBstrK.sys
[2010/09/05 10:25:20 | 016,494,080 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0009.avi
[2010/09/05 10:25:20 | 003,504,128 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0008.avi
[2010/09/05 10:25:19 | 008,073,728 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0006.avi
[2010/09/05 10:25:19 | 003,851,776 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0007.avi
[2010/09/05 10:25:19 | 000,542,720 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0005.avi
[2010/09/05 10:25:17 | 011,929,600 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0004.avi
[2010/09/05 10:25:17 | 001,976,320 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0003.avi
[2010/09/05 10:25:16 | 010,129,408 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0002.avi
[2010/09/05 10:25:14 | 019,793,920 | ---- | C] () -- F:\Users\PG\AppData\Roaming\Clip0001.avi
[2010/09/05 10:18:43 | 000,003,584 | ---- | C] () -- F:\Users\PG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 10:18:43 | 000,000,107 | ---- | C] () -- F:\Users\PG\AppData\default.pls
[2010/09/04 18:35:53 | 000,000,000 | ---- | C] () -- F:\Windows\ativpsrm.bin
[2010/09/04 18:35:53 | 000,000,000 | ---- | C] () -- F:\Windows\System32\atiicdxx.dat
[2010/07/27 02:03:20 | 010,829,656 | ---- | C] () -- F:\Windows\System32\LogiDPP.dll
[2010/07/27 02:03:20 | 000,102,744 | ---- | C] () -- F:\Windows\System32\LogiDPPApp.exe
[2010/07/27 02:03:18 | 000,290,648 | ---- | C] () -- F:\Windows\System32\DevManagerCore.dll
[2010/07/27 01:56:04 | 000,090,411 | ---- | C] () -- F:\Windows\System32\lvcoinst.ini
[2010/05/07 12:46:36 | 000,014,168 | ---- | C] () -- F:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 12:43:30 | 000,025,824 | ---- | C] () -- F:\Windows\System32\drivers\LVPr2Mon.sys
[2009/07/14 04:47:43 | 000,654,150 | ---- | C] () -- F:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- F:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,130,022 | ---- | C] () -- F:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- F:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- F:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 003,838,192 | ---- | C] () -- F:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,032 | ---- | C] () -- F:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- F:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,412 | ---- | C] () -- F:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- F:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- F:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- F:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- F:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\Windows\System32\mlang.dat
[2007/08/16 09:17:50 | 000,143,360 | ---- | C] () -- F:\Windows\System32\nsldap32v50.dll
[2007/06/22 21:44:50 | 000,009,760 | ---- | C] () -- F:\Windows\System32\34CoInstaller.dll
[2005/12/21 10:57:04 | 000,024,576 | ---- | C] () -- F:\Windows\System32\nsldappr32v50.dll
[2005/12/21 10:54:34 | 000,040,960 | ---- | C] () -- F:\Windows\System32\nsldapssl32v50.dll
[2004/08/13 03:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- F:\Windows\System32\giveio.sys
========== LOP Check ==========
[2013/06/30 13:53:45 | 000,000,000 | ---D | M] -- F:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2010/10/24 13:51:11 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2011/11/08 19:19:42 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonIJScan
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Dokumente
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2011/02/10 18:04:19 | 000,000,000 | ---D | M] -- F:\ProgramData\FreeHideIP
[2013/05/26 13:35:00 | 000,000,000 | ---D | M] -- F:\ProgramData\IBUpdaterService
[2011/09/12 18:07:41 | 000,000,000 | ---D | M] -- F:\ProgramData\Intermedia Software
[2010/10/13 19:03:09 | 000,000,000 | ---D | M] -- F:\ProgramData\Phase6
[2010/09/21 10:26:09 | 000,000,000 | ---D | M] -- F:\ProgramData\regid.1986-12.com.adobe
[2011/09/02 18:17:38 | 000,000,000 | ---D | M] -- F:\ProgramData\Samsung
[2010/10/24 13:16:03 | 000,000,000 | ---D | M] -- F:\ProgramData\StarMoney 7.0
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2010/09/04 18:52:40 | 000,000,000 | -HSD | M] -- F:\ProgramData\Startmenü
[2013/06/25 19:21:01 | 000,000,000 | ---D | M] -- F:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/07/05 21:48:26 | 000,000,000 | ---D | M] -- F:\ProgramData\tmp
[2010/09/04 18:52:41 | 000,000,000 | -HSD | M] -- F:\ProgramData\Vorlagen
[2012/02/23 17:57:22 | 000,000,000 | ---D | M] -- F:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/03/05 08:23:53 | 000,032,632 | ---- | M] () -- F:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 65 bytes -> F:\Users\PG\Desktop\zusammenfassung KSK (Alexander Ronges in Konflikt stehende Kopie 2013-07-02).doc:com.dropbox.attributes
@Alternate Data Stream - 122 bytes -> F:\ProgramData\TEMP:F7F48F12
< End of report >
|
| Themen zu GVU Trojaner blockiert abgesicherten Modus |
| .exe, abgesicherte, abgesicherten, abgesicherten modus, blockiert, device driver, gvu trojaner, hartnäckige, hartnäckigen, inhalt, lightning, lws.exe, modus, otl.txt, otlpe, otlpenet.exe, plug-in, scan, sofort, starmoney, troja, trojaner, trojaners |
Baum-Darstellung