| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV/Bka Virus auf Win 7 LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2013, 07:19
| #1 |
| |  GUV/Bka Virus auf Win 7 Laptop Ich habe mir den Trojaner auf Win7 Laptop eingefangen. Der Laptop war komplett geblockt, kein Starten im abgesicherten Modus oder dergleich möglich. Habe eine OTLPE-CD mit anderem Laptop erstellt. Eine OTL.txt wurde nach dem Scan erstellt. Hier nun der Auszug: Code:
ATTFilter OTL logfile created on: 8/10/2013 9:46:31 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.76 Gb Total Space | 38.13 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 303.00 Gb Total Space | 298.61 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/06/23 12:10:55 | 000,260,608 | ---- | M] (ggggggggggggggggggggggggggg) [Auto] -- C:\ProgramData\rito0.dat -- (Winmgmt)
SRV - [2013/06/19 14:48:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/20 08:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012/07/13 08:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 09:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011/10/28 09:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011/10/27 21:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011/08/10 08:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2011/03/04 14:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010/12/08 09:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/17 21:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/02/26 04:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - [2012/02/20 17:00:39 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012/02/20 16:53:24 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012/02/19 15:58:46 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012/02/19 15:58:12 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012/02/19 15:58:12 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/02/19 15:58:11 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012/02/19 15:58:05 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011/08/17 04:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/16 11:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009/08/17 22:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/13 10:50:40 | 000,106,112 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/10/09 07:53:16 | 000,059,264 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/01 03:09:24 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/08/01 03:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\ousbehci.sys -- (ousbehci)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 14:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 14:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\vsbdo2fm.default\extensions
[2012/11/18 14:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 04:32:53 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/06/15 04:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 04:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 04:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 04:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/06/15 04:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\chris_ON_C..\Run: [] File not found
O4 - HKU\chris_ON_C..\Run: [ctfmon32.exe] C:\ProgramData\rito0.dat (ggggggggggggggggggggggggggg)
O4 - HKU\chris_ON_C..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\chris_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell - "" = AutoRun
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/08/08 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2013/08/08 22:45:06 | 000,505,344 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl819xp.sys
[2013/08/08 22:45:06 | 000,238,464 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMC326.sys
[2013/08/08 22:45:06 | 000,053,248 | ---- | C] (SAMSUNG Electronics) -- C:\Windows\System32\drivers\SABI2.dll
[2013/08/08 22:45:05 | 002,225,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys
[2013/08/08 22:45:04 | 000,258,048 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\drivers\MakeMarkerFile.exe
[2013/08/08 22:45:04 | 000,213,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2013/08/08 22:45:04 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2013/08/08 22:45:04 | 000,079,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2013/08/08 22:45:04 | 000,045,056 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys
[2013/08/08 22:45:04 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2013/08/08 22:45:04 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2013/08/08 22:45:04 | 000,034,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2013/08/08 22:45:04 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2013/08/08 22:45:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2013/08/08 22:45:03 | 001,203,776 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2013/08/08 22:45:03 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/08/08 22:45:02 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013/08/08 22:45:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2013/08/08 22:45:02 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2013/08/08 22:45:02 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013/08/08 22:45:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2013/08/08 22:45:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2013/08/08 22:45:02 | 000,045,056 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN.exe
[2013/08/08 22:45:02 | 000,042,496 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN64.exe
[2013/08/08 22:45:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2013/08/08 22:45:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2013/08/08 22:45:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2013/08/08 22:45:01 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2013/08/08 22:45:01 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2013/08/08 22:45:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2013/08/08 22:45:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013/08/08 22:45:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2013/08/08 22:45:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2013/08/08 22:45:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2013/08/08 22:45:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2013/08/08 22:45:00 | 000,282,624 | ---- | C] (Marvell) -- C:\Windows\System32\ykx32mpcoinst.dll
[2013/08/08 22:45:00 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013/08/08 22:45:00 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2013/08/08 22:45:00 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibrtmon.exe
[2013/08/08 22:45:00 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2013/08/08 22:45:00 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2013/08/08 22:45:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2013/08/08 22:45:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2013/08/08 22:45:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013/08/08 22:45:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2013/08/08 22:45:00 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2013/08/08 22:45:00 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2013/08/08 22:45:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013/08/08 22:45:00 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2013/08/08 22:45:00 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2013/08/08 22:45:00 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2013/08/08 22:44:59 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/08/08 22:44:59 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013/08/08 22:44:59 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMC326.dll
[2013/08/08 22:44:58 | 002,073,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TouchX.dll
[2013/08/08 22:44:58 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2013/08/08 22:44:58 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2013/08/08 22:44:58 | 000,047,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAME.DLL
[2013/08/08 22:44:57 | 002,222,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlncli.dll
[2013/08/08 22:44:57 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013/08/08 22:44:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013/08/08 22:44:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/08/08 22:44:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/08/08 22:44:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/08/08 22:44:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2013/08/08 22:44:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/08/08 22:44:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2013/08/08 22:44:57 | 000,066,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlctr90.dll
[2013/08/08 22:44:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013/08/08 22:44:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013/08/08 22:44:56 | 002,523,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/08/08 22:44:56 | 000,998,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/08/08 22:44:56 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013/08/08 22:44:56 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/08/08 22:44:56 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2013/08/08 22:44:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2013/08/08 22:44:56 | 000,045,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2013/08/08 22:44:56 | 000,039,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCP32.DLL
[2013/08/08 22:44:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2013/08/08 22:44:55 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013/08/08 22:44:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013/08/08 22:44:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2013/08/08 22:44:55 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/08/08 22:44:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnrpperf.dll
[2013/08/08 22:44:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013/08/08 22:44:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netrap.dll
[2013/08/08 22:44:54 | 002,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013/08/08 22:44:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/08/08 22:44:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/08/08 22:44:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2013/08/08 22:44:54 | 000,125,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/08/08 22:44:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2013/08/08 22:44:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013/08/08 22:44:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013/08/08 22:44:53 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/08/08 22:44:53 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/08/08 22:44:53 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/08/08 22:44:52 | 002,076,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2013/08/08 22:44:52 | 001,190,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20.DLL
[2013/08/08 22:44:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/08/08 22:44:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/08/08 22:44:52 | 000,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2013/08/08 22:44:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/08/08 22:44:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2013/08/08 22:44:52 | 000,101,888 | ---- | C] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013/08/08 22:44:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013/08/08 22:44:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2013/08/08 22:44:52 | 000,036,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20DEU.DLL
[2013/08/08 22:44:52 | 000,033,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20ENU.DLL
[2013/08/08 22:44:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013/08/08 22:44:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013/08/08 22:44:51 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2013/08/08 22:44:51 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/08/08 22:44:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CRPPresentation.dll
[2013/08/08 22:44:51 | 000,031,744 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgRes.dll
[2013/08/08 22:44:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsoc.dll
[2013/08/08 22:44:51 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/08/08 22:44:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifps.dll
[2013/08/08 22:44:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsrres.dll
[2013/08/08 22:44:50 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2013/08/08 22:44:50 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013/08/08 22:44:50 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2013/08/08 22:44:50 | 000,278,528 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2013/08/08 22:44:50 | 000,141,312 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/08/08 22:44:50 | 000,095,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BCMMS32.DLL
[2013/08/08 22:44:50 | 000,082,432 | ---- | C] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2013/08/08 22:44:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/08/08 22:44:50 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/08/08 22:44:50 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2013/08/08 22:44:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2013/08/08 22:44:50 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2013/08/08 22:44:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acprgwiz.dll
[2013/08/08 22:44:49 | 000,406,528 | ---- | C] (Samsung Electronics) -- C:\Windows\HotfixChecker.exe
[2013/08/08 22:44:49 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2013/08/08 11:57:19 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/08 11:57:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/08/08 11:57:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/08 11:57:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/08 11:57:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/08 11:57:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/08 11:57:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/08 11:57:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/08 11:57:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/08 11:57:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/08 11:57:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/05 13:00:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/08/05 13:00:25 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/05 13:00:20 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/08/05 13:00:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/08/05 12:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
[2013/06/23 12:10:55 | 000,260,608 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\rito0.dat
[2013/06/23 12:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
========== Files - Modified Within 30 Days ==========
[2041/08/28 15:23:46 | 001,089,656 | ---- | M] () -- C:\Users\chris\Desktop\100_5905.JPG
[2041/08/28 15:21:52 | 001,304,412 | ---- | M] () -- C:\Users\chris\Desktop\100_5902.JPG
[2041/08/22 22:52:00 | 001,156,592 | ---- | M] () -- C:\Users\chris\Desktop\104_5607.JPG
[2013/08/09 15:15:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 15:13:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0otir.pad
[2013/08/09 15:13:14 | 542,092,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/09 15:13:11 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 23:23:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:06:38 | 000,319,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/08 12:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 12:00:10 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 12:00:10 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 12:00:10 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 12:00:09 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 11:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 15:09:37 | 000,025,953 | ---- | M] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:15 | 000,000,962 | ---- | M] () -- C:\Windows\wiso.ini
[2013/08/05 12:55:08 | 000,002,189 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
[2013/08/05 12:55:08 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/08/05 12:55:07 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/05 12:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
========== Files Created - No Company Name ==========
[2013/08/08 22:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2013/08/08 22:45:04 | 000,003,224 | ---- | C] () -- C:\Windows\System32\drivers\MakeMarkerFile.xml
[2013/08/08 22:45:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01005.Wdf
[2013/08/08 22:45:03 | 000,055,296 | ---- | C] () -- C:\Windows\System32\SQLServerManager.msc
[2013/08/08 22:45:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\144D_SAMSUNG_N_R520_04LL.mrk
[2013/08/08 22:45:02 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2013/08/08 22:45:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2013/08/08 22:45:01 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2013/08/08 22:44:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2013/08/08 22:44:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2013/08/08 22:44:50 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2013/08/08 22:44:50 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2013/08/08 22:44:50 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2013/08/08 22:44:50 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2013/08/08 22:44:49 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/08/05 15:09:37 | 000,025,953 | ---- | C] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:08 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/06/23 12:10:59 | 000,002,655 | ---- | C] () -- C:\ProgramData\0otir.js
[2013/06/23 12:10:57 | 095,023,320 | ---- | C] () -- C:\ProgramData\0otir.pad
[2012/11/29 13:00:07 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012/02/23 04:17:56 | 000,898,004 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011/06/22 13:37:14 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/05/31 11:28:16 | 000,000,962 | ---- | C] () -- C:\Windows\wiso.ini
[2011/04/10 13:53:00 | 000,033,280 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/07 16:54:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/29 23:14:28 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/09/29 23:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/09/29 23:14:28 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/09/29 23:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,319,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 14:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 12:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 15:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
========== LOP Check ==========
[2011/09/18 05:20:42 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ability5
[2011/05/31 11:30:41 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service
[2011/03/08 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service GmbH
[2012/11/30 09:55:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeVideoConverter
[2011/05/29 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Oasys
[2011/03/22 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2011/03/26 04:59:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PC Suite
[2012/11/29 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ulead Systems
[2011/05/29 13:18:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Ability5
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/08/05 12:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/03/15 15:54:02 | 000,000,000 | ---D | M] -- C:\ProgramData\G Data
[2011/03/07 17:22:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Lidl_Fotos
[2012/01/06 11:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2013/06/12 13:14:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2011/03/26 04:59:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/03/26 04:34:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012/11/29 13:01:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/12 11:06:11 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/11/29 13:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/08/08 22:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WinClon
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/09/02 04:38:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/09/02 04:11:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2013/08/08 11:14:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Wie gehe ich nun weiter vor? Könnte ich in dem Modus (dem jetzigen Zugriffs) sofort Win7 neu aufsetzen? Wichtig war mir nur, dass ich meine Daten noch retten konnte - das habe ich nach dem booten gemacht. Danke für eure Hilfe. |
|
10.08.2013, 07:25
| #2 |
| /// the machine /// TB-Ausbilder    | GUV/Bka Virus auf Win 7 Laptop hi,
__________________Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\chris_ON_C..\Run: [ctfmon32.exe] C:\ProgramData\rito0.dat (ggggggggggggggggggggggggggg)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
[2013/06/23 12:10:55 | 000,260,608 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\rito0.dat
[2013/06/23 12:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/08/09 15:13:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0otir.pad
:Commands
[emptytemp]
Rechner normal starten 
__________________ |
|
10.08.2013, 07:56
| #3 |
| | GUV/Bka Virus auf Win 7 Laptop hier der nächste auszug:
__________________Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
C:\ProgramData\rito0.dat moved successfully.
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk moved successfully.
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
File C:\ProgramData\rito0.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\0otir.pad moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: chris
->Temp folder emptied: 827242707 bytes
->Temporary Internet Files folder emptied: 462924881 bytes
->Java cache emptied: 5527655 bytes
->FireFox cache emptied: 104761319 bytes
->Flash cache emptied: 88195 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1071123733 bytes
Total Files Cleaned = 2,357.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 08102013_103509
|
|
10.08.2013, 09:57
| #4 |
| /// the machine /// TB-Ausbilder | GUV/Bka Virus auf Win 7 Laptop Kannst normal starten? Wenn ja dann ab jetzt alles im normalen Modus: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GUV/Bka Virus auf Win 7 Laptop |
| antivirus, autorun, bho, bonjour, booten, defender, desktop, error, firefox, flash player, format, home, logfile, monitor, monitor.exe, object, plug-in, realtek, registry, rundll, scan, security, software, starten, trojaner, virus, windows xp |
Textbox. 
Linear-Darstellung
