| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GUV/Bka Virus auf Win 7 LaptopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.08.2013, 07:19
| #1 |
| |  GUV/Bka Virus auf Win 7 Laptop Ich habe mir den Trojaner auf Win7 Laptop eingefangen. Der Laptop war komplett geblockt, kein Starten im abgesicherten Modus oder dergleich möglich. Habe eine OTLPE-CD mit anderem Laptop erstellt. Eine OTL.txt wurde nach dem Scan erstellt. Hier nun der Auszug: Code:
ATTFilter OTL logfile created on: 8/10/2013 9:46:31 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.76 Gb Total Space | 38.13 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 303.00 Gb Total Space | 298.61 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/06/23 12:10:55 | 000,260,608 | ---- | M] (ggggggggggggggggggggggggggg) [Auto] -- C:\ProgramData\rito0.dat -- (Winmgmt)
SRV - [2013/06/19 14:48:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/20 08:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012/07/13 08:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 09:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011/10/28 09:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011/10/27 21:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011/08/10 08:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2011/03/04 14:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010/12/08 09:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/17 21:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/02/26 04:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ==========
DRV - [2012/02/20 17:00:39 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012/02/20 16:53:24 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012/02/19 15:58:46 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012/02/19 15:58:12 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012/02/19 15:58:12 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/02/19 15:58:11 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012/02/19 15:58:05 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011/08/17 04:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/16 11:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009/08/17 22:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/13 10:50:40 | 000,106,112 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/10/09 07:53:16 | 000,059,264 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/01 03:09:24 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/08/01 03:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\ousbehci.sys -- (ousbehci)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 14:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 14:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\vsbdo2fm.default\extensions
[2012/11/18 14:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 04:32:53 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/06/15 04:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 04:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 04:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 04:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/06/15 04:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\chris_ON_C..\Run: [] File not found
O4 - HKU\chris_ON_C..\Run: [ctfmon32.exe] C:\ProgramData\rito0.dat (ggggggggggggggggggggggggggg)
O4 - HKU\chris_ON_C..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\chris_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell - "" = AutoRun
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/08/08 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2013/08/08 22:45:06 | 000,505,344 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl819xp.sys
[2013/08/08 22:45:06 | 000,238,464 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMC326.sys
[2013/08/08 22:45:06 | 000,053,248 | ---- | C] (SAMSUNG Electronics) -- C:\Windows\System32\drivers\SABI2.dll
[2013/08/08 22:45:05 | 002,225,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys
[2013/08/08 22:45:04 | 000,258,048 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\drivers\MakeMarkerFile.exe
[2013/08/08 22:45:04 | 000,213,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2013/08/08 22:45:04 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2013/08/08 22:45:04 | 000,079,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2013/08/08 22:45:04 | 000,045,056 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys
[2013/08/08 22:45:04 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2013/08/08 22:45:04 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2013/08/08 22:45:04 | 000,034,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2013/08/08 22:45:04 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2013/08/08 22:45:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2013/08/08 22:45:03 | 001,203,776 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2013/08/08 22:45:03 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/08/08 22:45:02 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013/08/08 22:45:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2013/08/08 22:45:02 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2013/08/08 22:45:02 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013/08/08 22:45:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2013/08/08 22:45:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2013/08/08 22:45:02 | 000,045,056 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN.exe
[2013/08/08 22:45:02 | 000,042,496 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN64.exe
[2013/08/08 22:45:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2013/08/08 22:45:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2013/08/08 22:45:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2013/08/08 22:45:01 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2013/08/08 22:45:01 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2013/08/08 22:45:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2013/08/08 22:45:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013/08/08 22:45:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2013/08/08 22:45:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2013/08/08 22:45:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2013/08/08 22:45:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2013/08/08 22:45:00 | 000,282,624 | ---- | C] (Marvell) -- C:\Windows\System32\ykx32mpcoinst.dll
[2013/08/08 22:45:00 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013/08/08 22:45:00 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2013/08/08 22:45:00 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibrtmon.exe
[2013/08/08 22:45:00 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2013/08/08 22:45:00 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2013/08/08 22:45:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2013/08/08 22:45:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2013/08/08 22:45:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013/08/08 22:45:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2013/08/08 22:45:00 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2013/08/08 22:45:00 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2013/08/08 22:45:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013/08/08 22:45:00 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2013/08/08 22:45:00 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2013/08/08 22:45:00 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2013/08/08 22:44:59 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/08/08 22:44:59 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013/08/08 22:44:59 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMC326.dll
[2013/08/08 22:44:58 | 002,073,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TouchX.dll
[2013/08/08 22:44:58 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2013/08/08 22:44:58 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2013/08/08 22:44:58 | 000,047,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAME.DLL
[2013/08/08 22:44:57 | 002,222,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlncli.dll
[2013/08/08 22:44:57 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013/08/08 22:44:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013/08/08 22:44:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/08/08 22:44:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/08/08 22:44:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/08/08 22:44:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2013/08/08 22:44:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/08/08 22:44:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2013/08/08 22:44:57 | 000,066,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlctr90.dll
[2013/08/08 22:44:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013/08/08 22:44:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013/08/08 22:44:56 | 002,523,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/08/08 22:44:56 | 000,998,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/08/08 22:44:56 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013/08/08 22:44:56 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/08/08 22:44:56 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2013/08/08 22:44:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2013/08/08 22:44:56 | 000,045,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2013/08/08 22:44:56 | 000,039,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCP32.DLL
[2013/08/08 22:44:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2013/08/08 22:44:55 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013/08/08 22:44:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013/08/08 22:44:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2013/08/08 22:44:55 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/08/08 22:44:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnrpperf.dll
[2013/08/08 22:44:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013/08/08 22:44:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netrap.dll
[2013/08/08 22:44:54 | 002,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013/08/08 22:44:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/08/08 22:44:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/08/08 22:44:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2013/08/08 22:44:54 | 000,125,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/08/08 22:44:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2013/08/08 22:44:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013/08/08 22:44:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013/08/08 22:44:53 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/08/08 22:44:53 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/08/08 22:44:53 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/08/08 22:44:52 | 002,076,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2013/08/08 22:44:52 | 001,190,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20.DLL
[2013/08/08 22:44:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/08/08 22:44:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/08/08 22:44:52 | 000,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2013/08/08 22:44:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/08/08 22:44:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2013/08/08 22:44:52 | 000,101,888 | ---- | C] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013/08/08 22:44:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013/08/08 22:44:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2013/08/08 22:44:52 | 000,036,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20DEU.DLL
[2013/08/08 22:44:52 | 000,033,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20ENU.DLL
[2013/08/08 22:44:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013/08/08 22:44:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013/08/08 22:44:51 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2013/08/08 22:44:51 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/08/08 22:44:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CRPPresentation.dll
[2013/08/08 22:44:51 | 000,031,744 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgRes.dll
[2013/08/08 22:44:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsoc.dll
[2013/08/08 22:44:51 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/08/08 22:44:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifps.dll
[2013/08/08 22:44:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsrres.dll
[2013/08/08 22:44:50 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2013/08/08 22:44:50 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013/08/08 22:44:50 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2013/08/08 22:44:50 | 000,278,528 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2013/08/08 22:44:50 | 000,141,312 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/08/08 22:44:50 | 000,095,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BCMMS32.DLL
[2013/08/08 22:44:50 | 000,082,432 | ---- | C] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2013/08/08 22:44:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/08/08 22:44:50 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/08/08 22:44:50 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2013/08/08 22:44:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2013/08/08 22:44:50 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2013/08/08 22:44:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acprgwiz.dll
[2013/08/08 22:44:49 | 000,406,528 | ---- | C] (Samsung Electronics) -- C:\Windows\HotfixChecker.exe
[2013/08/08 22:44:49 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2013/08/08 11:57:19 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/08 11:57:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/08/08 11:57:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/08 11:57:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/08 11:57:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/08 11:57:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/08 11:57:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/08 11:57:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/08 11:57:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/08 11:57:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/08 11:57:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/05 13:00:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/08/05 13:00:25 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/05 13:00:20 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/08/05 13:00:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/08/05 12:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
[2013/06/23 12:10:55 | 000,260,608 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\rito0.dat
[2013/06/23 12:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
========== Files - Modified Within 30 Days ==========
[2041/08/28 15:23:46 | 001,089,656 | ---- | M] () -- C:\Users\chris\Desktop\100_5905.JPG
[2041/08/28 15:21:52 | 001,304,412 | ---- | M] () -- C:\Users\chris\Desktop\100_5902.JPG
[2041/08/22 22:52:00 | 001,156,592 | ---- | M] () -- C:\Users\chris\Desktop\104_5607.JPG
[2013/08/09 15:15:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 15:13:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0otir.pad
[2013/08/09 15:13:14 | 542,092,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/09 15:13:11 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 23:23:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:06:38 | 000,319,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/08 12:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 12:00:10 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 12:00:10 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 12:00:10 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 12:00:09 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 11:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 15:09:37 | 000,025,953 | ---- | M] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:15 | 000,000,962 | ---- | M] () -- C:\Windows\wiso.ini
[2013/08/05 12:55:08 | 000,002,189 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
[2013/08/05 12:55:08 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/08/05 12:55:07 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/05 12:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
========== Files Created - No Company Name ==========
[2013/08/08 22:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2013/08/08 22:45:04 | 000,003,224 | ---- | C] () -- C:\Windows\System32\drivers\MakeMarkerFile.xml
[2013/08/08 22:45:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01005.Wdf
[2013/08/08 22:45:03 | 000,055,296 | ---- | C] () -- C:\Windows\System32\SQLServerManager.msc
[2013/08/08 22:45:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\144D_SAMSUNG_N_R520_04LL.mrk
[2013/08/08 22:45:02 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2013/08/08 22:45:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2013/08/08 22:45:01 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2013/08/08 22:44:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2013/08/08 22:44:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2013/08/08 22:44:50 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2013/08/08 22:44:50 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2013/08/08 22:44:50 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2013/08/08 22:44:50 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2013/08/08 22:44:49 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/08/05 15:09:37 | 000,025,953 | ---- | C] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:08 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/06/23 12:10:59 | 000,002,655 | ---- | C] () -- C:\ProgramData\0otir.js
[2013/06/23 12:10:57 | 095,023,320 | ---- | C] () -- C:\ProgramData\0otir.pad
[2012/11/29 13:00:07 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012/02/23 04:17:56 | 000,898,004 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011/06/22 13:37:14 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/05/31 11:28:16 | 000,000,962 | ---- | C] () -- C:\Windows\wiso.ini
[2011/04/10 13:53:00 | 000,033,280 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/07 16:54:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/29 23:14:28 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/09/29 23:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/09/29 23:14:28 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/09/29 23:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,319,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 14:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 12:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 15:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
========== LOP Check ==========
[2011/09/18 05:20:42 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ability5
[2011/05/31 11:30:41 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service
[2011/03/08 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service GmbH
[2012/11/30 09:55:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeVideoConverter
[2011/05/29 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Oasys
[2011/03/22 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2011/03/26 04:59:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PC Suite
[2012/11/29 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ulead Systems
[2011/05/29 13:18:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Ability5
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/08/05 12:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/03/15 15:54:02 | 000,000,000 | ---D | M] -- C:\ProgramData\G Data
[2011/03/07 17:22:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Lidl_Fotos
[2012/01/06 11:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2013/06/12 13:14:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2011/03/26 04:59:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/03/26 04:34:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012/11/29 13:01:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/12 11:06:11 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/11/29 13:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/08/08 22:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WinClon
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/09/02 04:38:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/09/02 04:11:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2013/08/08 11:14:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Wie gehe ich nun weiter vor? Könnte ich in dem Modus (dem jetzigen Zugriffs) sofort Win7 neu aufsetzen? Wichtig war mir nur, dass ich meine Daten noch retten konnte - das habe ich nach dem booten gemacht. Danke für eure Hilfe. |
| Themen zu GUV/Bka Virus auf Win 7 Laptop |
| antivirus, autorun, bho, bonjour, booten, defender, desktop, error, firefox, flash player, format, home, logfile, monitor, monitor.exe, object, plug-in, realtek, registry, rundll, scan, security, software, starten, trojaner, virus, windows xp |
Baum-Darstellung