| |
| |||||||
Log-Analyse und Auswertung: Windows-Verschlüsselungs-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
05.06.2012, 14:27
| #1 |
| |  Windows-Verschlüsselungs-Trojaner Hallo, nachdem ich mir über eine Zahlungsaufforderungs-e-mail, einen o.g. Trojaner geladen habe, bin ich über google auf eure Seite gelandet. Leider verstehe ich nicht viel von Computern. Mein Problem: wenn ich mein laptop anmache kommt das Bild mit der Warnung ich habe einen Windows-Verschlüsselungs-Trojaner und soll für die Entschlüsselung zahlen. Wie soll ich weiter vorgehen? Kann ja nichts runterladen und dann scannen (da ist ja nur dieses Bild!). Schreibe gerade von laptop meiner Frau. Für eure Hilfe wäre ich sehr dankbar |
|
05.06.2012, 17:28
| #2 |
| | Windows-Verschlüsselungs-Trojaner habe in abgesicherten modus die erwünschten logfiles erstellen (64bit win):
__________________defogger_disable by jpshortstuff (23.02.10.1) Log created at 17:50 on 05/06/2012 (Peter) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Rest im Anhang!! Kann ich Malwarebytes Anti-Malware im abgesicherten Modus (wirksam) ausführen und soll ich die befallene e-mail einfach an euch weiterleiten |
|
05.06.2012, 20:19
| #3 |
| | Windows-Verschlüsselungs-Trojaner Nun ich weiß nicht wie ich das geschafft habe aber ich konnte in "normalen" Modus mein laptop scannen (malwarebytes, OTL). Es wurden keine infizierten Objekte gefunden!
__________________ , was nun?Hier noch die Ergebnisse: |
|
06.06.2012, 16:55
| #4 |
| /// Malware-holic   | Windows-Verschlüsselungs-Trojaner hi, versuch mal shadow explorer: http://www.trojaner-board.de/115496-...erstellen.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.06.2012, 17:08
| #5 |
| | Windows-Verschlüsselungs-Trojaner habe heute mich online getraut und Malwarebytes aktualiesiert! Trojaner gefunden und vernichtet. Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.06.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Peter :: PETER-PC [Administrator] Schutz: Aktiviert 06.06.2012 12:32:51 mbam-log-2012-06-06 (12-32-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248122 Laufzeit: 5 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|FA252E12 (Trojan.Agent.RNSGen) -> Daten: C:\Users\Peter\AppData\Roaming\Pvarpaavlu\16D87FBDFA252E12735B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) hier noch OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/6/2012 1:35:09 PM - Run 3 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Peter\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 51.62% Memory free 7.82 Gb Paging File | 5.66 Gb Available in Paging File | 72.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 434.66 Gb Total Space | 349.63 Gb Free Space | 80.44% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 10.04 Gb Free Space | 33.48% Space Free | Partition Type: NTFS Drive F: | 7.42 Gb Total Space | 6.98 Gb Free Space | 94.05% Space Free | Partition Type: FAT32 Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/05 17:19:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/02 12:21:36 | 001,524,728 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012/01/27 15:01:06 | 000,471,048 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012/01/27 05:19:28 | 000,334,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVK.exe PRC - [2012/01/27 05:18:28 | 000,985,080 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe PRC - [2012/01/27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2011/02/24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2011/02/11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/02/11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/02/11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011/02/11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/01/17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/12/24 09:26:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/11/29 11:49:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010/11/17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 08:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/29 05:07:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010/02/03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010/01/13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009/12/19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012/05/10 15:19:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/05/10 15:19:42 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/05/10 15:02:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 15:02:05 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/10 15:01:57 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/10 15:01:41 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/10 15:01:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 15:01:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 15:01:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 15:01:18 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011/12/31 21:21:40 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/02/10 21:24:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/17 05:08:56 | 001,133,568 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/02/09 13:49:18 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) SRV:64bit: - [2011/02/05 01:34:20 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV:64bit: - [2011/02/05 01:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/02/05 01:19:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV:64bit: - [2010/11/21 05:25:10 | 000,092,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService) SRV:64bit: - [2010/11/21 05:24:52 | 000,117,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum) SRV:64bit: - [2010/11/21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2010/09/23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/09/08 11:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV:64bit: - [2009/07/14 03:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc) SRV:64bit: - [2009/07/14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2012/02/02 12:21:36 | 001,524,728 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012/01/27 15:01:06 | 000,471,048 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012/01/27 05:01:08 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012/01/27 04:43:34 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/07 12:23:08 | 000,070,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/02/11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/02/11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/02/11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/12/24 09:26:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/11/29 20:49:36 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010/10/07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010/09/08 11:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/08/24 23:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS) SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007/06/15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/06/06 09:26:33 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012/06/06 09:19:55 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012/06/06 09:19:22 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012/06/06 09:19:22 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012/06/06 09:19:22 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012/06/06 09:19:22 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/09 20:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/11/15 02:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/24 20:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011/02/16 23:45:48 | 000,261,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R) DRV:64bit: - [2011/02/16 23:45:48 | 000,261,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R) DRV:64bit: - [2011/02/10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/01/10 12:27:40 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010/12/24 09:26:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_xp64.sys -- (fspad_xp64) DRV:64bit: - [2010/11/08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64) DRV:64bit: - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/29 05:07:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010/09/23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010/08/24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/02/03 11:05:44 | 000,113,280 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IT9135BDA.sys -- (IT9135BDA) DRV:64bit: - [2009/10/23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl) DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2006/08/25 15:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv) DRV - [2009/09/11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND IE - HKCU\..\SearchScopes,DefaultScope = {C773FD4F-478C-461B-A208-3B06AC2FC5A6} IE - HKCU\..\SearchScopes\{C773FD4F-478C-461B-A208-3B06AC2FC5A6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 3.1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Productivity 3.1 Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.goggle.de" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/10 16:53:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/31 19:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Extensions [2012/06/01 14:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\Profiles\d3wyb9nd.default\extensions [2011/12/20 22:57:36 | 000,000,933 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\11-suche.xml [2012/01/31 22:04:42 | 000,000,935 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\conduit.xml [2011/12/20 22:57:36 | 000,002,419 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\englische-ergebnisse.xml [2011/12/20 22:57:36 | 000,010,525 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\gmx-suche.xml [2011/12/20 22:57:36 | 000,002,457 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\lastminute.xml [2011/12/20 22:57:36 | 000,005,508 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\d3wyb9nd.default\searchplugins\webde-suche.xml [2012/06/06 09:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/01/26 23:12:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/06/06 09:19:25 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2011/12/07 23:53:56 | 000,046,898 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D3WYB9ND.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI [2012/02/23 08:51:59 | 000,018,789 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D3WYB9ND.DEFAULT\EXTENSIONS\CONTEXTMENUEXTENSION@LEO.ORG.XPI [2012/04/17 15:29:28 | 000,576,958 | ---- | M] () (No name found) -- C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D3WYB9ND.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_SE33D.tmp" /EF "HKCU" File not found O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08A69B5D-D8A6-445B-ADFE-7E205712D1A7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4804E0FC-AD86-40B7-A7CD-ABE6CC2EA59E}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/06 09:26:33 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2012/06/06 09:19:55 | 000,059,768 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012/06/06 09:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data AntiVirus 2013 [2012/06/06 09:19:22 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012/06/06 09:19:22 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012/06/06 09:19:22 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012/06/06 09:19:22 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012/06/06 09:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012/06/06 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2012/06/06 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2012/06/05 20:53:36 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\troja [2012/06/05 18:33:42 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes [2012/06/05 18:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/05 18:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/05 18:33:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/05 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/05 17:49:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2012/06/05 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Pvarpaavlu [2012/06/04 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\Documents\CyberLink [2012/06/02 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Cyberlink [2012/06/01 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\CyberLink [2012/06/01 15:38:36 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\TechSmith [2012/06/01 15:27:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime [2012/06/01 12:32:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{015EEEED-A4F9-452B-AD49-2E9E379B5875} [2012/06/01 02:02:14 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\DVDVideoSoft_Ltd [2012/06/01 01:17:18 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Media Player Classic [2012/06/01 00:53:17 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\DVDVideoSoft [2012/06/01 00:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2012/05/31 21:21:35 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Xilisoft [2012/05/31 20:36:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\PPT2Video [2012/05/31 20:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2012/05/31 20:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo [2012/05/31 20:30:20 | 000,606,208 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll [2012/05/31 20:30:20 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax [2012/05/31 20:30:20 | 000,139,264 | ---- | C] (hxxp://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax [2012/05/31 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{DCC4820F-591E-490C-A53E-72EC85FF4301} [2012/05/31 20:00:48 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{80B3A7D4-967A-47A8-9A43-4B81B38EE5DA} [2012/05/17 11:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/17 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/17 11:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/10 16:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/05/10 16:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla ========== Files - Modified Within 30 Days ========== [2012/06/06 12:35:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/06 12:35:28 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/06 12:34:29 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/06 12:34:29 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/06/06 12:34:29 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/06 12:34:29 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/06/06 12:34:29 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/06 12:26:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/06 12:26:48 | 3151,269,888 | -HS- | M] () -- C:\hiberfil.sys [2012/06/06 09:26:33 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2012/06/06 09:19:55 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012/06/06 09:19:22 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012/06/06 09:19:22 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012/06/06 09:19:22 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012/06/06 09:19:22 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012/06/06 09:19:15 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk [2012/06/05 18:33:35 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/05 17:45:58 | 000,000,000 | ---- | M] () -- C:\Users\Peter\defogger_reenable [2012/06/05 17:19:30 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe [2012/06/05 17:17:40 | 000,050,477 | ---- | M] () -- C:\Users\Peter\Desktop\Defogger.exe [2012/06/04 16:18:17 | 000,029,496 | ---- | M] () -- C:\Users\Peter\Desktop\abschlussfeier.odt [2012/06/02 06:49:39 | 000,318,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/01 15:51:40 | 000,023,040 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/01 00:14:39 | 007,760,687 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\SetupGFD.exe [2012/06/01 00:14:28 | 005,243,208 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\AvsP.exe [2012/06/01 00:14:20 | 001,357,348 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\MatroskaSplitter.exe [2012/06/01 00:14:17 | 005,514,668 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Imgburn.exe [2012/06/01 00:14:17 | 000,117,723 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\yuvcodecs-1.3.exe [2012/06/01 00:14:08 | 005,082,084 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Avisynth.exe [2012/05/10 16:53:47 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/06/06 09:19:15 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\G Data AntiVirus.lnk [2012/06/05 18:33:35 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/05 17:48:57 | 000,050,477 | ---- | C] () -- C:\Users\Peter\Desktop\Defogger.exe [2012/06/05 17:45:58 | 000,000,000 | ---- | C] () -- C:\Users\Peter\defogger_reenable [2012/05/10 16:53:47 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/04/17 20:18:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/01/18 20:51:31 | 000,023,040 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/31 21:01:10 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/03/29 14:09:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012/05/06 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Ashampoo [2011/12/31 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012/06/04 09:20:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DVDVideoSoft [2011/12/08 16:31:28 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org [2012/05/31 20:36:27 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PPT2Video [2012/06/06 12:29:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Pvarpaavlu [2012/06/05 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SoftGrid Client [2011/12/31 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TP [2012/01/09 18:36:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Windows Live Writer [2012/05/31 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Xilisoft [2012/06/01 11:48:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > shadow explorer funktioniert nicht (nur Maske vorhanden) keine früheren Wiederherstellungspunkte angelegt, oder liegt es an g-data? Wie kann ich überprüfen dass der Trojaner wirklich gelöscht worden ist? Und vor allem wie sichere ich die Daten ohne den Trojaner zu verschleppen um sie zu entcodieren? Danke nochmals für die Mühe!!! Geändert von peter11176 (06.06.2012 um 18:01 Uhr) |
|
12.06.2012, 16:53
| #6 |
| /// Malware-holic | Windows-Verschlüsselungs-Trojaner hi 100 % kannst du nur sicher sein, wenn du neu aufsetzt und dann das system absicherst, anleitungen dazu gebe ich dir gern
__________________ --> Windows-Verschlüsselungs-Trojaner |
|
13.06.2012, 06:30
| #7 |
| | Windows-Verschlüsselungs-Trojaner ok und danke, ich nehme also an dass "alles" sauber ist. Das Angebot nehme ich gerne an. Bevor ich aber alles platt mache: 1. Wie hoch ist die Wahrscheinlichkeit dass TB den Schlüssel findet? 2. Kann man die Daten (mir einige sehr wichtig) speichern ohne schädliche Daten mit zu verschleppen? 2.2 externe Festplatte (u.a) = backup (aus zeitlichen Gründen machte ich dem Letzten Mitte Januar, FU**!!) kann man die zusätzlich absichern? Bis bald und `nen Stressfreien Umzug |
|
27.06.2012, 12:47
| #8 |
| /// Malware-holic | Windows-Verschlüsselungs-Trojaner daten sichern kannst du. naja, nen backup dauert doch nciht lang, geht automatisch.... wie hoch obs jemals ne entschlüsselung gibt, keine anung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.06.2012, 15:01
| #9 |
| | Windows-Verschlüsselungs-Trojaner hi, wie soll ich jetzt vorgehen |
|
27.06.2012, 16:28
| #10 |
| /// Malware-holic | Windows-Verschlüsselungs-Trojaner wie gesagt, neu aufsetzen und vorher die wichtigen daten auf ne externe platte spielen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows-Verschlüsselungs-Trojaner |
| anmache, bild, compu, computer, dankbar, das bild, entschlüsselung, geladen, google, laptop, nichts, problem, runterladen, scan, scanne, scannen, seite, troja, trojaner, ukasch 100, verschlüsselungen, vorgehen, warnung, windows-verschlüsselungs-trojaner |
Linear-Darstellung
