Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner - Reatogo

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.01.2013, 13:14   #1
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Hey,
ich habe einen GVU Virus auf meinem Pc und bin jetz soweit, dass mein System einen REATOGO-X-PE Desktop anzeigt. Wenn ich nun einen einen doppel Klick auf das OTLPE Icon mache, öffnet sich ein Fenster "Browse for Folder" und es kommt nicht die Frage "Do you wish to load the remote registry". Wie gehe ich nun weiter vor?

Alt 20.01.2013, 13:26   #2
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



hi
dort unter my computer alles aufklappen, windows ordner suchen, drauf klicken und dann gehts.
__________________

__________________

Alt 20.01.2013, 13:54   #3
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Danke, hab ihn unter Boot gefunden. Wenn ich da jetz drauf geh kommt die Frage "Do you wish to load remote user profiles for scanning?"
Dann öffnet sich ein neues Fenster "Select user Profile" mit vier Auswahlmöglichkeiten, unten habe ich das Häckchen bei "Automatically load all remaining users?" entfernt. Wenn ich auf ok drücke, passiert allerdings garnichts.

• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
__________________

Alt 20.01.2013, 15:03   #4
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



wähl da mal dein benutzerprofil aus, und teste obs geht
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 20.01.2013, 15:15   #5
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Wo finde ich das?

Wenn ich bei Windows bleibe, hab ich unter "Select user Profile" LocalService, NetworkService, Pc und systemprofile zur Auswahl. Hab jedes ausprobiert, startet allerdings trotzdem nicht.


Alt 20.01.2013, 18:57   #6
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



starte mal neu, und versuchs erneut
• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die
Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
         
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs
__________________
--> GVU Trojaner - Reatogo

Alt 20.01.2013, 21:28   #7
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Ok, es geht bei mir komischerweise erst, wenn ich es 4/5mal hinter einander mache. Auf jeden fall bekomm ich beim Durchlauf zwei Fehlermeldungen und man findest auch keine otl.txt dabei.

1.Fehler.
Windows/Out of Virtual Memory
Your system is low on virtual memory. To ensure that Windows runs properly, increase the size of your virtual memory paging file. For more information, see Help.

2.Fehler.
External exception C0000006.

Alt 21.01.2013, 13:23   #8
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



hi
versuchs mal ohne mein Script.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 15:14   #9
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Wie muss ich jetzt weiter vorgehen, bekomm kein Fragezeichen hin, weil die Tastatur anders ist.

Ich habe den Virus ja noch nicht entfernt oder

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/21/2013 4:07:24 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 277.50 Gb Total Space | 54.00 Gb Free Space | 19.46% Space Free | Partition Type: NTFS
Drive D: | 20.57 Gb Total Space | 12.62 Gb Free Space | 61.35% Space Free | Partition Type: FAT32
Drive E: | 1.92 Gb Total Space | 0.30 Gb Free Space | 15.50% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (NMIndexingService)
SRV - [2013/01/19 19:24:11 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\PC\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2013/01/08 15:52:42 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/11 06:39:32 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/11 06:39:18 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/28 10:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/09/05 10:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/17 08:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/07 01:22:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/05 04:20:12 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/02/11 06:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 04:18:59 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2007/12/05 04:18:53 | 000,098,984 | ---- | M] () [Auto] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/06/16 03:30:42 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto] -- C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2001/11/12 06:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot] --  -- (videX32)
DRV - File not found [Kernel | On_Demand] --  -- (SjyPkt)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - File not found [Kernel | On_Demand] --  -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] --  -- (EagleNT)
DRV - [2012/12/11 06:39:34 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 06:39:34 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 08:18:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 09:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/12/25 15:33:35 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV - [2007/06/16 07:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/13 05:09:44 | 000,017,280 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFilter.SYS -- (KMWDFilter)
DRV - [2007/03/26 08:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ViPrt.sys -- (ViPrt)
DRV - [2007/03/26 08:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\ViBus.sys -- (ViBus)
DRV - [2007/02/08 12:46:44 | 000,211,456 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/08 11:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006/12/01 23:53:32 | 000,015,360 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/17 03:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/06/08 03:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=1f5512de-fb7c-45ba-a0d4-e072f18b7d36&ref=homepage
IE - HKU\PC_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\PC_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\PC_ON_C\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKU\PC_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
IE - HKU\PC_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\PC_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\PC_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/15 13:57:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/10 16:12:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/03 05:41:54 | 000,000,000 | ---D | M]
 
[2012/03/18 06:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/06 08:53:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/12/23 02:35:58 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2012/07/07 01:22:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/11 11:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/08 10:57:16 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/11 11:52:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/11 11:52:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/11 11:52:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 20:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/02/11 11:52:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/11 11:52:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Iminent.BHO.NavigationError) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll (Iminent)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (GMX MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.6\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (GMX MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (GMX MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\PC_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [KMCONFIG]  File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\GMX MailCheck\IE\GMX_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\PC_ON_C..\Run: []  File not found
O4 - HKU\PC_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKU\PC_ON_C..\Run: [cymunem]  File not found
O4 - HKU\PC_ON_C..\Run: [Driver Whiz] C:\Program Files\Driver Whiz\Driver Whiz\DriverWhiz.exe (PC Drivers Headquarters)
O4 - HKU\PC_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\PC_ON_C..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\PC_ON_C..\RunOnce: [.IMinentUpdate]  File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 14:08:14 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/20 13:10:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/15 08:03:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/11 11:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/11 11:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/11 11:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/11 11:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/11 11:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/11 11:40:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/09 07:35:47 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 07:35:09 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/12/31 07:07:59 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\LOLReplay
[2012/12/31 07:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2010/09/02 09:05:30 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbsoft.dll
[2009/03/14 06:27:44 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDNhcp.dll
[2009/03/14 06:27:39 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdnusb1.dll
[2009/03/14 06:27:39 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdninpa.dll
[2009/03/14 06:27:39 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdniesc.dll
[2009/03/14 06:27:38 | 001,101,824 | ---- | C] ( ) -- C:\Windows\System32\lxdnserv.dll
[2009/03/14 06:27:38 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnpmui.dll
[2009/03/14 06:27:38 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdnlmpm.dll
[2009/03/14 06:27:38 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdnprox.dll
[2009/03/14 06:27:37 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdnhbn3.dll
[2009/03/14 06:27:37 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdnih.exe
[2009/03/14 06:27:36 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdncomc.dll
[2009/03/14 06:27:36 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdncoms.exe
[2009/03/14 06:27:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdncomm.dll
[2009/03/14 06:27:35 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdncfg.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/19 19:57:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/19 19:44:33 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/19 19:24:25 | 000,002,814 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/19 19:24:25 | 000,000,882 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/19 18:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/19 18:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/19 17:49:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 17:49:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/19 16:40:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/19 14:23:26 | 000,000,552 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for PC.job
[2013/01/19 06:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/19 05:49:00 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2013/01/13 11:46:33 | 000,001,999 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/13 11:43:32 | 000,681,680 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/13 11:43:32 | 000,640,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/13 11:43:32 | 000,148,950 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/13 11:43:32 | 000,122,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/13 10:44:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/11 11:49:29 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/11 11:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/10 13:32:31 | 234,628,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/09 10:55:04 | 003,729,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 15:52:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/08 15:52:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/03 13:34:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/31 07:07:45 | 000,001,782 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/12/31 07:07:45 | 000,001,702 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/19 19:24:25 | 000,002,814 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/19 19:24:25 | 000,000,882 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/19 19:24:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/11 11:49:29 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/10 13:32:31 | 234,628,757 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/31 07:07:45 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012/12/31 07:07:45 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2012/12/31 07:07:45 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012/08/10 15:28:01 | 000,000,051 | ---- | C] () -- C:\ProgramData\osdtngrmymcyfto
[2012/01/23 05:43:19 | 000,144,772 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/11/25 12:09:27 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat
[2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/10/02 15:31:29 | 000,100,352 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/10/02 15:31:27 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2010/10/02 15:31:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2010/10/02 15:31:25 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe
[2010/10/02 15:31:25 | 000,019,857 | ---- | C] () -- C:\Windows\unins000.dat
[2010/09/02 09:05:30 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010/09/02 09:05:30 | 000,006,836 | ---- | C] () -- C:\Program Files\UNWISE.INI
[2010/08/29 12:53:20 | 000,000,000 | ---- | C] () -- C:\Users\PC\AppData\Local\prvlcl.dat
[2009/10/13 07:25:46 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2009/10/13 07:25:46 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/10/10 20:14:29 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2009/08/08 02:00:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 02:00:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/24 07:18:43 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat
[2009/06/05 12:02:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/06 12:00:47 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/06 12:00:44 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/06 12:00:44 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/06 12:00:43 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/06 12:00:40 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/30 14:09:12 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/13 07:11:09 | 000,315,392 | ---- | C] () -- C:\Windows\System32\AegisI5.exe
[2009/04/13 07:11:08 | 000,295,018 | ---- | C] () -- C:\Windows\System32\Install7x.dll
[2009/04/13 07:11:08 | 000,002,048 | ---- | C] () -- C:\Windows\System32\drivers\rt73.bin
[2009/03/22 08:59:34 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/03/14 06:37:56 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdncoin.dll
[2009/03/14 06:32:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2009/03/14 06:32:39 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2009/03/14 06:32:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2009/03/14 06:32:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2009/03/14 06:27:57 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdnrwrd.ini
[2009/03/14 06:27:44 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDNinst.dll
[2009/03/14 06:27:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdngrd.dll
[2009/03/13 17:07:43 | 000,000,140 | ---- | C] () -- C:\Users\PC\AppData\default.pls
[2009/03/12 10:07:58 | 000,000,030 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Default.PLS
[2009/03/10 11:49:00 | 000,173,568 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/28 12:51:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdnvs.dll
[2007/11/20 19:02:39 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdndrs.dll
[2007/11/20 18:44:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdncaps.dll
[2007/10/02 17:51:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdncnv4.dll
[2007/06/22 04:28:13 | 001,018,748 | ---- | C] () -- C:\Windows\System32\nvucode.bin
[2007/06/22 03:57:55 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/06/21 05:34:37 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007/06/20 09:15:08 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007/06/13 08:38:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007/05/07 08:47:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007/01/23 07:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll
[2006/12/10 23:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 10:33:31 | 000,681,680 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 10:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 10:33:31 | 000,148,950 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 10:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,729,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,640,710 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,122,594 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/20 00:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2002/03/13 07:15:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
 
========== LOP Check ==========
 
[2012/12/02 08:44:18 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\1&1 Mail & Media GmbH
[2009/09/21 13:03:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BitTorrent
[2009/03/06 06:41:20 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BullGuard
[2012/01/28 08:10:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/12/06 14:52:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Diktate
[2011/07/07 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DS-Timer
[2010/06/05 04:15:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\FOG Downloader
[2010/12/06 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Freudenreich
[2010/03/11 11:04:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\gtk-2.0
[2013/01/13 05:24:38 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ICQ
[2009/04/13 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\InterTrust
[2012/06/12 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\JLC's Software
[2011/08/29 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Kalydo
[2009/08/31 08:22:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ldoce5
[2009/03/14 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Lexmark Productivity Studio
[2011/07/20 11:45:21 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LolClient
[2012/05/24 05:49:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LolClient2
[2009/03/23 10:56:47 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MAGIX
[2009/09/21 07:03:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org
[2009/05/22 05:40:07 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Opera
[2012/09/15 06:05:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PCCUStubInstaller
[2012/01/02 07:09:04 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Publish Providers
[2009/03/09 14:56:17 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sonavis
[2012/01/02 07:08:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sony
[2009/05/22 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\SuperEasy Software
[2010/02/20 06:13:05 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TeamViewer
[2011/11/21 12:21:59 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TS3Client
[2012/06/12 13:03:00 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TuneUp Software
[2010/06/15 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TVcentral-Core
[2012/04/03 07:37:54 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ubisoft
[2009/05/13 07:41:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ulead Systems
[2012/12/02 08:44:15 | 000,000,000 | ---D | M] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013/01/11 11:49:08 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/04/30 07:39:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/03/23 11:00:36 | 000,000,000 | ---D | M] -- C:\ProgramData\App4rTemp
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/12/22 11:57:06 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2009/07/17 11:56:09 | 000,000,000 | ---D | M] -- C:\ProgramData\AVP 2009
[2009/07/17 13:15:23 | 000,000,000 | ---D | M] -- C:\ProgramData\BullGuard
[2012/06/12 13:02:04 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/09/15 06:06:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Driver Whiz
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/07/02 07:58:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2007/06/20 09:15:04 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2012/03/01 17:15:18 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/12/23 02:36:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent
[2012/06/13 11:06:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Intenium
[2011/12/23 09:33:37 | 000,000,000 | ---D | M] -- C:\ProgramData\IObit
[2010/03/22 09:24:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Lexmark 2600 Series
[2012/08/10 15:28:09 | 000,000,000 | ---D | M] -- C:\ProgramData\lidycxpzeffrqgw
[2012/03/01 17:46:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Lx_cats
[2007/06/22 03:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/11/13 12:10:51 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2011/07/20 11:52:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2013/01/19 16:19:43 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2012/06/13 10:55:52 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2009/05/10 15:45:40 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2012/01/31 15:11:48 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/01/02 06:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/13 10:06:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Tandem
[2011/06/30 11:49:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2009/10/21 04:58:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/06/12 13:04:06 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012/12/03 06:38:41 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2012/04/03 07:37:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/05/13 07:34:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2012/12/02 08:43:48 | 000,000,000 | ---D | M] -- C:\ProgramData\UUdb
[2009/03/06 05:18:07 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/07/17 09:48:27 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/08/22 07:39:10 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2009/03/16 13:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/09/02 09:07:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2D559015-4C05-4AE5-8C8B-7E13E1EAB09D}
[2012/06/12 13:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/04/07 08:47:27 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 09:04:15 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/05 13:38:40 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/01/19 05:49:00 | 000,000,298 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2013/01/19 04:52:42 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
         
--- --- ---

Alt 21.01.2013, 17:40   #10
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/01/19 19:44:33 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/19 19:24:25 | 000,002,814 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/19 19:24:25 | 000,000,882 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
C:\Users\PC\wgsdgsdgdsgsd.exe
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 18:40   #11
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Ich hab es einfach direkt kopiert, weil ich immernoch Internet mit dem Pc habe, wusste allerdings nicht was du mit alles anhaken meinst. Ich hoffe mal das hier ist das was du brauchst, sonst mache ich es nochmal so wie es da steht.

========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
========== FILES ==========
C:\Users\PC\wgsdgsdgdsgsd.exe moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56516 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PC

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PC

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26735816838 bytes

Total Files Cleaned = 25,497.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 01212013_193705

Alt 21.01.2013, 18:45   #12
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



passt.
neustarten in den normalen modus ohne cd, internet verbindung herstellen, wenns läuft:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 19:04   #13
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Vielen Dank!


19:59:20.0837 0776 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:59:21.0103 0776 ============================================================
19:59:21.0103 0776 Current date / time: 2013/01/21 19:59:21.0103
19:59:21.0103 0776 SystemInfo:
19:59:21.0103 0776
19:59:21.0103 0776 OS Version: 6.0.6002 ServicePack: 2.0
19:59:21.0103 0776 Product type: Workstation
19:59:21.0103 0776 ComputerName: PC-PC
19:59:21.0103 0776 UserName: PC
19:59:21.0103 0776 Windows directory: C:\Windows
19:59:21.0103 0776 System windows directory: C:\Windows
19:59:21.0103 0776 Processor architecture: Intel x86
19:59:21.0103 0776 Number of processors: 2
19:59:21.0103 0776 Page size: 0x1000
19:59:21.0103 0776 Boot type: Normal boot
19:59:21.0103 0776 ============================================================
19:59:22.0491 0776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:59:22.0507 0776 Drive \Device\Harddisk1\DR1 - Size: 0x7B000000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:59:22.0522 0776 ============================================================
19:59:22.0522 0776 \Device\Harddisk0\DR0:
19:59:22.0522 0776 MBR partitions:
19:59:22.0553 0776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x22B02B02, BlocksNum 0x292ABBF
19:59:22.0553 0776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22B01800
19:59:22.0553 0776 \Device\Harddisk1\DR1:
19:59:22.0553 0776 MBR partitions:
19:59:22.0553 0776 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D7FE0
19:59:22.0553 0776 ============================================================
19:59:22.0600 0776 C: <-> \Device\Harddisk0\DR0\Partition2
19:59:22.0600 0776 D: <-> \Device\Harddisk0\DR0\Partition1
19:59:22.0600 0776 ============================================================
19:59:22.0600 0776 Initialize success
19:59:22.0600 0776 ============================================================
19:59:58.0154 5748 ============================================================
19:59:58.0154 5748 Scan started
19:59:58.0154 5748 Mode: Manual; SigCheck; TDLFS;
19:59:58.0154 5748 ============================================================
20:00:02.0990 5748 ================ Scan system memory ========================
20:00:02.0990 5748 System memory - ok
20:00:02.0990 5748 ================ Scan services =============================
20:00:03.0660 5748 1394hub - ok
20:00:03.0754 5748 [ 5ABD10518DEC48B4FA5FFC03B73402E5 ] 3xHybrid C:\Windows\system32\DRIVERS\3xHybrid.sys
20:00:04.0222 5748 3xHybrid - ok
20:00:04.0331 5748 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:00:04.0440 5748 ACPI - ok
20:00:04.0518 5748 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:04.0643 5748 AdobeFlashPlayerUpdateSvc - ok
20:00:04.0784 5748 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:00:04.0971 5748 adp94xx - ok
20:00:05.0080 5748 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:00:05.0174 5748 adpahci - ok
20:00:05.0205 5748 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:00:05.0283 5748 adpu160m - ok
20:00:05.0314 5748 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:00:05.0392 5748 adpu320 - ok
20:00:05.0486 5748 [ 91F3DF93F40A74D222CD166FE95DB633 ] AegisP C:\Windows\system32\DRIVERS\AegisP.sys
20:00:05.0610 5748 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:00:05.0610 5748 AegisP - detected UnsignedFile.Multi.Generic (1)
20:00:05.0642 5748 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:00:06.0578 5748 AeLookupSvc - ok
20:00:06.0780 5748 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:00:07.0077 5748 AFD - ok
20:00:07.0170 5748 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:00:07.0264 5748 aic78xx - ok
20:00:07.0295 5748 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:00:07.0872 5748 ALG - ok
20:00:08.0075 5748 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
20:00:08.0247 5748 aliide - ok
20:00:08.0418 5748 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:00:08.0637 5748 amdagp - ok
20:00:08.0684 5748 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
20:00:08.0808 5748 amdide - ok
20:00:08.0855 5748 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:00:11.0570 5748 AmdK7 - ok
20:00:11.0632 5748 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:00:11.0804 5748 AmdK8 - ok
20:00:12.0022 5748 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:00:12.0069 5748 AntiVirSchedulerService - ok
20:00:12.0131 5748 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:00:12.0178 5748 AntiVirService - ok
20:00:12.0272 5748 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:00:12.0396 5748 Appinfo - ok
20:00:12.0646 5748 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:00:12.0724 5748 Apple Mobile Device - ok
20:00:12.0927 5748 [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
20:00:13.0442 5748 Application Updater ( UnsignedFile.Multi.Generic ) - warning
20:00:13.0442 5748 Application Updater - detected UnsignedFile.Multi.Generic (1)
20:00:13.0504 5748 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:00:13.0629 5748 arc - ok
20:00:13.0722 5748 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:00:13.0894 5748 arcsas - ok
20:00:14.0128 5748 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:00:14.0300 5748 aspnet_state - ok
20:00:14.0393 5748 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:14.0643 5748 AsyncMac - ok
20:00:14.0658 5748 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:00:14.0690 5748 atapi - ok
20:00:14.0799 5748 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:14.0877 5748 AudioEndpointBuilder - ok
20:00:14.0892 5748 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:00:14.0924 5748 Audiosrv - ok
20:00:15.0033 5748 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:00:15.0126 5748 avgntflt - ok
20:00:15.0158 5748 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:00:15.0267 5748 avipbb - ok
20:00:15.0314 5748 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:00:15.0392 5748 avkmgr - ok
20:00:15.0485 5748 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:00:15.0688 5748 Beep - ok
20:00:15.0766 5748 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:00:15.0953 5748 BFE - ok
20:00:16.0062 5748 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:00:16.0312 5748 BITS - ok
20:00:16.0328 5748 blbdrive - ok
20:00:16.0499 5748 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:00:16.0686 5748 Bonjour Service - ok
20:00:16.0718 5748 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:00:16.0905 5748 bowser - ok
20:00:17.0014 5748 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:00:17.0186 5748 BrFiltLo - ok
20:00:17.0217 5748 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:00:17.0388 5748 BrFiltUp - ok
20:00:17.0420 5748 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:00:17.0622 5748 Browser - ok
20:00:17.0685 5748 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:00:17.0763 5748 Brserid - ok
20:00:17.0778 5748 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:00:17.0903 5748 BrSerWdm - ok
20:00:17.0919 5748 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:00:18.0075 5748 BrUsbMdm - ok
20:00:18.0106 5748 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:00:18.0246 5748 BrUsbSer - ok
20:00:18.0278 5748 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:00:18.0418 5748 BTHMODEM - ok
20:00:18.0465 5748 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:00:18.0574 5748 cdfs - ok
20:00:18.0605 5748 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:00:18.0792 5748 cdrom - ok
20:00:18.0886 5748 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:00:19.0026 5748 CertPropSvc - ok
20:00:19.0448 5748 [ 6B19D86AFD6157CDE6BED55CBF9F4CA2 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
20:00:19.0884 5748 CGVPNCliSrvc - ok
20:00:19.0962 5748 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:00:20.0134 5748 circlass - ok
20:00:20.0181 5748 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:00:20.0352 5748 CLFS - ok
20:00:20.0446 5748 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:20.0586 5748 clr_optimization_v2.0.50727_32 - ok
20:00:20.0618 5748 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:20.0852 5748 clr_optimization_v4.0.30319_32 - ok
20:00:20.0867 5748 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:00:20.0945 5748 cmdide - ok
20:00:20.0961 5748 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:00:21.0054 5748 Compbatt - ok
20:00:21.0070 5748 COMSysApp - ok
20:00:21.0086 5748 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:00:21.0132 5748 crcdisk - ok
20:00:21.0148 5748 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:00:21.0257 5748 Crusoe - ok
20:00:21.0320 5748 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:00:21.0398 5748 CryptSvc - ok
20:00:21.0476 5748 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:00:21.0600 5748 DcomLaunch - ok
20:00:21.0616 5748 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:00:21.0803 5748 DfsC - ok
20:00:22.0006 5748 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:00:22.0380 5748 DFSR - ok
20:00:22.0568 5748 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:00:22.0630 5748 Dhcp - ok
20:00:22.0708 5748 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:00:22.0802 5748 disk - ok
20:00:22.0895 5748 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:00:23.0051 5748 Dnscache - ok
20:00:23.0192 5748 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:00:23.0348 5748 dot3svc - ok
20:00:23.0426 5748 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:00:23.0472 5748 DPS - ok
20:00:23.0550 5748 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:00:23.0644 5748 drmkaud - ok
20:00:23.0738 5748 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:00:23.0909 5748 DXGKrnl - ok
20:00:23.0972 5748 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:00:24.0143 5748 E1G60 - ok
20:00:24.0268 5748 EagleNT - ok
20:00:24.0315 5748 EagleXNt - ok
20:00:24.0408 5748 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:00:24.0486 5748 EapHost - ok
20:00:24.0611 5748 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:00:24.0674 5748 Ecache - ok
20:00:24.0752 5748 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:00:24.0876 5748 ehRecvr - ok
20:00:24.0908 5748 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:00:25.0079 5748 ehSched - ok
20:00:25.0095 5748 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:00:25.0157 5748 ehstart - ok
20:00:25.0235 5748 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:00:25.0391 5748 elxstor - ok
20:00:25.0454 5748 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:00:25.0688 5748 EMDMgmt - ok
20:00:25.0797 5748 [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
20:00:25.0828 5748 EuMusDesignVirtualAudioCableWdm - ok
20:00:25.0953 5748 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:00:26.0046 5748 EventSystem - ok
20:00:26.0140 5748 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:00:26.0343 5748 exfat - ok
20:00:26.0390 5748 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:00:26.0499 5748 fastfat - ok
20:00:26.0530 5748 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:00:26.0702 5748 fdc - ok
20:00:26.0717 5748 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:00:26.0764 5748 fdPHost - ok
20:00:26.0842 5748 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:00:27.0029 5748 FDResPub - ok
20:00:27.0092 5748 [ 8787449F8EF116DB0E8E06C3555746A7 ] FET5X86V C:\Windows\system32\DRIVERS\fetnd5bv.sys
20:00:27.0263 5748 FET5X86V - ok
20:00:27.0326 5748 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
20:00:27.0497 5748 FETNDIS - ok
20:00:27.0638 5748 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:00:27.0762 5748 FileInfo - ok
20:00:27.0794 5748 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:00:27.0903 5748 Filetrace - ok
20:00:27.0981 5748 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:28.0262 5748 flpydisk - ok
20:00:28.0418 5748 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:00:28.0620 5748 FltMgr - ok
20:00:29.0073 5748 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:00:29.0198 5748 FontCache - ok
20:00:29.0338 5748 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:00:29.0510 5748 FontCache3.0.0.0 - ok
20:00:29.0541 5748 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:00:29.0681 5748 Fs_Rec - ok
20:00:29.0728 5748 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:00:29.0822 5748 gagp30kx - ok
20:00:29.0915 5748 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:00:30.0040 5748 GEARAspiWDM - ok
20:00:30.0149 5748 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:00:30.0336 5748 gpsvc - ok
20:00:30.0414 5748 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9d1b1cd38dff8 C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:30.0430 5748 gupdate1c9d1b1cd38dff8 - ok
20:00:30.0492 5748 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:00:30.0508 5748 gupdatem - ok
20:00:30.0555 5748 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:00:30.0570 5748 gusvc - ok
20:00:30.0664 5748 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:00:30.0867 5748 HdAudAddService - ok
20:00:30.0960 5748 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:00:31.0428 5748 HDAudBus - ok
20:00:31.0475 5748 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:00:31.0616 5748 HidBth - ok
20:00:31.0662 5748 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:00:31.0865 5748 HidIr - ok
20:00:31.0912 5748 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:00:32.0037 5748 hidserv - ok
20:00:32.0146 5748 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:00:32.0302 5748 HidUsb - ok
20:00:32.0364 5748 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:00:32.0583 5748 hkmsvc - ok
20:00:32.0692 5748 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:00:32.0832 5748 HpCISSs - ok
20:00:32.0942 5748 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:00:33.0347 5748 HTTP - ok
20:00:33.0394 5748 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:00:33.0488 5748 i2omp - ok
20:00:33.0566 5748 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:00:33.0675 5748 i8042prt - ok
20:00:33.0690 5748 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:00:33.0846 5748 iaStorV - ok
20:00:33.0971 5748 [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
20:00:34.0190 5748 ICQ Service - ok
20:00:34.0392 5748 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:00:34.0626 5748 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:00:34.0626 5748 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:00:34.0954 5748 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:00:36.0218 5748 idsvc - ok
20:00:36.0280 5748 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:00:36.0764 5748 iirsp - ok
20:00:36.0810 5748 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:00:36.0982 5748 IKEEXT - ok
20:00:37.0278 5748 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:00:38.0308 5748 IntcAzAudAddService - ok
20:00:38.0573 5748 [ E5EA1C17DA5065032E346591FF64F3AF ] intelide C:\Windows\system32\drivers\intelide.sys
20:00:38.0636 5748 intelide - ok
20:00:38.0714 5748 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:00:39.0026 5748 intelppm - ok
20:00:39.0057 5748 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:00:39.0150 5748 IPBusEnum - ok
20:00:39.0182 5748 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:00:39.0291 5748 IpFilterDriver - ok
20:00:39.0384 5748 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:00:39.0447 5748 iphlpsvc - ok
20:00:39.0447 5748 IpInIp - ok
20:00:39.0478 5748 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:00:39.0618 5748 IPMIDRV - ok
20:00:39.0650 5748 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:00:39.0743 5748 IPNAT - ok
20:00:40.0102 5748 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:00:40.0133 5748 iPod Service - ok
20:00:40.0180 5748 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:00:40.0320 5748 IRENUM - ok
20:00:40.0367 5748 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:00:40.0695 5748 isapnp - ok
20:00:40.0742 5748 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:00:40.0944 5748 iScsiPrt - ok
20:00:40.0976 5748 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:00:41.0054 5748 iteatapi - ok
20:00:41.0116 5748 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:00:41.0178 5748 iteraid - ok
20:00:41.0241 5748 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:00:41.0397 5748 kbdclass - ok
20:00:41.0522 5748 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:00:41.0662 5748 kbdhid - ok
20:00:41.0693 5748 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:00:41.0834 5748 KeyIso - ok
20:00:41.0880 5748 [ D8DF201E64B455DE473FEFD4A7A7AF0C ] KMWDFilter C:\Windows\System32\Drivers\KMWDFilter.SYS
20:00:41.0943 5748 KMWDFilter ( UnsignedFile.Multi.Generic ) - warning
20:00:41.0943 5748 KMWDFilter - detected UnsignedFile.Multi.Generic (1)
20:00:42.0192 5748 [ 393B6C708B318C457317A32A1F45C545 ] KMWDSERVICE C:\Program Files\Silvercrest OM1007 driver\KMWDSrv.exe
20:00:42.0333 5748 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
20:00:42.0333 5748 KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
20:00:42.0504 5748 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:00:42.0848 5748 KSecDD - ok
20:00:42.0941 5748 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:00:43.0160 5748 KtmRm - ok
20:00:43.0222 5748 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:00:43.0347 5748 LanmanServer - ok
20:00:43.0440 5748 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:00:43.0596 5748 LanmanWorkstation - ok
20:00:44.0330 5748 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:00:44.0376 5748 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:00:44.0376 5748 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:00:44.0891 5748 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:00:45.0234 5748 lltdio - ok
20:00:45.0344 5748 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:00:45.0562 5748 lltdsvc - ok
20:00:45.0671 5748 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:00:45.0890 5748 lmhosts - ok
20:00:45.0983 5748 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:00:46.0155 5748 LSI_FC - ok
20:00:46.0186 5748 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:00:46.0233 5748 LSI_SAS - ok
20:00:46.0342 5748 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:00:46.0420 5748 LSI_SCSI - ok
20:00:46.0467 5748 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:00:46.0560 5748 luafv - ok
20:00:46.0748 5748 [ AB694FA24E02246F9DDCDD729D6B9278 ] lxdnCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
20:00:46.0904 5748 lxdnCATSCustConnectService - ok
20:00:46.0950 5748 lxdn_device - ok
20:00:47.0216 5748 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
20:00:47.0465 5748 McComponentHostService - ok
20:00:47.0543 5748 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:00:47.0637 5748 Mcx2Svc - ok
20:00:47.0684 5748 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:00:47.0762 5748 megasas - ok
20:00:47.0840 5748 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:00:47.0886 5748 MMCSS - ok
20:00:47.0949 5748 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:00:48.0058 5748 Modem - ok
20:00:48.0245 5748 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:00:48.0557 5748 monitor - ok
20:00:48.0573 5748 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:00:48.0885 5748 mouclass - ok
20:00:48.0963 5748 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:00:49.0212 5748 mouhid - ok
20:00:49.0306 5748 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:00:49.0587 5748 MountMgr - ok
20:00:49.0868 5748 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:00:50.0086 5748 MozillaMaintenance - ok
20:00:50.0351 5748 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:00:50.0554 5748 mpio - ok
20:00:50.0694 5748 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:00:50.0850 5748 mpsdrv - ok
20:00:51.0724 5748 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:00:52.0036 5748 MpsSvc - ok
20:00:52.0114 5748 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:00:52.0442 5748 Mraid35x - ok
20:00:52.0598 5748 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:00:52.0722 5748 MRxDAV - ok
20:00:52.0800 5748 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:00:53.0549 5748 mrxsmb - ok
20:00:53.0768 5748 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:00:54.0251 5748 mrxsmb10 - ok
20:00:54.0345 5748 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:00:54.0688 5748 mrxsmb20 - ok
20:00:54.0750 5748 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
20:00:54.0844 5748 msahci - ok
20:00:54.0906 5748 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:00:55.0000 5748 msdsm - ok
20:00:55.0078 5748 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:00:55.0187 5748 MSDTC - ok
20:00:55.0328 5748 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:00:55.0608 5748 Msfs - ok
20:00:55.0718 5748 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:00:55.0764 5748 msisadrv - ok
20:00:55.0936 5748 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:00:56.0154 5748 MSiSCSI - ok
20:00:56.0170 5748 msiserver - ok
20:00:56.0420 5748 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:00:56.0669 5748 MSKSSRV - ok
20:00:56.0903 5748 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:00:57.0137 5748 MSPCLOCK - ok
20:00:57.0278 5748 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:00:57.0574 5748 MSPQM - ok
20:00:58.0338 5748 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:00:58.0635 5748 MsRPC - ok
20:00:59.0009 5748 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:00:59.0040 5748 mssmbios - ok
20:00:59.0181 5748 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:00:59.0368 5748 MSTEE - ok
20:00:59.0540 5748 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:00:59.0758 5748 Mup - ok
20:01:00.0210 5748 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:01:00.0616 5748 napagent - ok
20:01:01.0037 5748 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:01:01.0318 5748 NativeWifiP - ok
20:01:01.0692 5748 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:01:02.0457 5748 NDIS - ok
20:01:02.0566 5748 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:02.0675 5748 NdisTapi - ok
20:01:02.0738 5748 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:02.0894 5748 Ndisuio - ok
20:01:03.0034 5748 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:03.0174 5748 NdisWan - ok
20:01:03.0315 5748 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:01:03.0518 5748 NDProxy - ok
20:01:03.0611 5748 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:01:03.0736 5748 NetBIOS - ok
20:01:03.0954 5748 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:01:04.0126 5748 netbt - ok
20:01:04.0173 5748 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:01:04.0188 5748 Netlogon - ok
20:01:04.0360 5748 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:01:04.0516 5748 Netman - ok
20:01:04.0672 5748 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:01:05.0561 5748 NetMsmqActivator - ok
20:01:05.0967 5748 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:01:06.0107 5748 NetPipeActivator - ok
20:01:06.0294 5748 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:01:06.0450 5748 netprofm - ok
20:01:06.0794 5748 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:01:06.0809 5748 NetTcpActivator - ok
20:01:06.0825 5748 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:01:06.0856 5748 NetTcpPortSharing - ok
20:01:06.0903 5748 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:01:07.0012 5748 nfrd960 - ok
20:01:07.0137 5748 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:01:07.0215 5748 NlaSvc - ok
20:01:07.0542 5748 NMIndexingService - ok
20:01:07.0683 5748 Norton PC Checkup Application Launcher - ok
20:01:07.0730 5748 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:01:07.0854 5748 Npfs - ok
20:01:07.0948 5748 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:01:08.0026 5748 nsi - ok
20:01:08.0151 5748 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:01:08.0276 5748 nsiproxy - ok
20:01:08.0650 5748 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:01:10.0241 5748 Ntfs - ok
20:01:10.0319 5748 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:01:10.0553 5748 ntrigdigi - ok
20:01:10.0647 5748 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:01:10.0803 5748 Null - ok
20:01:12.0660 5748 [ 2D47C87CD0290E3989639554F0C01444 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:01:23.0496 5748 nvlddmkm - ok
20:01:23.0574 5748 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:01:23.0777 5748 nvraid - ok
20:01:23.0843 5748 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:01:23.0902 5748 nvstor - ok
20:01:23.0942 5748 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:01:24.0011 5748 nv_agp - ok
20:01:24.0019 5748 NwlnkFlt - ok
20:01:24.0031 5748 NwlnkFwd - ok
20:01:24.0133 5748 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:01:24.0408 5748 ohci1394 - ok
20:01:24.0576 5748 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:01:25.0235 5748 p2pimsvc - ok
20:01:25.0435 5748 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:01:25.0494 5748 p2psvc - ok
20:01:25.0598 5748 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:01:25.0669 5748 Parport - ok
20:01:25.0744 5748 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:01:25.0810 5748 partmgr - ok
20:01:25.0862 5748 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:01:25.0929 5748 Parvdm - ok
20:01:26.0003 5748 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:01:26.0201 5748 PcaSvc - ok
20:01:26.0325 5748 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:01:26.0370 5748 pci - ok
20:01:26.0478 5748 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
20:01:26.0530 5748 pciide - ok
20:01:26.0588 5748 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:01:26.0701 5748 pcmcia - ok
20:01:26.0825 5748 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:01:27.0185 5748 PEAUTH - ok
20:01:27.0516 5748 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:01:29.0156 5748 pla - ok
20:01:29.0385 5748 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:01:29.0440 5748 PlugPlay - ok
20:01:29.0634 5748 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:01:30.0214 5748 PNRPAutoReg - ok
20:01:30.0411 5748 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:01:30.0579 5748 PNRPsvc - ok
20:01:30.0747 5748 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:01:30.0984 5748 PolicyAgent - ok
20:01:31.0029 5748 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:01:31.0222 5748 PptpMiniport - ok
20:01:31.0263 5748 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:01:31.0374 5748 Processor - ok
20:01:31.0433 5748 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:01:31.0471 5748 ProfSvc - ok
20:01:31.0535 5748 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:01:31.0591 5748 ProtectedStorage - ok
20:01:31.0774 5748 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:01:32.0037 5748 PSched - ok
20:01:32.0419 5748 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:01:32.0856 5748 ql2300 - ok
20:01:32.0923 5748 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:01:32.0951 5748 ql40xx - ok
20:01:33.0107 5748 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:01:33.0364 5748 QWAVE - ok
20:01:33.0437 5748 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:01:33.0548 5748 QWAVEdrv - ok
20:01:33.0868 5748 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
20:01:35.0016 5748 R300 - ok
20:01:35.0129 5748 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:01:35.0198 5748 RasAcd - ok
20:01:35.0272 5748 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:01:35.0385 5748 RasAuto - ok
20:01:35.0470 5748 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:35.0550 5748 Rasl2tp - ok
20:01:35.0700 5748 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:01:35.0850 5748 RasMan - ok
20:01:35.0954 5748 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:36.0135 5748 RasPppoe - ok
20:01:36.0254 5748 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:01:36.0333 5748 RasSstp - ok
20:01:36.0445 5748 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:01:36.0801 5748 rdbss - ok
20:01:36.0858 5748 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:36.0955 5748 RDPCDD - ok
20:01:37.0098 5748 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:01:37.0202 5748 rdpdr - ok
20:01:37.0236 5748 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:01:37.0312 5748 RDPENCDD - ok
20:01:37.0354 5748 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:01:37.0435 5748 RDPWD - ok
20:01:37.0516 5748 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:01:37.0696 5748 RemoteAccess - ok
20:01:37.0740 5748 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:01:37.0852 5748 RemoteRegistry - ok
20:01:37.0903 5748 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:01:37.0985 5748 RpcLocator - ok
20:01:38.0075 5748 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:01:38.0154 5748 RpcSs - ok
20:01:38.0194 5748 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:01:38.0319 5748 rspndr - ok
20:01:38.0430 5748 [ ABDC839BD1C53F9C17449B10221CB942 ] RT73 C:\Windows\system32\DRIVERS\rt73.sys
20:01:38.0752 5748 RT73 - ok
20:01:38.0898 5748 [ B095D0F2511C6B22BC03F32BBD3EEEAB ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
20:01:39.0127 5748 RTL8187B - ok
20:01:39.0211 5748 [ F96D7A73E4F31509FBB97D128C88E308 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
20:01:39.0370 5748 RtlProt ( UnsignedFile.Multi.Generic ) - warning
20:01:39.0370 5748 RtlProt - detected UnsignedFile.Multi.Generic (1)
20:01:39.0543 5748 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:01:39.0630 5748 SamSs - ok
20:01:39.0797 5748 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:01:39.0921 5748 sbp2port - ok
20:01:40.0018 5748 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:01:40.0200 5748 SCardSvr - ok
20:01:40.0369 5748 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:01:40.0794 5748 Schedule - ok
20:01:40.0854 5748 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:01:40.0879 5748 SCPolicySvc - ok
20:01:40.0942 5748 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:01:41.0169 5748 SDRSVC - ok
20:01:41.0286 5748 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:01:41.0402 5748 secdrv - ok
20:01:41.0489 5748 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:01:41.0556 5748 seclogon - ok
20:01:41.0640 5748 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:01:41.0713 5748 SENS - ok
20:01:41.0823 5748 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:01:41.0922 5748 Serenum - ok
20:01:41.0961 5748 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:01:42.0025 5748 Serial - ok
20:01:42.0084 5748 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:01:42.0158 5748 sermouse - ok
20:01:42.0212 5748 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:01:42.0287 5748 SessionEnv - ok
20:01:42.0361 5748 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:01:42.0468 5748 sffdisk - ok
20:01:42.0489 5748 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:01:42.0568 5748 sffp_mmc - ok
20:01:42.0630 5748 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:01:42.0719 5748 sffp_sd - ok
20:01:42.0784 5748 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:01:42.0882 5748 sfloppy - ok
20:01:43.0073 5748 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:01:43.0214 5748 SharedAccess - ok
20:01:43.0344 5748 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:01:43.0556 5748 ShellHWDetection - ok
20:01:43.0636 5748 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:01:43.0863 5748 SiSRaid2 - ok
20:01:43.0904 5748 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:01:44.0110 5748 SiSRaid4 - ok
20:01:44.0208 5748 SjyPkt - ok
20:01:44.0495 5748 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:01:44.0813 5748 SkypeUpdate - ok
20:01:46.0578 5748 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:01:54.0459 5748 slsvc - ok
20:01:54.0545 5748 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:01:54.0678 5748 SLUINotify - ok
20:01:54.0809 5748 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:01:55.0132 5748 Smb - ok
20:01:55.0219 5748 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:01:55.0434 5748 SNMPTRAP - ok
20:01:55.0514 5748 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:01:55.0629 5748 spldr - ok
20:01:55.0769 5748 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:01:55.0970 5748 Spooler - ok
20:01:56.0096 5748 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:01:56.0672 5748 srv - ok
20:01:56.0901 5748 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:01:57.0138 5748 srv2 - ok
20:01:57.0200 5748 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:01:57.0706 5748 srvnet - ok
20:01:57.0866 5748 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:01:58.0340 5748 SSDPSRV - ok
20:01:58.0488 5748 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:01:58.0622 5748 ssmdrv - ok
20:01:58.0775 5748 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:01:58.0927 5748 SstpSvc - ok
20:01:59.0388 5748 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:01:59.0712 5748 stisvc - ok
20:01:59.0807 5748 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:01:59.0886 5748 swenum - ok
20:02:00.0274 5748 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:02:00.0984 5748 swprv - ok
20:02:01.0077 5748 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:02:01.0262 5748 Symc8xx - ok
20:02:01.0338 5748 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:02:01.0500 5748 Sym_hi - ok
20:02:01.0631 5748 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:02:01.0852 5748 Sym_u3 - ok
20:02:02.0219 5748 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:02:02.0697 5748 SysMain - ok
20:02:02.0821 5748 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:02:02.0965 5748 TabletInputService - ok
20:02:03.0091 5748 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:02:03.0567 5748 TapiSrv - ok
20:02:03.0738 5748 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:02:03.0927 5748 TBS - ok
20:02:04.0436 5748 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:02:05.0523 5748 Tcpip - ok
20:02:05.0911 5748 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:02:06.0339 5748 Tcpip6 - ok
20:02:06.0473 5748 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:02:07.0128 5748 tcpipreg - ok
20:02:07.0181 5748 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:02:07.0906 5748 TDPIPE - ok
20:02:08.0055 5748 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:02:08.0261 5748 TDTCP - ok
20:02:08.0392 5748 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:02:08.0542 5748 tdx - ok
20:02:08.0807 5748 [ D827A50CEC8A16180EEC4F1951B7A842 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
20:02:08.0842 5748 TeamViewer5 - ok
20:02:08.0933 5748 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:02:09.0007 5748 TermDD - ok
20:02:09.0429 5748 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:02:09.0801 5748 TermService - ok
20:02:09.0884 5748 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:02:09.0958 5748 Themes - ok
20:02:10.0135 5748 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:02:10.0190 5748 THREADORDER - ok
20:02:10.0272 5748 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:02:10.0355 5748 TrkWks - ok
20:02:10.0629 5748 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:02:10.0701 5748 TrustedInstaller - ok
20:02:10.0814 5748 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:11.0044 5748 tssecsrv - ok
20:02:11.0244 5748 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:02:11.0604 5748 tunmp - ok
20:02:11.0745 5748 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:02:11.0836 5748 tunnel - ok
20:02:11.0905 5748 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:02:12.0135 5748 uagp35 - ok
20:02:12.0278 5748 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:02:12.0669 5748 udfs - ok
20:02:12.0856 5748 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:02:13.0037 5748 UI0Detect - ok
20:02:13.0376 5748 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:02:13.0624 5748 uliagpkx - ok
20:02:13.0927 5748 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:02:14.0305 5748 uliahci - ok
20:02:14.0510 5748 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:02:15.0330 5748 UlSata - ok
20:02:15.0379 5748 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:02:15.0659 5748 ulsata2 - ok
20:02:15.0745 5748 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:02:15.0933 5748 umbus - ok
20:02:16.0114 5748 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:02:16.0384 5748 upnphost - ok
20:02:16.0510 5748 [ D4FB6ECC60A428564BA8768B0E23C0FC ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:02:16.0673 5748 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:02:16.0674 5748 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:02:17.0225 5748 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:02:17.0414 5748 usbaudio - ok
20:02:17.0720 5748 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:18.0091 5748 usbccgp - ok
20:02:18.0178 5748 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:02:18.0495 5748 usbcir - ok
20:02:18.0655 5748 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:02:18.0994 5748 usbehci - ok
20:02:19.0164 5748 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:02:19.0523 5748 usbhub - ok
20:02:19.0597 5748 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:02:19.0914 5748 usbohci - ok
20:02:20.0013 5748 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:02:20.0304 5748 usbprint - ok
20:02:20.0411 5748 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:02:20.0961 5748 usbscan - ok
20:02:21.0838 5748 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:22.0056 5748 USBSTOR - ok
20:02:22.0137 5748 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:22.0637 5748 usbuhci - ok
20:02:22.0910 5748 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:02:22.0998 5748 UxSms - ok
20:02:23.0287 5748 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:02:23.0989 5748 vds - ok
20:02:24.0155 5748 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:24.0402 5748 vga - ok
20:02:24.0574 5748 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:02:24.0822 5748 VgaSave - ok
20:02:24.0883 5748 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:02:25.0212 5748 viaagp - ok
20:02:25.0401 5748 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:02:25.0856 5748 ViaC7 - ok
20:02:26.0268 5748 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:02:26.0381 5748 viaide - ok
20:02:26.0570 5748 [ AA3E6722843540B9C8EC5257E3D4B675 ] ViBus C:\Windows\system32\DRIVERS\ViBus.sys
20:02:26.0639 5748 ViBus - ok
20:02:26.0648 5748 videX32 - ok
20:02:26.0745 5748 [ A1B7CFFE5F09B825FBA506C4DE9FDAC7 ] ViPrt C:\Windows\system32\DRIVERS\ViPrt.sys
20:02:26.0930 5748 ViPrt - ok
20:02:27.0043 5748 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:02:27.0149 5748 volmgr - ok
20:02:27.0347 5748 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:02:27.0727 5748 volmgrx - ok
20:02:27.0835 5748 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:02:28.0121 5748 volsnap - ok
20:02:28.0223 5748 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:02:28.0304 5748 vsmraid - ok
20:02:28.0796 5748 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:02:29.0648 5748 VSS - ok
20:02:29.0876 5748 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:02:31.0067 5748 W32Time - ok
20:02:31.0288 5748 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:02:31.0492 5748 WacomPen - ok
20:02:31.0556 5748 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:02:31.0634 5748 Wanarp - ok
20:02:31.0654 5748 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:02:31.0693 5748 Wanarpv6 - ok
20:02:31.0822 5748 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:02:31.0950 5748 wcncsvc - ok
20:02:32.0042 5748 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:02:32.0108 5748 WcsPlugInService - ok
20:02:32.0197 5748 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:02:32.0246 5748 Wd - ok
20:02:32.0563 5748 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:02:32.0931 5748 Wdf01000 - ok
20:02:33.0069 5748 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:02:33.0137 5748 WdiServiceHost - ok
20:02:33.0244 5748 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:02:33.0292 5748 WdiSystemHost - ok
20:02:33.0368 5748 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:02:33.0419 5748 WebClient - ok
20:02:33.0464 5748 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:02:33.0570 5748 Wecsvc - ok
20:02:33.0619 5748 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:02:33.0668 5748 wercplsupport - ok
20:02:33.0698 5748 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:02:33.0734 5748 WerSvc - ok
20:02:34.0000 5748 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:02:34.0209 5748 WinDefend - ok
20:02:34.0221 5748 WinHttpAutoProxySvc - ok
20:02:34.0509 5748 Winmgmt - ok
20:02:34.0950 5748 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:02:36.0126 5748 WinRM - ok
20:02:36.0286 5748 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:02:36.0674 5748 Wlansvc - ok
20:02:37.0876 5748 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:02:38.0114 5748 wlidsvc - ok
20:02:38.0196 5748 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:02:38.0332 5748 WmiAcpi - ok
20:02:38.0508 5748 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:02:38.0582 5748 wmiApSrv - ok
20:02:38.0866 5748 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:02:39.0292 5748 WMPNetworkSvc - ok
20:02:39.0356 5748 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:02:39.0463 5748 WPCSvc - ok
20:02:39.0517 5748 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:02:39.0621 5748 WPDBusEnum - ok
20:02:39.0719 5748 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:02:39.0833 5748 WpdUsb - ok
20:02:40.0184 5748 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:02:40.0909 5748 WPFFontCache_v0400 - ok
20:02:40.0967 5748 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:02:41.0027 5748 ws2ifsl - ok
20:02:41.0094 5748 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:02:41.0146 5748 wscsvc - ok
20:02:41.0154 5748 WSearch - ok
20:02:42.0028 5748 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:02:42.0961 5748 wuauserv - ok
20:02:43.0022 5748 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:43.0086 5748 WUDFRd - ok
20:02:43.0160 5748 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:02:43.0218 5748 wudfsvc - ok
20:02:43.0320 5748 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
20:02:43.0376 5748 X10Hid - ok
20:02:43.0566 5748 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
20:02:43.0578 5748 x10nets ( UnsignedFile.Multi.Generic ) - warning
20:02:43.0578 5748 x10nets - detected UnsignedFile.Multi.Generic (1)
20:02:43.0679 5748 ================ Scan global ===============================
20:02:43.0817 5748 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:02:44.0018 5748 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:02:44.0277 5748 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:02:44.0441 5748 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:02:44.0468 5748 [Global] - ok
20:02:44.0469 5748 ================ Scan MBR ==================================
20:02:44.0498 5748 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:02:51.0438 5748 \Device\Harddisk0\DR0 - ok
20:02:51.0447 5748 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
20:02:52.0456 5748 \Device\Harddisk1\DR1 - ok
20:02:52.0457 5748 ================ Scan VBR ==================================
20:02:52.0482 5748 [ 58D0CA29E3AEAD664774CC6CC524EDE0 ] \Device\Harddisk0\DR0\Partition1
20:02:52.0518 5748 \Device\Harddisk0\DR0\Partition1 - ok
20:02:52.0564 5748 [ 1E130BC7A60E7B6F686326FC092F78DB ] \Device\Harddisk0\DR0\Partition2
20:02:52.0634 5748 \Device\Harddisk0\DR0\Partition2 - ok
20:02:52.0642 5748 [ 5D1E104F192038B5F708BAB8C9AA868A ] \Device\Harddisk1\DR1\Partition1
20:02:52.0644 5748 \Device\Harddisk1\DR1\Partition1 - ok
20:02:52.0645 5748 ============================================================
20:02:52.0645 5748 Scan finished
20:02:52.0645 5748 ============================================================
20:02:52.0665 5760 Detected object count: 9
20:02:52.0665 5760 Actual detected object count: 9
20:03:13.0678 5760 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0678 5760 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0679 5760 Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0679 5760 Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0682 5760 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0682 5760 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0687 5760 KMWDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0687 5760 KMWDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0690 5760 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0690 5760 KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0693 5760 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0694 5760 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0697 5760 RtlProt ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0697 5760 RtlProt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0701 5760 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0701 5760 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:13.0705 5760 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:13.0705 5760 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 21.01.2013, 19:23   #14
markusg
/// Malware-holic
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 22:36   #15
xb0ssi
 
GVU Trojaner - Reatogo - Standard

GVU Trojaner - Reatogo



Ich war paar stunden online, hatte aber noch nicht den letzten Punkt gemacht. Soll ich alles nochmal durchführen und dabei die neuen logs posten?

also der virus ist wieder drauf*

Antwort

Themen zu GVU Trojaner - Reatogo
desktop, doppel, fenster, folder, frage, gvu trojaner, gvu virus, icon, klick, otlpe, reatogo, reatogo-x-pe, registry, remote, system, troja, trojaner, virus, öffnet



Ähnliche Themen: GVU Trojaner - Reatogo


  1. (GVU)PC springt aus beim booten mit Reatogo...
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (27)
  2. Bildschirm wird weiß, Festplatte wird mit Reatogo-X-Pe nicht erkannt
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (1)
  3. GVU Trojaner, Booten nur noch über REATOGO, OTLPE ist gelaufen, wie gehts weiter?
    Log-Analyse und Auswertung - 26.01.2013 (11)
  4. Weißer Bildschirm, Trojanerverdacht, Blue-Screen bei REATOGO
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  5. AKM / UKASH mit Reatogo und OTPLE - bitte um Hilfe !
    Log-Analyse und Auswertung - 29.06.2012 (1)
  6. WIN-XP-PRO: REATOGO->OTLPE; dann kann ich kein windows Pfad öffnen!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  7. Die von Ihnen verwendete Windows Lizenz ist abgelaufen, Reatogo Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (13)
  8. reatogo geht nicht
    Log-Analyse und Auswertung - 24.05.2012 (3)
  9. OTL.TXT bereits vorhanden weißer bildschirm REATOGO-X-PE
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (5)
  10. Suisa virus und reatogo-x-pe error
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (7)
  11. AKM Trojaner, REATOGO-X-PE Bootet nicht!
    Log-Analyse und Auswertung - 16.04.2012 (1)
  12. Gemeiner Gema Trojaner - Auswertung OTL.txt (REATOGO-X-PE)
    Log-Analyse und Auswertung - 06.04.2012 (5)
  13. Weißer Bildschirm Win XP Reatogo durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (5)
  14. weißer bildschirm, doch komme nicht mal bis zum reatogo-desktop
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (1)
  15. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  16. Habe den BKA- Virus. schaffe es nicht die cd mit OTLPE zu booten. es öffnet sich reatogo x pe
    Log-Analyse und Auswertung - 27.07.2011 (29)
  17. eeePC nach Bundespolizei-Trojaner mit REATOGO gebootet - wie geht's nun weiter?
    Log-Analyse und Auswertung - 01.07.2011 (31)

Zum Thema GVU Trojaner - Reatogo - Hey, ich habe einen GVU Virus auf meinem Pc und bin jetz soweit, dass mein System einen REATOGO-X-PE Desktop anzeigt. Wenn ich nun einen einen doppel Klick auf das OTLPE - GVU Trojaner - Reatogo...
Archiv
Du betrachtest: GVU Trojaner - Reatogo auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.