Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GUV/Bka Virus auf Win 7 Laptop (https://www.trojaner-board.de/139605-guv-bka-virus-win-7-laptop.html)

heartbeat25 10.08.2013 07:19
GUV/Bka Virus auf Win 7 Laptop
 
Ich habe mir den Trojaner auf Win7 Laptop eingefangen. Der Laptop war komplett geblockt, kein Starten im abgesicherten Modus oder dergleich möglich.

Habe eine OTLPE-CD mit anderem Laptop erstellt. Eine OTL.txt wurde nach dem Scan erstellt. Hier nun der Auszug:

Code:
OTL logfile created on: 8/10/2013 9:46:31 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.76 Gb Total Space | 38.13 Gb Free Space | 25.46% Space Free | Partition Type: NTFS
Drive D: | 303.00 Gb Total Space | 298.61 Gb Free Space | 98.55% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/06/23 12:10:55 | 000,260,608 | ---- | M] (ggggggggggggggggggggggggggg) [Auto] -- C:\ProgramData\rito0.dat -- (Winmgmt)
SRV - [2013/06/19 14:48:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/20 08:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2012/07/13 08:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 09:36:53 | 001,506,824 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2011/10/28 09:36:11 | 000,457,536 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011/10/27 21:40:14 | 001,554,184 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2011/08/10 08:20:28 | 001,613,424 | ---- | M] (G Data Software AG) [On_Demand] -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2011/03/04 14:56:12 | 000,381,448 | ---- | M] (G Data Software AG) [Auto] -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2010/12/08 09:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/17 21:36:08 | 000,176,128 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2004/02/26 04:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/02/20 17:00:39 | 000,030,256 | ---- | M] (G Data Software) [Kernel | System] -- C:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2012/02/20 16:53:24 | 000,049,016 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2012/02/19 15:58:46 | 000,041,336 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2012/02/19 15:58:12 | 000,079,992 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2012/02/19 15:58:12 | 000,040,440 | ---- | M] (G Data Software AG) [Kernel | Boot] -- C:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2012/02/19 15:58:11 | 000,054,648 | ---- | M] (G Data Software AG) [Kernel | System] -- C:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2012/02/19 15:58:05 | 000,029,400 | ---- | M] (G Data Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\GdNetMon32.sys -- (GdNetMon)
DRV - [2011/08/17 04:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/16 11:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2009/08/17 22:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/13 10:50:40 | 000,106,112 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/10/09 07:53:16 | 000,059,264 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 08:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2004/08/01 03:09:24 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/08/01 03:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\ousbehci.sys -- (ousbehci)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKU\chris_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/18 14:20:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/18 14:20:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/03/26 04:32:53 | 000,000,000 | ---D | M]
 
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2012/11/18 14:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\vsbdo2fm.default\extensions
[2012/11/18 14:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/26 04:32:53 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011/06/15 04:23:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/06/15 04:23:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/06/15 04:23:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/15 04:23:45 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/06/15 04:23:45 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\chris_ON_C..\Run: []  File not found
O4 - HKU\chris_ON_C..\Run: [ctfmon32.exe] C:\ProgramData\rito0.dat (ggggggggggggggggggggggggggg)
O4 - HKU\chris_ON_C..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\chris_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell - "" = AutoRun
O33 - MountPoints2\{7164b551-29a7-11e1-80f4-002454094511}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7961d52f-48fc-11e0-87fa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/08 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\msagent
[2013/08/08 22:45:06 | 000,505,344 | ---- | C] (Realtek Semiconductor Corporation                          ) -- C:\Windows\System32\drivers\rtl819xp.sys
[2013/08/08 22:45:06 | 000,238,464 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMC326.sys
[2013/08/08 22:45:06 | 000,053,248 | ---- | C] (SAMSUNG Electronics) -- C:\Windows\System32\drivers\SABI2.dll
[2013/08/08 22:45:05 | 002,225,664 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw3v32.sys
[2013/08/08 22:45:04 | 000,258,048 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\drivers\MakeMarkerFile.exe
[2013/08/08 22:45:04 | 000,213,640 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2013/08/08 22:45:04 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2013/08/08 22:45:04 | 000,079,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2013/08/08 22:45:04 | 000,045,056 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys
[2013/08/08 22:45:04 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2013/08/08 22:45:04 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2013/08/08 22:45:04 | 000,034,216 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2013/08/08 22:45:04 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2013/08/08 22:45:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2013/08/08 22:45:03 | 001,203,776 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2013/08/08 22:45:03 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2013/08/08 22:45:02 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013/08/08 22:45:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2013/08/08 22:45:02 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2013/08/08 22:45:02 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013/08/08 22:45:02 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
[2013/08/08 22:45:02 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2013/08/08 22:45:02 | 000,045,056 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN.exe
[2013/08/08 22:45:02 | 000,042,496 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN64.exe
[2013/08/08 22:45:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2013/08/08 22:45:02 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2013/08/08 22:45:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcer.exe
[2013/08/08 22:45:01 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2013/08/08 22:45:01 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallSettings.exe
[2013/08/08 22:45:01 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2013/08/08 22:45:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013/08/08 22:45:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProj.exe
[2013/08/08 22:45:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2013/08/08 22:45:01 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2013/08/08 22:45:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaelv.exe
[2013/08/08 22:45:00 | 000,282,624 | ---- | C] (Marvell) -- C:\Windows\System32\ykx32mpcoinst.dll
[2013/08/08 22:45:00 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013/08/08 22:45:00 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2013/08/08 22:45:00 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atibrtmon.exe
[2013/08/08 22:45:00 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2013/08/08 22:45:00 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2013/08/08 22:45:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2013/08/08 22:45:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2013/08/08 22:45:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013/08/08 22:45:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2013/08/08 22:45:00 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2013/08/08 22:45:00 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2013/08/08 22:45:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013/08/08 22:45:00 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2013/08/08 22:45:00 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2013/08/08 22:45:00 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2013/08/08 22:44:59 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2013/08/08 22:44:59 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013/08/08 22:44:59 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMC326.dll
[2013/08/08 22:44:58 | 002,073,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TouchX.dll
[2013/08/08 22:44:58 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2013/08/08 22:44:58 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2013/08/08 22:44:58 | 000,047,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBAME.DLL
[2013/08/08 22:44:57 | 002,222,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlncli.dll
[2013/08/08 22:44:57 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013/08/08 22:44:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013/08/08 22:44:57 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2013/08/08 22:44:57 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2013/08/08 22:44:57 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2013/08/08 22:44:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2013/08/08 22:44:57 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2013/08/08 22:44:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2013/08/08 22:44:57 | 000,066,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlctr90.dll
[2013/08/08 22:44:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013/08/08 22:44:57 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013/08/08 22:44:56 | 002,523,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2013/08/08 22:44:56 | 000,998,432 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2013/08/08 22:44:56 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013/08/08 22:44:56 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2013/08/08 22:44:56 | 000,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2013/08/08 22:44:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2013/08/08 22:44:56 | 000,045,600 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2013/08/08 22:44:56 | 000,039,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCP32.DLL
[2013/08/08 22:44:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2013/08/08 22:44:55 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013/08/08 22:44:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013/08/08 22:44:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2013/08/08 22:44:55 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/08/08 22:44:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnrpperf.dll
[2013/08/08 22:44:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2013/08/08 22:44:55 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netrap.dll
[2013/08/08 22:44:54 | 002,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013/08/08 22:44:54 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/08/08 22:44:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/08/08 22:44:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2013/08/08 22:44:54 | 000,125,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2013/08/08 22:44:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2013/08/08 22:44:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013/08/08 22:44:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013/08/08 22:44:53 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2013/08/08 22:44:53 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2013/08/08 22:44:53 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2013/08/08 22:44:52 | 002,076,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2013/08/08 22:44:52 | 001,190,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20.DLL
[2013/08/08 22:44:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/08/08 22:44:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/08/08 22:44:52 | 000,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2013/08/08 22:44:52 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/08/08 22:44:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2013/08/08 22:44:52 | 000,101,888 | ---- | C] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2013/08/08 22:44:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2013/08/08 22:44:52 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2013/08/08 22:44:52 | 000,036,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20DEU.DLL
[2013/08/08 22:44:52 | 000,033,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20ENU.DLL
[2013/08/08 22:44:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2013/08/08 22:44:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2013/08/08 22:44:51 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2013/08/08 22:44:51 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2013/08/08 22:44:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CRPPresentation.dll
[2013/08/08 22:44:51 | 000,031,744 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgRes.dll
[2013/08/08 22:44:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsoc.dll
[2013/08/08 22:44:51 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013/08/08 22:44:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifps.dll
[2013/08/08 22:44:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsrres.dll
[2013/08/08 22:44:50 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2013/08/08 22:44:50 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013/08/08 22:44:50 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2013/08/08 22:44:50 | 000,278,528 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.dll
[2013/08/08 22:44:50 | 000,141,312 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2013/08/08 22:44:50 | 000,095,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BCMMS32.DLL
[2013/08/08 22:44:50 | 000,082,432 | ---- | C] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2013/08/08 22:44:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/08/08 22:44:50 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2013/08/08 22:44:50 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2013/08/08 22:44:50 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2013/08/08 22:44:50 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2013/08/08 22:44:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acprgwiz.dll
[2013/08/08 22:44:49 | 000,406,528 | ---- | C] (Samsung Electronics) -- C:\Windows\HotfixChecker.exe
[2013/08/08 22:44:49 | 000,054,824 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2013/08/08 11:57:19 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/08 11:57:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/08/08 11:57:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/08 11:57:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/08/08 11:57:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/08 11:57:15 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/08 11:57:14 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/08 11:57:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/08/08 11:57:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/08/08 11:57:14 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/08/08 11:57:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/08/05 13:00:26 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/08/05 13:00:25 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/05 13:00:20 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/08/05 13:00:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/08/05 12:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
[2013/06/23 12:10:55 | 000,260,608 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\rito0.dat
[2013/06/23 12:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
 
========== Files - Modified Within 30 Days ==========
 
[2041/08/28 15:23:46 | 001,089,656 | ---- | M] () -- C:\Users\chris\Desktop\100_5905.JPG
[2041/08/28 15:21:52 | 001,304,412 | ---- | M] () -- C:\Users\chris\Desktop\100_5902.JPG
[2041/08/22 22:52:00 | 001,156,592 | ---- | M] () -- C:\Users\chris\Desktop\104_5607.JPG
[2013/08/09 15:15:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/09 15:13:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0otir.pad
[2013/08/09 15:13:14 | 542,092,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/09 15:13:11 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/08 23:23:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:15:17 | 000,010,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 12:06:38 | 000,319,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/08 12:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/08 12:00:10 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/08/08 12:00:10 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/08 12:00:10 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/08 12:00:09 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/08/08 11:49:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/05 15:09:37 | 000,025,953 | ---- | M] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:15 | 000,000,962 | ---- | M] () -- C:\Windows\wiso.ini
[2013/08/05 12:55:08 | 000,002,189 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
[2013/08/05 12:55:08 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/08/05 12:55:07 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/05 12:53:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2013
 
========== Files Created - No Company Name ==========
 
[2013/08/08 22:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2013/08/08 22:45:04 | 000,003,224 | ---- | C] () -- C:\Windows\System32\drivers\MakeMarkerFile.xml
[2013/08/08 22:45:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2013/08/08 22:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_01005.Wdf
[2013/08/08 22:45:03 | 000,055,296 | ---- | C] () -- C:\Windows\System32\SQLServerManager.msc
[2013/08/08 22:45:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\144D_SAMSUNG_N_R520_04LL.mrk
[2013/08/08 22:45:02 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2013/08/08 22:45:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2013/08/08 22:45:01 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2013/08/08 22:44:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2013/08/08 22:44:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2013/08/08 22:44:50 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2013/08/08 22:44:50 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2013/08/08 22:44:50 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2013/08/08 22:44:50 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2013/08/08 22:44:49 | 000,003,990 | ---- | C] () -- C:\Windows\HotFixList.ini
[2013/08/05 15:09:37 | 000,025,953 | ---- | C] () -- C:\Users\chris\Desktop\M131324607.pdf
[2013/08/05 12:55:08 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\t@x 2013.lnk
[2013/06/23 12:10:59 | 000,002,655 | ---- | C] () -- C:\ProgramData\0otir.js
[2013/06/23 12:10:57 | 095,023,320 | ---- | C] () -- C:\ProgramData\0otir.pad
[2012/11/29 13:00:07 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2012/02/23 04:17:56 | 000,898,004 | ---- | C] () -- C:\Windows\System32\sig.bin
[2011/06/22 13:37:14 | 000,252,928 | ---- | C] () -- C:\Windows\System32\DShowRdpFilter.dll
[2011/05/31 11:28:16 | 000,000,962 | ---- | C] () -- C:\Windows\wiso.ini
[2011/04/10 13:53:00 | 000,033,280 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/07 16:54:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/09/29 23:14:28 | 000,654,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/09/29 23:14:28 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/09/29 23:14:28 | 000,130,240 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/09/29 23:14:28 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,319,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,242 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 14:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 12:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 15:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
 
========== LOP Check ==========
 
[2011/09/18 05:20:42 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ability5
[2011/05/31 11:30:41 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service
[2011/03/08 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Buhl Data Service GmbH
[2012/11/30 09:55:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\FreeVideoConverter
[2011/05/29 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Oasys
[2011/03/22 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2011/03/26 04:59:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PC Suite
[2012/11/29 13:03:49 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Ulead Systems
[2011/05/29 13:18:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Ability5
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/08/05 12:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/03/15 15:54:02 | 000,000,000 | ---D | M] -- C:\ProgramData\G Data
[2011/03/07 17:22:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Lidl_Fotos
[2012/01/06 11:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2013/06/12 13:14:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Netzmanager
[2011/03/26 04:59:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/03/26 04:34:28 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2012/11/29 13:01:39 | 000,000,000 | ---D | M] -- C:\ProgramData\SmartSound Software Inc
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Tages
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/12 11:06:11 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2012/11/29 13:03:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2011/03/07 17:08:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2013/08/08 22:43:13 | 000,000,000 | ---D | M] -- C:\ProgramData\WinClon
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/07 17:22:13 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012/09/02 04:38:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[2012/09/02 04:11:23 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DD034EDF-8A92-4F84-A64A-26BF9B7AE354}
[2013/08/08 11:14:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Wie gehe ich nun weiter vor? Könnte ich in dem Modus (dem jetzigen Zugriffs) sofort Win7 neu aufsetzen?
Wichtig war mir nur, dass ich meine Daten noch retten konnte - das habe ich nach dem booten gemacht.

Danke für eure Hilfe.

schrauber 10.08.2013 07:25
hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
O4 - HKU\chris_ON_C..\Run: [ctfmon32.exe] C:\ProgramData\rito0.dat (ggggggggggggggggggggggggggg)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ()
[2013/06/23 12:10:55 | 000,260,608 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\rito0.dat
[2013/06/23 12:10:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013/08/09 15:13:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\0otir.pad
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Rechner normal starten :)

heartbeat25 10.08.2013 07:56
hier der nächste auszug:

Code:
========== OTL ==========
Registry value HKEY_USERS\chris_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
C:\ProgramData\rito0.dat moved successfully.
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk moved successfully.
C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
File C:\ProgramData\rito0.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\0otir.pad moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chris
->Temp folder emptied: 827242707 bytes
->Temporary Internet Files folder emptied: 462924881 bytes
->Java cache emptied: 5527655 bytes
->FireFox cache emptied: 104761319 bytes
->Flash cache emptied: 88195 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1071123733 bytes
 
Total Files Cleaned = 2,357.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 08102013_103509

schrauber 10.08.2013 09:57
Kannst normal starten?

Wenn ja dann ab jetzt alles im normalen Modus:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 09:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132