| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2011, 16:29
| #1 |
 |  TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! hey ihr!, wollte mal wieder warrock zocken und auf einmal kommt mir beim updaten, die meldung, dass "EScan Antivirus" einen"TrojanES.Dropper" gefunden hat. ich habe mein system von EScanAntivirus,Malwarebytes,SuperAntiSpyware&Bit Defender(Online) überprüfen lassen. es wurde einiges gefunden und gelöscht, aber einiges auch nur unter quarantäne gestellt. wie werde ich den "TrojanES.Dropper" wieder los?&die ganzen anderen, die unter quarantäne gestellt wurden?soll ich die infizierten dateien löschen? kann mir bitte einer helfen!, wäre sehr dankbar!, liebe grüße, xhq bild und logs im anhang an diesen beitrag  bild von der meldung, warrock ist am updaten  bild von der "qurantänen-übersicht von EScan-Antivirus" Malware-Bytes-Log [LOG]Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7710 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 13.09.2011 21:59:03 mbam-log-2011-09-13 (21-59-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 415228 Laufzeit: 1 Stunde(n), 32 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) [/LOG] EScan-Antivirus-Log Ich weiß, dass es nicht das neueste ist, aber es ist das neuste, in dem was gefunden wurde, im gestrigen kam "keine bösartigen objekte gefunden" Bitte auch auf die Zeilen mit "Warrock" achten, dort steht, dass die Datei möglicherweise passwortgeschützt ist (ERROR!...) [LOG] 19 Aug 2011 14:51:50 - ********************************************************** 19 Aug 2011 14:51:50 - eScan Antivirus und Spyware Werkzeugsatz. 19 Aug 2011 14:51:50 - Copyright © MicroWorld 19 Aug 2011 14:51:50 - ********************************************************** 19 Aug 2011 14:51:50 - Version 12.0.166 (C:\PROGRAM FILES (X86)\ESCAN\MWAVSCAN.COM) 19 Aug 2011 14:51:50 - Logdatei: C:\Program Files (x86)\eScan\LOG\19080001.LOG 19 Aug 2011 14:51:50 - Datum und Uhrzeit des letzten Scannens: 19.08.2011 14:49:56 19 Aug 2011 14:51:50 - MWAV Registered: TRUE 19 Aug 2011 14:51:50 - User Account: ***** (Administrator Mode) 19 Aug 2011 14:51:50 - OS Type: Windows Workstation 19 Aug 2011 14:51:50 - OS: Windows 7 64-Bit [OS Install Date: 22 Oct 2010 21:21:22] 19 Aug 2011 14:51:50 - Ver: Personal (Build 7600) 19 Aug 2011 14:51:50 - System Up Time: 41 Minutes, 52 Seconds 19 Aug 2011 14:51:50 - Parent Process Name : C:\Program Files (x86)\eScan\escanpro.exe 19 Aug 2011 14:51:50 - Windows Root Folder: C:\Windows 19 Aug 2011 14:51:50 - Windows Sys32 Folder: C:\Windows\system32 19 Aug 2011 14:51:50 - DHCP NameServer: 192.168.2.1 19 Aug 2011 14:51:50 - Interface0 DHCPNameServer: 192.168.2.1 19 Aug 2011 14:51:50 - Local Fixed Drives: c:\,d:\ 19 Aug 2011 14:51:50 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 19 Aug 2011 14:51:50 - Optionen für Kommandozeile angegeben: /pipe=1316escan /Log=C:\PROGRA~2\eScan\Log\19080001.log /SC /LOGINFECT /MAXFILESIZE=5 /DRIVE /S 19 Aug 2011 14:51:50 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\PROGRA~2\ESCAN\LOG\ESCANDB.LOG] 19 Aug 2011 14:52:02 - Loaded/Created FileScan Database... 19 Aug 2011 14:52:02 - Loading AV Library [DB]... 19 Aug 2011 14:52:08 - AV Library Loaded [IPC]. 19 Aug 2011 14:52:16 - ********************************************************** 19 Aug 2011 14:52:16 - eScan Antivirus und Spyware Werkzeugsatz. 19 Aug 2011 14:52:16 - Copyright © MicroWorld 19 Aug 2011 14:52:16 - 19 Aug 2011 14:52:16 - Support: support@escanav.com 19 Aug 2011 14:52:16 - Web: hxxp://www.escanav.com 19 Aug 2011 14:52:16 - ********************************************************** 19 Aug 2011 14:52:16 - Version 12.0.166[IPC] (C:\PROGRAM FILES (X86)\ESCAN\MWAVSCAN.COM) 19 Aug 2011 14:52:16 - Logdatei: C:\Program Files (x86)\eScan\LOG\19080001.LOG 19 Aug 2011 14:52:17 - User Account: ***** (Administrator Mode) 19 Aug 2011 14:52:17 - Parent Process Name : C:\Program Files (x86)\eScan\escanpro.exe 19 Aug 2011 14:52:17 - Windows Root Folder: C:\Windows 19 Aug 2011 14:52:17 - Windows Sys32 Folder: C:\Windows\system32 19 Aug 2011 14:52:17 - OS: Windows 7 64-Bit [OS Install Date: 22 Oct 2010 21:21:22] 19 Aug 2011 14:52:17 - Ver: Personal (Build 7600) 19 Aug 2011 14:52:17 - Vom Benutzer gewählte Optionen: 19 Aug 2011 14:52:17 - Speicherüberprüfung: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung der Registrierungsdatenbank: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung des Startordners: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung des Systemordners: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung der Dienste: Deaktiviert 19 Aug 2011 14:52:17 - Scannen Spyware: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung der Laufwerke: Deaktiviert 19 Aug 2011 14:52:17 - Überprüfung aller Laufwerke:Aktiviert 19 Aug 2011 14:52:17 - Überprüfung der Ordner: Deaktiviert 19 Aug 2011 14:52:17 - SCAN: All_Files 19 Aug 2011 14:52:17 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 19 Aug 2011 14:52:21 - ***** Alle Laufwerke werden gescannt ***** 19 Aug 2011 14:52:22 - Laufwerk C:\ wird gescannt ... 19 Aug 2011 14:52:37 - C:\Boot\BCD konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 15:51:31 - Datei C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_ger_??.tga wird gescannt 19 Aug 2011 15:51:32 - ERROR(3)!!! ScanFile fails for C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_ger_??.tga 19 Aug 2011 15:51:32 - Datei C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_tur_??.tga wird gescannt 19 Aug 2011 15:51:32 - ERROR(3)!!! ScanFile fails for C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_tur_??.tga 19 Aug 2011 15:51:32 - Datei C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_??.tga wird gescannt 19 Aug 2011 15:51:32 - ERROR(3)!!! ScanFile fails for C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\effect\Namebox_??.tga 19 Aug 2011 15:51:42 - Datei C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\TextEvent_??.tga wird gescannt 19 Aug 2011 15:51:42 - ERROR(3)!!! ScanFile fails for C:\Program Files (x86)\GamersFirst\War Rock\texture\UI\TextEvent_??.tga 19 Aug 2011 15:57:34 - Datei C:\Program Files (x86)\Research In Motion\BlackBerry\Transaction Manager\TMs Eventlog.lnk wird gescannt 19 Aug 2011 15:57:34 - Datei C:\Program Files (x86)\Research In Motion\BlackBerry\Transaction Manager\TMs Eventlog.lnk ist markiert als "Worm LNKFile". Maßnahme ergriffen: Datei gelöscht. 19 Aug 2011 15:57:34 - Datei C:\Program Files (x86)\Research In Motion\BlackBerry\Transaction Manager\TMs Options.lnk wird gescannt 19 Aug 2011 15:57:34 - Datei C:\Program Files (x86)\Research In Motion\BlackBerry\Transaction Manager\TMs Options.lnk ist markiert als "Worm LNKFile". Maßnahme ergriffen: Datei gelöscht. 19 Aug 2011 16:01:55 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:01:55 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:02:17 - C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:04:24 - C:\System Volume Information\Syscache.hve konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:04:24 - C:\System Volume Information\Syscache.hve.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{22f82940-bf5c-11e0-a797-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{22f82940-bf5c-11e0-a797-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{291a89fc-c52d-11e0-86df-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{291a89fc-c52d-11e0-86df-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{291a8a23-c52d-11e0-86df-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{291a8a23-c52d-11e0-86df-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cd15-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cd15-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cd8f-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cd8f-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cd93-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cd93-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cda0-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cda0-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cda4-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cda4-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3660cda9-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3660cda9-c4bc-11e0-ae83-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{5617f56a-c0e1-11e0-a38e-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{5617f56a-c0e1-11e0-a38e-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:04:25 - Datei C:\System Volume Information\{fa5ebdde-c8cb-11e0-8b62-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 16:04:25 - ERROR(3)!!! ScanFile fails for C:\System Volume Information\{fa5ebdde-c8cb-11e0-8b62-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 16:07:22 - C:\Users\*****\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:11:57 - Datei C:\Users\*****\AppData\Roaming\FireShot\publish\FireShot capture #001 - 'YouTube - ?Kanal von ch1pmunkstyle??' - www_youtube_com_user_ch1pmunkstyle_feature=mhee.png wird gescannt 19 Aug 2011 16:11:57 - ERROR(3)!!! ScanFile fails for C:\Users\*****\AppData\Roaming\FireShot\publish\FireShot capture #001 - 'YouTube - ?Kanal von ch1pmunkstyle??' - www_youtube_com_user_ch1pmunkstyle_feature=mhee.png 19 Aug 2011 16:26:23 - C:\Users\*****\ntuser.dat.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:32:26 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:32:27 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:32:27 - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\cbeb8482c028c9b154e826497261893ac85ce65f.HomeGroupClassifier\927872fd0bc7e8ad2c 2d4a40cc6a2a9c\grouping\db.mdb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:32:27 - C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\cbeb8482c028c9b154e826497261893ac85ce65f.HomeGroupClassifier\927872fd0bc7e8ad2c 2d4a40cc6a2a9c\grouping\tmp.edb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:32:28 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 16:42:04 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 17:38:14 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 17:38:14 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb konnte nicht gescannt werden, da sie möglicherweise durch Passwort geschützt ist... 19 Aug 2011 18:37:44 - Laufwerk D:\ wird gescannt ... 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{2b9c8e37-4294-11e0-8f4b-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{2b9c8e37-4294-11e0-8f4b-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{2cedb0ba-4d94-11e0-a226-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{2cedb0ba-4d94-11e0-a226-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{62d3df9d-6905-11e0-98ff-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{62d3df9d-6905-11e0-98ff-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{77f22a54-7732-11e0-b6bc-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{77f22a54-7732-11e0-b6bc-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{8a6d96ce-6397-11e0-ade1-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{8a6d96ce-6397-11e0-ade1-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{8c9b7d36-484e-11e0-9744-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{8c9b7d36-484e-11e0-9744-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{c820b139-3d20-11e0-a94a-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{c820b139-3d20-11e0-a94a-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:53 - Datei D:\System Volume Information\{f62c7b82-5dd8-11e0-afaf-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} wird gescannt 19 Aug 2011 18:37:53 - ERROR(3)!!! ScanFile fails for D:\System Volume Information\{f62c7b82-5dd8-11e0-afaf-4061868e1eab}{3808876b-c176-4e48-b7ae-04046e6cc752} 19 Aug 2011 18:37:56 - ***** Scannen abgeschlossen ***** 19 Aug 2011 18:37:56 - Zahl der gescannten Objekte: 270907 19 Aug 2011 18:37:56 - Zahl der kritischen Objekte: 2 19 Aug 2011 18:37:56 - Zahl der desinfizierten Objekte: 0 19 Aug 2011 18:37:56 - Zahl der umbenannten Objekte: 0 19 Aug 2011 18:37:56 - Zahl der gelöschten Objekte: 2 19 Aug 2011 18:37:56 - Gesamtzahl der Fehler: 0 19 Aug 2011 18:37:56 - Zeit verstrichen: 03:27:49 19 Aug 2011 18:37:56 - Scannen abgeschlossen. 19 Aug 2011 18:37:56 - Uninitializing Scanner (3)... 19 Aug 2011 18:37:56 - Freeing Libraries (3)... 19 Aug 2011 18:37:56 - AV Library Unloaded (3)... [/LOGFILE] Super-Antispyware-Log [LOG] SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 09/13/2011 at 09:53 PM Application Version : 5.0.1118 Core Rules Database Version : 7682 Trace Rules Database Version: 5494 Scan type : Complete Scan Total Scan Time : 01:39:44 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 708 Memory threats detected : 0 Registry items scanned : 69937 Registry threats detected : 0 File items scanned : 68707 File threats detected : 26 Adware.Tracking Cookie de.sitestat.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .xiti.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .tns-counter.ru [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .yadro.ru [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .sonymediasoftware.112.2o7.net [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] wstat.wibiya.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .webstats4u.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .openstat.net [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] accounts.youtube.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .c.gigcount.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .histats.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] counters.gigya.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .rambler.ru [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .rambler.ru [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] .eaeacom.112.2o7.net [ C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\COOKIES.SQLITE ] [/LOG] |
|
15.09.2011, 18:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! eScan glänzt durch Fehlalarme. Zumindest was ich in Erinnerung damals hab, vor ein paar jahren hatten wir hier die freie Version MWAV/eScan hier zur Aufspürung und Bereinigung genutzt, die wurde aber grottenschlecht und das Auswerten/Aufbereiten der Logs war ein Witz weil viel zu umständlich. Ich kann eScan auf keinen Fall mehr irgendwie empfehlen.
__________________Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
|
16.09.2011, 14:38
| #3 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! ne, immer nur s' gleiche... ja kann schon sein, aber wenn der mir den zugang versperrt... da isch schon was dran... ne idee?
__________________ |
|
16.09.2011, 14:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.09.2011, 19:21
| #5 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! hier der log, sry dass es so lange gedauert hat: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=2a0fb3a554263e46aebd3a06318bccdf # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-17 07:37:29 # local_time=2011-05-17 09:37:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 103105 103105 0 0 # compatibility_mode=5893 16776573 100 94 19992 58055713 0 0 # compatibility_mode=8192 67108863 100 0 1790 1790 0 0 # compatibility_mode=8961 16777213 75 57 2180 100998356 0 0 # scanned=222480 # found=2 # cleaned=2 # scan_time=11008 C:\Program Files (x86)\GamersFirst\War Rock\system\WarRock.exe möglicherweise Variante von Win32/Packed.Themida Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\*****\AppData\Local\Temp\NOD4298.tmp möglicherweise Variante von Win32/Packed.Themida Anwendung (Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=2a0fb3a554263e46aebd3a06318bccdf # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-26 09:30:39 # local_time=2011-09-26 11:30:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 11522020 11522020 0 0 # compatibility_mode=5893 16776573 100 94 10627 68698807 0 0 # compatibility_mode=8192 67108863 100 0 11420705 11420705 0 0 # compatibility_mode=8961 16777213 75 57 731 112417271 0 0 # scanned=195551 # found=4 # cleaned=0 # scan_time=3682 C:\Program Files (x86)\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\mmg8xq4h.default\Cache\4\F8\D40BFd01 JS/Kryptik.CK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\mmg8xq4h.default\Cache\E\AA\BEB80d01 JS/Kryptik.CK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Temp\ICReinstall\cnet_stronghold_1_v1_2_rar.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=2a0fb3a554263e46aebd3a06318bccdf # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-27 06:13:30 # local_time=2011-09-27 08:13:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 11591590 11591590 0 0 # compatibility_mode=5893 16776573 100 94 189 68768377 0 0 # compatibility_mode=8192 67108863 100 0 11490275 11490275 0 0 # compatibility_mode=8961 16777213 75 57 61 112486841 0 0 # scanned=302745 # found=5 # cleaned=0 # scan_time=8684 C:\Program Files (x86)\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\mmg8xq4h.default\Cache\4\F8\D40BFd01 JS/Kryptik.CK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Mozilla\Firefox\Profiles\mmg8xq4h.default\Cache\E\AA\BEB80d01 JS/Kryptik.CK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\*****\AppData\Local\Temp\ICReinstall\cnet_stronghold_1_v1_2_rar.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I D:\MUSTERMANN\Backup Set 2011-05-05 182303\Backup Files 2011-05-05 182303\Backup files 5.zip JS/Fraud.NAM trojan (unable to clean) 00000000000000000000000000000000 I |
|
27.09.2011, 19:44
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden!Zitat:
__________________ --> TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! |
|
28.09.2011, 18:36
| #7 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! wie meinst du die quelle?,also das obere ist von warrock und das untere von ner warscheinlich nicht richtig durchgeführten re-installation von stronghold, beides von meiner normalen festplatte  ? |
|
28.09.2011, 20:08
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2011, 21:09
| #9 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! LOG1OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.09.2011 21:49:24 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,62% Memory free 7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,75 Gb Total Space | 382,84 Gb Free Space | 82,20% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 348,55 Gb Free Space | 74,84% Space Free | Partition Type: NTFS Drive K: | 931,28 Gb Total Space | 703,42 Gb Free Space | 75,53% Space Free | Partition Type: FAT32 Computer Name: BRUNNENMILLER | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.29 21:46:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2011.09.27 17:34:21 | 001,238,600 | ---- | M] (MicroWorld Technologies Inc.) -- C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe PRC - [2011.09.27 17:34:19 | 001,477,128 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\eScan\Vista\eScanMon.exe PRC - [2011.09.27 17:32:53 | 000,363,016 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\eScan\MAILDISP.EXE PRC - [2011.08.12 10:44:37 | 000,272,904 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\eScan\TRAYSSER.EXE PRC - [2011.08.12 10:43:22 | 000,297,480 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\ESCAN\SPOOLER.EXE PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.29 13:21:04 | 000,926,216 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\eScan\TRAYICOS.EXE PRC - [2011.04.29 13:19:34 | 000,570,888 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWAgent.exe PRC - [2011.04.29 13:17:11 | 000,922,632 | ---- | M] (MicroWorld Technologies Inc.) -- c:\progra~2\escan\eConceal.exe PRC - [2011.04.23 15:06:14 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.11.17 18:25:28 | 000,961,032 | ---- | M] (MicroWorld Technologies Inc.) -- c:\progra~2\escan\EconSer.exe PRC - [2010.11.17 18:18:02 | 000,858,632 | ---- | M] (MicroWorld Technologies Inc.) -- C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE PRC - [2010.03.17 17:26:24 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.09.13 20:07:39 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2010.05.05 04:15:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.09.27 17:34:21 | 001,238,600 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\ProgramData\MicroWorld\eScanBD\avpmapp.exe -- (eScan Monitor Service) SRV - [2011.08.12 10:44:37 | 000,272,904 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\PROGRA~2\eScan\TRAYSSER.EXE -- (eScan-trayicos) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.23 15:06:14 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.11.17 18:25:28 | 000,961,032 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- c:\progra~2\escan\EconSer.exe -- (EconService) SRV - [2010.11.17 18:18:02 | 000,858,632 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE -- (MWAgent) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.17 17:26:24 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.24 15:36:24 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.23 15:21:28 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.07.01 11:01:38 | 000,293,416 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.06.23 18:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.03 14:38:14 | 000,033,800 | ---- | M] (MicroWorld Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\econceal.sys -- (econcealMP) DRV:64bit: - [2010.06.03 14:38:14 | 000,033,800 | ---- | M] (MicroWorld Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\econceal.sys -- (econceal) DRV:64bit: - [2010.05.24 20:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.05.15 00:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.05.15 00:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.05.05 04:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.05.05 04:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.05 03:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.27 06:02:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.28 12:01:36 | 000,385,072 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp3132.sys -- (adp3132) DRV:64bit: - [2009.12.21 21:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 04:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.17 01:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi) DRV:64bit: - [2009.07.16 13:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.15 12:01:54 | 000,027,664 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MtsHID.sys -- (MtsHID) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 04:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.04.28 03:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.04.28 03:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.04.08 15:44:58 | 000,232,464 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.05.22 18:35:02 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.22 18:33:54 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2008.05.22 18:32:38 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.05.20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2008.02.20 17:17:44 | 000,124,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPorts.sys -- (SPorts) DRV:64bit: - [2008.02.20 17:17:22 | 000,095,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPorts.sys -- (PPorts) DRV:64bit: - [2008.02.20 17:12:56 | 000,072,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISASerial.sys -- (ISASerial) DRV:64bit: - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV - [2011.01.14 18:27:10 | 000,015,880 | ---- | M] (MicroWorld Technologies Inc.) [Kernel | On_Demand | Running] -- C:\PROGRA~2\eScan\ProcObsrvesx.sys -- (ProcObsrvesx) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 40 5D 60 81 95 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.07 22:16:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.15 18:10:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.04 15:52:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.15 18:10:04 | 000,000,000 | ---D | M] [2010.10.22 23:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.10.22 23:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.27 20:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions [2011.09.27 20:51:13 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011.08.01 23:45:34 | 000,000,000 | ---D | M] (www.Freeware-download.com Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7} [2011.08.31 16:30:17 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.31 17:35:53 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2011.09.07 22:36:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.04.23 14:38:26 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\battlefieldplay4free@ea.com [2011.09.29 13:06:13 | 000,002,466 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\dilandau.xml [2010.10.29 13:12:53 | 000,002,342 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icq-search.xml [2010.12.10 16:32:22 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin-1.xml [2011.01.03 00:37:38 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin-2.xml [2011.03.07 03:43:24 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin-3.xml [2011.03.07 04:19:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin-4.xml [2011.03.23 20:41:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin-5.xml [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\searchplugins\icqplugin.xml [2011.07.28 21:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.07.28 21:49:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.12.25 22:19:45 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MARC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MMG8XQ4H.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2011.09.07 22:16:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.30 00:46:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2010.10.22 23:31:20 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 19:11:39 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe (MicroWorld Technologies Inc.) O9:64bit: - Extra 'Tools' menuitem : Virtuelle Tastatur - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe (MicroWorld Technologies Inc.) O9 - Extra Button: Virtuelle Tastatur - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe (MicroWorld Technologies Inc.) O9 - Extra 'Tools' menuitem : Virtuelle Tastatur - {54848076-14D0-45E7-851E-CAF7EF0125F1} - C:\PROGRA~2\eScan\VKBoard.exe (MicroWorld Technologies Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mwtsp.dll (MicroWorld Technologies Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mwtsp.dll (MicroWorld Technologies Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mwtsp.dll (MicroWorld Technologies Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mwtsp.dll (MicroWorld Technologies Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysNative\mwtsp.dll (MicroWorld Technologies Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mwtsp.dll (MicroWorld Technologies Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mwtsp.dll (MicroWorld Technologies Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mwtsp.dll (MicroWorld Technologies Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mwtsp.dll (MicroWorld Technologies Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mwtsp.dll (MicroWorld Technologies Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A7245E5-18B4-45D6-9FB9-3756B9E8308F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: KPeerNexonEU - hkey= - key= - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig:64bit - StartUpReg: VeohPlugin - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.29 21:46:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.09.27 19:47:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{83CB1874-EF08-4A6C-91FB-187818494983} [2011.09.27 19:47:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{A9A7D5F2-85A7-4F51-9AEC-CD9427E98A33} [2011.09.27 17:32:59 | 001,001,992 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\test2.exe [2011.09.26 21:34:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6674AEAB-F559-45D9-BEF6-1C7BD84514CC} [2011.09.26 21:34:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D8160742-A6B8-4E34-BA02-D9EC1911C3ED} [2011.09.23 14:25:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{073A2158-030D-4495-BDC6-71CE0C23D332} [2011.09.23 14:25:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B03EFDD-4F09-41C5-A8A9-E4502F3BD671} [2011.09.23 14:25:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{73A72040-1580-4372-AF83-27847FFB9EEA} [2011.09.22 23:08:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DA4DC35D-83BE-4CB6-B603-DDD1C7891AC0} [2011.09.22 23:07:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BDBFCBBF-2248-4D1B-9461-E89A0C53B468} [2011.09.21 21:56:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{86B714E4-6749-4161-AE82-1989A92D2D10} [2011.09.21 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{165C7F3F-F585-4AD3-A581-42DEBE87550D} [2011.09.19 21:13:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.09.15 17:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.09.14 21:38:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{2A9397D9-C923-48D2-B16C-42F2BD3213AF} [2011.09.14 21:37:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{32202905-DD00-4871-AA7C-933D45226ED8} [2011.09.14 14:29:29 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.09.14 14:29:29 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.09.13 20:05:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com [2011.09.13 20:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.09.13 20:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.09.13 19:52:20 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\FIFA 12 [2011.09.13 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\MAGIX Downloads [2011.09.12 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4151211F-70F7-4360-BD7E-2591C8217074} [2011.09.12 21:34:30 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{18A6E11B-5F47-4E22-A00D-B94193CA7B87} [2011.09.08 20:30:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{46B323D5-820F-4381-B4BF-735F358B3D82} [2011.09.08 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{D3734408-F762-428C-91FD-3F1610569DBE} [2011.09.07 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{701F1309-71E5-47AD-82B0-D170EF422705} [2011.09.07 21:46:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{52DFADD0-DBC2-42E2-BCA7-FB95536C1F63} [2011.09.01 15:36:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{919F56C9-C9E2-4CAD-8A84-B42BE560D9B1} [2011.09.01 15:36:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{614F8634-2703-415F-A373-EA5F930CACC5} [2011.09.01 15:13:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.09.01 15:12:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.08.31 19:16:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{ADBA2D88-81A2-46E7-99F6-353F14DAD798} [2011.08.31 19:16:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AEF59697-4B98-4091-9F8E-6CAE090A57F0} [2011.08.31 01:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.08.31 01:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared [2011.08.31 01:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.08.31 01:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2011.08.31 01:33:36 | 000,700,416 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll [2011.08.31 01:33:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX [2011.08.31 00:36:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6DCE534C-87D9-461D-88FA-166B5CDF681A} [2011.08.31 00:35:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{6779D77E-3436-427A-AA56-5C25E383AB86} ========== Files - Modified Within 30 Days ========== [2011.09.29 21:46:44 | 000,009,420 | ---- | M] () -- C:\Windows\WSSPORDx.DAT [2011.09.29 21:46:42 | 000,009,420 | ---- | M] () -- C:\Windows\WSSPORD.DAT [2011.09.29 21:46:28 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.09.29 21:09:19 | 021,104,013 | ---- | M] () -- C:\Users\*****\Desktop\chartsremix.mp3 [2011.09.29 20:49:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.29 20:49:51 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.29 20:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.29 20:40:09 | 3219,775,488 | -HS- | M] () -- C:\hiberfil.sys [2011.09.27 17:34:36 | 001,243,656 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contfilt.dll [2011.09.27 17:32:57 | 001,001,992 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\test2.exe [2011.09.23 14:30:00 | 000,004,602 | ---- | M] () -- C:\Users\*****\.recently-used.xbel [2011.09.19 21:18:35 | 001,522,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.19 21:18:35 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.19 21:18:35 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.19 21:18:35 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.19 21:18:35 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.15 17:05:11 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.09.02 18:41:56 | 000,297,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.08.31 17:39:05 | 000,018,896 | ---- | M] () -- C:\Users\*****\Documents\cc_20110831_173902.reg [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.31 16:30:10 | 000,001,239 | ---- | M] () -- C:\Users\*****\Desktop\DVDVideoSoft Free Studio.lnk [2011.08.31 01:34:16 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Ringtone Maker SE.lnk [2011.08.31 01:33:36 | 000,007,119 | ---- | M] () -- C:\Windows\mgxoschk.ini ========== Files Created - No Company Name ========== [2011.09.29 21:46:44 | 000,009,420 | ---- | C] () -- C:\Windows\WSSPORDx.DAT [2011.09.29 21:46:42 | 000,009,420 | ---- | C] () -- C:\Windows\WSSPORD.DAT [2011.09.29 20:54:39 | 021,104,013 | ---- | C] () -- C:\Users\*****\Desktop\chartsremix.mp3 [2011.09.23 14:30:00 | 000,004,602 | ---- | C] () -- C:\Users\*****\.recently-used.xbel [2011.09.15 17:05:11 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011.08.31 17:39:04 | 000,018,896 | ---- | C] () -- C:\Users\*****\Documents\cc_20110831_173902.reg [2011.08.31 01:34:16 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Ringtone Maker SE.lnk [2011.08.31 01:33:54 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011.08.31 01:33:36 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.08.19 19:06:04 | 000,007,602 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.06.11 18:47:41 | 000,005,632 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 18:50:51 | 000,001,759 | ---- | C] () -- C:\Windows\ISISAIHP.INI [2011.04.17 18:50:51 | 000,000,542 | ---- | C] () -- C:\Windows\ISISAIM.INI [2011.04.11 14:50:45 | 000,338,176 | ---- | C] () -- C:\Windows\SysWow64\wget.exe [2011.04.11 14:50:45 | 000,293,896 | ---- | C] () -- C:\Windows\SysWow64\curl.exe [2011.04.11 14:50:45 | 000,172,040 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.15 19:36:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.12.15 19:26:43 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.12.04 19:22:21 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe [2010.11.12 18:04:54 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.11.12 18:04:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.11.12 18:04:50 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.10.23 00:48:34 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2010.10.22 23:21:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.22 22:52:38 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.22 22:24:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.23 09:54:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2011.03.18 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.08.15 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AnvSoft [2010.11.14 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2011.05.17 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avnex [2011.06.01 17:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blackberry Desktop [2011.09.12 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2011.04.10 12:52:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.19 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FireShot [2011.05.02 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2011.06.19 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeScreenToVideo [2011.06.19 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2011.09.23 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2011.05.07 22:59:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze [2011.06.13 00:18:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2011.04.11 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MicroWorld [2011.08.03 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhotoScape [2011.01.03 01:15:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC [2011.08.19 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan [2011.08.17 22:43:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Research In Motion [2011.01.01 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2011.06.11 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Solveig Multimedia [2011.09.07 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony [2010.11.16 19:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Teeworlds [2010.10.22 23:51:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.10.31 00:35:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2011.04.03 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zoner [2011.09.04 23:14:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.18 23:29:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.02.21 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Adobe [2011.08.15 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AnvSoft [2011.04.23 21:12:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Apple Computer [2010.11.14 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo [2010.10.22 22:54:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ATI [2011.05.17 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Avnex [2010.10.24 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AVS4YOU [2011.06.01 17:48:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blackberry Desktop [2011.09.12 19:41:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft [2011.04.10 12:52:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.06.19 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FireShot [2011.05.02 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2011.06.19 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeScreenToVideo [2011.06.19 21:06:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo [2011.09.23 14:30:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2011.05.07 22:59:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Gutscheinmieze [2011.06.13 00:18:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.10.22 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Identities [2010.10.22 21:23:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Macromedia [2011.05.07 23:02:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Media Center Programs [2011.04.15 16:47:22 | 000,000,000 | --SD | M] -- C:\Users\*****\AppData\Roaming\Microsoft [2011.04.11 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MicroWorld [2010.10.22 22:24:12 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mozilla [2011.04.29 21:05:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\NCH Software [2011.04.03 14:39:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nero [2011.08.03 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PhotoScape [2011.01.03 01:15:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC [2011.08.19 14:52:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan [2011.08.17 22:43:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Research In Motion [2011.01.01 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung [2010.12.23 00:50:43 | 000,000,000 | RH-D | M] -- C:\Users\*****\AppData\Roaming\SecuROM [2011.08.31 22:02:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Skype [2011.07.28 21:48:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\skypePM [2011.06.11 18:47:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Solveig Multimedia [2011.09.07 23:06:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Sony [2011.09.13 20:05:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com [2010.11.16 19:03:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Teeworlds [2010.10.22 23:51:41 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2010.10.31 00:35:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2011.08.21 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\vlc [2010.11.21 23:18:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinRAR [2011.04.03 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\*****\AppData\Roaming\Gutscheinmieze\uninstall.exe [2011.05.16 13:55:37 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\*****\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011.01.28 23:54:17 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\*****\AppData\Roaming\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2011.09.23 10:44:18 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe [2011.09.23 10:44:14 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe [2011.02.24 14:07:18 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\mmg8xq4h.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.09.07 15:02:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.09.07 15:02:28 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > /LOG1 |
|
29.09.2011, 21:12
| #10 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! LOG2OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.09.2011 21:49:24 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,62% Memory free
7,99 Gb Paging File | 6,53 Gb Available in Paging File | 81,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 382,84 Gb Free Space | 82,20% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 348,55 Gb Free Space | 74,84% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 703,42 Gb Free Space | 75,53% Space Free | Partition Type: FAT32
Computer Name: BRUNNENMILLER | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{38DCF0E4-948D-262D-88E6-57CDE6BB982A}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62BDA98E-352B-5244-FA5C-5C441EF799EB}" = ATI AVIVO64 Codecs
"{7EFF6FF7-45DE-A868-8300-615D7038879E}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F62B016F-677E-0079-0052-18D45F186798}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03496F77-5835-D529-1ED8-044FCD372E0F}" = HydraVision
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1370D655-9DA3-EF82-FB57-BC5A2DCCD020}" = CCC Help Japanese
"{17D6207F-F9F4-1FDE-3F6B-C5B67CFD87C9}" = Catalyst Control Center Graphics Full New
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{1DA18566-1084-CE33-5BC5-A214B8FC0CA4}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22B4D0B5-81C5-ACE0-94CB-72E875B447A4}" = Catalyst Control Center Graphics Previews Common
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D4AEA8C-3FD2-AB03-9E3A-F040B42E0BA3}" = CCC Help Portuguese
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{44136AFD-2559-F68C-10E3-AC269CE942A7}" = CCC Help Danish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46942F53-F6B5-E272-6989-0C75BBDF2668}" = CCC Help Chinese Standard
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EE4C1F0-B0BF-37CA-2555-ED586F17C5C9}" = Catalyst Control Center Graphics Previews Vista
"{53EBA2A9-50F2-16EB-3A44-C99BFF927032}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5629D545-08E1-516E-F498-082A72A5269D}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C329FB8-04D8-D32B-18B8-FA7594040FC0}" = CCC Help Dutch
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0AEB7F-E55B-809B-0D05-F843032B75F7}" = Catalyst Control Center Graphics Full Existing
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F05FB49-2086-2FED-E2CC-824C189E9C75}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75F440C9-C292-1BA6-9755-C94F800657E9}" = ccc-core-static
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77FD4E2C-EDDA-D622-6DAA-6DDE7B17DE85}" = Catalyst Control Center Localization All
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7ACC5E2B-B543-2E93-F37D-A1390847FF29}" = CCC Help Thai
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7c8e2e29-e975-43f7-9d88-9f650f021df5}" = Nero 9 Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{878C6821-18F9-F6A2-42A7-1ACB1A14AF5C}" = CCC Help Hungarian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{946CC1D8-6E30-2A7C-3AC1-D433ED4FB00B}" = CCC Help Finnish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F80369-7A37-4DE2-85E6-ACB41C3AF0F3}" = Audials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDF34B4-B53E-54B5-9BA9-7FAA41693BF0}" = CCC Help Czech
"{A137D52E-FA96-4815-85F5-E7B8F66837DB}" = Race Driver 3
"{A60ABB01-915B-E5A4-5120-0976C0D7697F}" = CCC Help English
"{A7238DAD-BF6A-3D96-8436-065A1175B39A}" = CCC Help Chinese Traditional
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05290B3-B125-2481-BC4D-7C4BE5126DD5}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C310995F-B785-4252-6A3B-333BA411DE6B}" = CCC Help French
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5FF3187-EEED-4AA1-BC3A-F2FF30560EDF}" = BlackBerry Desktop Software 4.2.1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBBCF7F1-2AD2-48A3-8408-A9279857D832}" = Samsung PC Studio 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082A6B-2334-2533-A5ED-41B537ECD02A}" = CCC Help German
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E84FA784-3305-5E34-16C8-51949D03C059}" = Catalyst Control Center InstallProxy
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9A28E0B-F85A-FFDA-C486-C0D34AD506AF}" = CCC Help Turkish
"{EC318F8C-CECC-B31E-44C4-55A1A63E41D5}" = CCC Help Greek
"{ECAD020B-3418-E868-FC8D-668FA6C6A019}" = Catalyst Control Center HydraVision Full
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F4B6FE67-B077-472E-1B06-0D50C8B05206}" = CCC Help Swedish
"{F4B70AA9-AA91-4894-4AC5-61A6934CD85B}" = Catalyst Control Center Core Implementation
"{F525FDB5-C9D4-6505-ACB9-90C921C83ACD}" = CCC Help Italian
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE83F56A-D87F-E70E-AE6E-749DFBE27666}" = CCC Help Spanish
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"BlackBerry_{D5FF3187-EEED-4AA1-BC3A-F2FF30560EDF}" = BlackBerry Desktop Software 4.2.1
"Combat Arms EU" = Combat Arms EU
"Counter-Strike 1.6" = Counter-Strike 1.6
"Cross Fire_is1" = Cross Fire En
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"eScan Anti-Virus (AV) Edition für Windows_is1" = eScan Anti-Virus (AV) Edition für Windows
"ESET Online Scanner" = ESET Online Scanner v3
"FlightGear_is1" = FlightGear v2.0.0
"Free Studio_is1" = Free Studio version 5.1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"HyperCam 3" = HyperCam 3
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"ISIS Draw 2.1.4 Standalone" = ISIS Draw 2.1.4 Standalone
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PokerStars.net" = PokerStars.net
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.09.2011 12:19:41 | Computer Name = ***** | Source = ESENT | ID = 215
Description = WinMail (636) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 08.09.2011 07:56:31 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 12.09.2011 12:37:52 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 13.09.2011 08:42:22 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avpmapp.exe, Version: 9.0.2.466,
Zeitstempel: 0x4e410250 Name des fehlerhaften Moduls: wscisvif.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3e4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001d12 ID des fehlerhaften
Prozesses: 0x678 Startzeit der fehlerhaften Anwendung: 0x01cc721224e8f66e Pfad der
fehlerhaften Anwendung: C:\PROGRA~3\MICROW~1\eScanBD\avpmapp.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\wscisvif.dll Berichtskennung: d318c732-de05-11e0-be94-4061868e1eab
Error - 15.09.2011 10:59:40 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Desktop\SoftonicDownloader_fuer_teeworlds.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.09.2011 10:59:43 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Desktop\SoftonicDownloader_fuer_teeworlds.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.09.2011 11:00:09 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Desktop\SoftonicDownloader_fuer_teeworlds.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.09.2011 11:00:11 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*****\Desktop\SoftonicDownloader_fuer_teeworlds.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 15.09.2011 11:21:25 | Computer Name = ***** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WRLauncher.exe, Version: 1.0.0.1,
Zeitstempel: 0x4e27a773 Name des fehlerhaften Moduls: WRLauncher.exe, Version: 1.0.0.1,
Zeitstempel: 0x4e27a773 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001cb63 ID des fehlerhaften
Prozesses: 0x15a8 Startzeit der fehlerhaften Anwendung: 0x01cc73bb1326f55c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\GamersFirst\War Rock\WRLauncher.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\GamersFirst\War Rock\WRLauncher.exe
Berichtskennung:
5ffdd4fa-dfae-11e0-a76c-4061868e1eab
Error - 25.09.2011 13:07:03 | Computer Name = ***** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Media Center Events ]
Error - 23.01.2011 10:14:55 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 15:14:45 - Fehler beim Herstellen der Internetverbindung. 15:14:45
- Serververbindung konnte nicht hergestellt werden..
Error - 24.01.2011 08:52:13 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 13:52:13 - Fehler beim Herstellen der Internetverbindung. 13:52:13
- Serververbindung konnte nicht hergestellt werden..
Error - 24.01.2011 08:52:26 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 13:52:18 - Fehler beim Herstellen der Internetverbindung. 13:52:18
- Serververbindung konnte nicht hergestellt werden..
Error - 25.01.2011 11:08:07 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 16:08:07 - Fehler beim Herstellen der Internetverbindung. 16:08:07
- Serververbindung konnte nicht hergestellt werden..
Error - 25.01.2011 11:08:17 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 16:08:12 - Fehler beim Herstellen der Internetverbindung. 16:08:12
- Serververbindung konnte nicht hergestellt werden..
Error - 06.02.2011 10:59:44 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 15:59:44 - Fehler beim Herstellen der Internetverbindung. 15:59:44
- Serververbindung konnte nicht hergestellt werden..
Error - 06.02.2011 11:00:12 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 15:59:50 - Fehler beim Herstellen der Internetverbindung. 15:59:50
- Serververbindung konnte nicht hergestellt werden..
Error - 09.02.2011 12:27:54 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 17:27:54 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 10.02.2011 11:34:17 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 16:34:16 - Fehler beim Herstellen der Internetverbindung. 16:34:16
- Serververbindung konnte nicht hergestellt werden..
Error - 10.02.2011 11:34:27 | Computer Name = ***** | Source = MCUpdate | ID = 0
Description = 16:34:22 - Fehler beim Herstellen der Internetverbindung. 16:34:22
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 26.09.2011 16:25:10 | Computer Name = ***** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "MWAgent" wurde unerwartet beendet. Dies ist bereits 2
Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 26.09.2011 16:27:10 | Computer Name = ***** | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "MWAgent" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056
Error - 27.09.2011 11:20:57 | Computer Name = ***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 27.09.2011 11:22:06 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 28.09.2011 12:49:33 | Computer Name = ***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 28.09.2011 12:51:23 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 29.09.2011 07:01:55 | Computer Name = ***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.09.2011 07:03:48 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 29.09.2011 14:40:07 | Computer Name = ***** | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 29.09.2011 14:41:16 | Computer Name = ***** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
< End of report >
/LOG2 |
|
29.09.2011, 22:00
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 40 5D 60 81 95 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2011, 17:38
| #12 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! OTL LOG: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully. C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully. Prefs.js: "foxsearch" removed from browser.search.defaultenginename Prefs.js: "Game Master 1.1 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "foxsearch" removed from browser.search.order.1 Prefs.js: "foxsearch" removed from browser.search.selectedEngine C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\mmg8xq4h.default\user.js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ***** ->Temp folder emptied: 34046436 bytes ->Temporary Internet Files folder emptied: 6120520 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 297074336 bytes ->Flash cache emptied: 2958 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 58188203 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 377,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10042011_182347 Files\Folders moved on Reboot... C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\JETDA47.tmp moved successfully. C:\Windows\temp\JETDA48.tmp moved successfully. C:\Windows\temp\JETE993.tmp moved successfully. Registry entries deleted on Reboot... /LOG danke!, gruß marc |
|
04.10.2011, 17:46
| #13 |
| | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! ---------------------------------------------------------------------------- könnte der webmaster bitte dann irgendwie meinen namen verbergen, also bei den logs, oder einfach das thema dann löschen, sodass man mich in google nich mehr findet, wäre wirklich nett, also wenn das ganze hier beendet ist,danke im vorraus!habs nämlich nicht überall, durch "xxx" ersetzt" ---------------------------------------------------------------------------- |
|
04.10.2011, 18:11
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! Solche Infos musst du VOR DEM POST der Logs editieren! => http://www.trojaner-board.de/69886-a...-beachten.html Jeder Editor hate eine Ersetzen-Funktion, man muss nicht manuell jede Zeile durchsehen! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.10.2011, 18:20
| #15 | |
| Administrator /// technical service  | TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden!Zitat:
entweder als antwort hier oder zu mir per PM. |
|
| Themen zu TrojanES.Dropper beim öffnen von "Warrock", kann nicht gelöscht werden! |
| 64-bit, andere, anderen, anhang, antivirus, beitrag, bit defender, dateien, defender, gelöscht, infizierte, infizierten, laufwerk c, laufwerk d:, löschen, malwarebytes, maßnahme, meldung, online, ordner, quarantäne, registrierungsdatenbank, superantispyware, system, troja, trojaner warrock quarantäne hilfe, update, updaten, windows 7 64-bit, überprüfen, zocken, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
