Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner FakeAlert

Trojaner FakeAlert


Log-Analyse und Auswertung: Trojaner FakeAlert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.11.2011, 12:44   #1
Blumenwiese
 
Trojaner FakeAlert - Standard

Trojaner FakeAlert


Hallo,

heute hat sich ein "Antiviren-Programm" bei mir gemütlich gemacht. Bin derzeit im abgesicherten Modus und habe Malwarebytes drüber scannen lassen.

Hier die Log-Datei:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8159

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

14.11.2011 11:41:42
mbam-log-2011-11-14 (11-41-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 190621
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sIyTmnsPQfX.exe (Trojan.FakeAlert) -> Value: sIyTmnsPQfX.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\siytmnspqfx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\orf1rbdmofdjpb.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\18paam6x8uy32g.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\3093.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\98D7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\guqsxfgvoxlht0.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\wusa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\~!#BF9A.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\0.4948223278427448.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Hier noch Log-Datein von alten Scans:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7883

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.10.2011 13:24:23
mbam-log-2011-10-06 (13-24-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 201419
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 11:33:35
mbam-log-2011-05-20 (11-33-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 370370
Laufzeit: 1 Stunde(n), 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 10:21:06
mbam-log-2011-05-20 (10-21-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175581
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{182E67FC-4F59-474F-B9C1-9A929ACA6FF3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F0F7712-BF80-4AEB-8F9C-928CD50811F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{28947FAA-1985-41AD-9BA6-B944B53BF501}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{355FB103-FD41-4A10-A6C1-7FB164F54612}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5C921513-FA38-41B5-AFBB-D8FAF561C2AE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{69D85F44-B385-4149-BA59-F8A92EA80B44}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6AD37F0C-EC13-4241-B8A3-2073CFE75587}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{78DD2770-F3A5-4436-B2BC-BA0CBD94A8F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A0926A4-F5FB-4A62-8EFD-9D7B1B2D73D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7BEBADC2-E40A-4B76-9A85-85AB26E20F59}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{8BB5D3A3-F541-4D00-854C-BDD13980D283}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{90720311-134C-4EF5-9D5D-814DB9EC2496}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{917C7491-0480-45B8-9036-79444CD6CB23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{971DBBAD-A81D-42BA-A64C-A5DC571A343E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A8B1D00B-5B0D-4DB5-AC29-0408592D2B91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA4DABD8-A2AC-4E94-9C76-D46AF7BF9E6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7F48FCF-F3CA-480A-AAD4-B7EFB0731D93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1270D8B-5EC4-4710-95A6-03E70C263BD4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{C58EABCF-525A-448C-8EC3-88E1AE270152}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E3CA773C-C55B-41D4-8F8F-342D63CC18BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E8934A54-F31B-4807-B5AF-AEA04B10B508}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EE73CAD9-BCC6-486E-B444-7A003C1F99AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1B022FB-A0B8-46ED-99E4-93AA579609A8}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ED4ACB-F7C6-42FE-A167-4B83FB00F793}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1BFFC4AF-9B13-4A66-84DD-B71A10C2F1F1}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe | 
"{1F0B1D74-9CB2-4A10-95D5-31EA94FAEFAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1F360168-4EEB-4A22-920A-BF70179401CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{25F9F6B1-C512-4A18-8C8A-48CEE00BF5DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38010F0C-9E0C-434E-AA6E-BB0B2648817F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77619B93-13FC-4027-9635-FC47ED167F1E}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{78E7469C-DD8A-4B64-ADFB-3F7C7EA46041}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8151AF7F-6145-4804-AA7E-5F09C93C02A1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{8A5B0940-5EDA-4CA7-95C9-439067DEDA82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{943721B8-3FED-4623-93C5-20AED5B22CF0}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe | 
"{9F734A5C-EC0A-4782-8B20-1A3D993D6AA6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AD1979FD-2837-4573-8F0A-1F874A96BCA1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B8176040-B066-42FF-84EF-71174CD5CEE9}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{BEA0A3B3-DBE4-44E8-A4AB-20C18015BE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB436949-CC95-4F1C-9471-0ECA2D776867}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DC7B8546-71F4-492F-A101-7C107DDA9B35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FD08C18A-C13B-4844-85AA-6D109830918D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{16AA6523-F560-4DAC-B64D-8E7237B6F345}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{1DCD0280-613B-4811-9E74-DD36F3ACCE32}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{316FB121-4081-441A-B18C-86019EF9E70E}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{67764990-4DB3-4CAB-A98E-4E9F34D497A1}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{7312BBD5-C7C3-49C3-B913-DA29869DAAE8}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{831B596B-B10B-4F2B-916C-BB72AC8F160F}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{975233EA-C0DD-4D25-8BCD-47278132FB03}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"TCP Query User{E853903F-41E6-45D3-A136-7FE411A53898}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe | 
"UDP Query User{1A048BCE-1EC8-4265-8441-86B03DB182BE}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{24BA53AC-A94A-46FB-9EEB-008CEB2EC677}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{649AEF97-1F1C-4538-9296-4531599888A9}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{7AE73B26-2A3E-4C06-96DC-CFF942496D43}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{AE1DCDAD-67A1-46E6-BA41-CB402500C593}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{CD70A618-C923-4ADB-953F-A55BB91A90DB}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe | 
"UDP Query User{E7E5D31B-6D42-41AD-A16D-D6C31DE1C235}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe | 
"UDP Query User{FECA17D4-82E4-41A0-ADB6-FE99D21A6BF7}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility
"{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static
"{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing
"{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English
"{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German
"{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HFRS_is1" = Trend Micro SafeSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (6.0.1)" = Mozilla Thunderbird (6.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Plugin Marketing Booster_is1" = DATA BECKER Plugin Marketing Booster
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Recuva" = Recuva
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SEO Traffic-Booster_is1" = DATA BECKER SEO Traffic-Booster
"shop to date 6.0 pro MultiUser_is1" = DATA BECKER shop to date 6.0 pro MultiUser
"shop to date 7 pro MultiUser_is1" = DATA BECKER shop to date 7 pro MultiUser
"uninstall.exe" = iLinc Client
"VLC media player" = VLC media player 1.0.5
"web2date" = DATA BECKER shop to date 5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 06:22:29 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:24:25 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:24:37 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x17271727,  Prozess-ID 0x5a8, Anwendungsstartzeit
 01cca2b793788352.
 
Error - 14.11.2011 06:31:01 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.11.2011 06:34:13 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 01.07.2010 05:27:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2779
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 30.07.2010 07:30:14 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9923
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.09.2010 06:49:56 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3039
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 04:56:25 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1326
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 08:43:22 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13569
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 30.09.2010 08:46:30 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6923
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2010 04:56:01 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3401
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 12.10.2010 02:38:50 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 820
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 26.10.2010 08:51:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6441
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 04:55:04 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6405
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.11.2011 06:33:38 | Computer Name = *-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.11.2011 um 11:32:02 unerwartet heruntergefahren.
 
Error - 14.11.2011 06:34:00 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC       :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC       :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:08 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:09 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:10 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026
Description = 
 
[ TuneUp Events ]
Error - 10.10.2011 07:49:55 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-10 13:49:55', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5388',0)
 
Error - 12.10.2011 04:11:56 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:11:56', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3732',0)
 
Error - 12.10.2011 04:43:09 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:43:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5016',0)
 
Error - 12.10.2011 05:07:16 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 11:07:16', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5580',0)
 
Error - 12.10.2011 07:35:27 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 13:35:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3844',0)
 
Error - 14.10.2011 04:19:58 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:19:58', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4260',0)
 
Error - 14.10.2011 04:20:13 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:20:13', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2988',0)
 
Error - 18.10.2011 08:41:59 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-18 14:41:59', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3736',0)
 
Error - 19.10.2011 02:31:04 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-19 08:31:04', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3060',0)
 
Error - 26.10.2011 08:29:43 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-26 14:29:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3172',0)
 
 
< End of report >
Code:
ATTFilter
OTL logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nico*er.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICO*ER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[2011.10.17 09:42:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.17 09:42:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.17 09:42:12 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.17 09:42:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.17 09:42:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:47:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:38:27 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.14 11:38:27 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.14 11:38:27 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.14 11:38:27 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.14 11:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 11:47:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
 
========== Purity Check ==========
 
 

< End of report >
Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:00 on 14/11/2011 (Reblu)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-14 12:42:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000056 WDC_WD64 rev.05.0
Running: knnmbkcs.exe; Driver: C:\Users\*\AppData\Local\Temp\pwlorpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien      0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien     0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien   0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\CAMGUBYD-Dateien             0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien   0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien             0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien           0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien          0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien       0 bytes

---- EOF - GMER 1.0.15 ----

 

Themen zu Trojaner FakeAlert
antiviren-programm, autorun, avira, becker, bonjour, error, excel, exploit.drop.2, festplatte, firefox, flash player, format, google, google chrome, home, install.exe, intranet, ip-adresse, log-datei, logfile, microsoft office word, mozilla, mozilla thunderbird, pdfforge toolbar, plug-in, realtek, recuva, registry, rogue.fakealert, rundll, scan, sched.exe, security, server, shell32.dll, software, svchost.exe, tcp, trojan.inject, trojaner, usb, version=1.0, vista


« Extreem viele HTTP-Requests | habe svchost.exe virus/trojaner »


Ähnliche Themen: Trojaner FakeAlert


  1. Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (17)
  2. Trojaner ZeroAccess + FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (28)
  3. Trojaner (?) HTM/FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (31)
  4. Bundespolizei Trojaner. HTML/FakeAlert.AP
    Plagegeister aller Art und deren Bekämpfung - 18.04.2012 (32)
  5. BKA/UCash-100EUR-Trojaner (htlm/fakealert AP)
    Log-Analyse und Auswertung - 06.04.2012 (13)
  6. Trojaner fakealert - Hauptbenutzerkonto weg
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (3)
  7. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  8. rootkit Trojaner FakeAlert!grb auf Windows XP Notebook
    Log-Analyse und Auswertung - 18.07.2011 (24)
  9. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  10. Trojaner trojan.fakeAlert blendet Desktop und Dateien aus
    Log-Analyse und Auswertung - 08.05.2011 (17)
  11. Trojaner.FakeAlert wurde angeblich schon gelöscht
    Plagegeister aller Art und deren Bekämpfung - 21.02.2011 (9)
  12. Problem mit fwq.exe/FakeAlert Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2010 (24)
  13. wie werde ich ihn los und was will er von mir: Trojaner TR/Fakealert.198144
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (8)
  14. Trojaner: SHeur3.WGQ, Trojaner: Cryptic.NN, ,FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (5)
  15. Trojaner TR/fakealert.144384
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (3)
  16. Trojaner.Fakealert - Legt meinen PC lahm
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (20)
  17. Trojaner TR/Crypt.XPACK.Gen und FakeAlert
    Mülltonne - 30.07.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner FakeAlert - Hallo, heute hat sich ein "Antiviren-Programm" bei mir gemütlich gemacht. Bin derzeit im abgesicherten Modus und habe Malwarebytes drüber scannen lassen. Hier die Log-Datei: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' - Trojaner FakeAlert...
Archiv
Du betrachtest: Trojaner FakeAlert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131