| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ordner/Dateien verschwinden, mehrere Trojaner gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.12.2011, 15:31
| #1 |
| |  Ordner/Dateien verschwinden, mehrere Trojaner gefunden Hallo Community, ich hoffe ihr könnt mir bei meinem Virenproblem behilflich sein. Vor zwei Tagen zeigte mir Avira eine ganze Menge Meldungen über Malware-Fund. Ich verweigerte natürlich den Zugriff und die Programme wurden angeblich erfolgreich in Quarantäne verschoben. Anschliessend startete ich den PC neu, sah nur noch einen schwarzen Hintergrund, sämtlich Dateien und Ordner schienen gelöscht (auch die meiner externen Festplatte). Dann fing ich an mich über einen der gefundenen Viren zu informieren. Es handelte sich erst ''nur'' um TR.Crypt.XPACK.Gen, bis ich eben noch viele weitere entdeckt habe im Avira Ereignisbericht  Ich werde sie mal aufzählen: C:\ProgramData\privacy.exe TR/Crypt.XPACK.Gen3 (12x gefunden) C:\Windows\System32\consrv.dl TR/ATRAPS.Gen2 (3x gefunden) C:\ProgramData\C43A.tmp TR/Crypt.XPACK.Gen3 C:\Users\*****\AppData\Local\Temp\nSqw1Tfy25G2u0.exe TR/Crypt.XPACK.Gen (2x gefunden) C:\Users\*****\AppData\Local\Temp\nSqw1Tfy25G2u0.exe TR/Alureon.FL.4 (2x gefunden) Mein Betriebsystem ist Windows Professional 64-Bit. In anderen Threads hatte ich bereits ähnliche Symptome gesehen und von daher auch schon mögliche Lösungsansätze probiert. Ich habe Logs von Malwarebytes und OTL erstellt. Zunächst einmal der Log von Malwarebytes --------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8330 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 08.12.2011 14:02:01 mbam-log-2011-12-08 (14-02-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 442614 Laufzeit: 1 Stunde(n), 3 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ----------------------------------------------------------------------- Nun der Log von OTL -------------------------------------------------------------------------- OTL logfile created on: 09.12.2011 13:24:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = J:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 82,97% Memory free 16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,29 Gb Total Space | 37,26 Gb Free Space | 16,25% Space Free | Partition Type: NTFS Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,19% Space Free | Partition Type: FAT Drive Z: | 298,02 Gb Total Space | 11,14 Gb Free Space | 3,74% Space Free | Partition Type: FAT32 Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.08 12:40:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- J:\OTL.exe PRC - [2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe PRC - [2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe PRC - [2011.11.12 23:47:01 | 001,242,448 | -H-- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.07.11 20:41:07 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 20:33:33 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.26 21:47:08 | 000,075,136 | -H-- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.03.31 15:08:14 | 000,080,896 | -H-- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.02.18 10:06:06 | 001,666,560 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE PRC - [2011.02.18 10:05:32 | 000,495,616 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe PRC - [2010.12.13 08:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.14 02:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | -H-- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe MOD - [2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe MOD - [2011.11.12 23:58:46 | 014,410,024 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2011.11.12 23:58:46 | 000,914,216 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2011.11.12 23:58:46 | 000,194,344 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2011.11.12 23:58:46 | 000,155,432 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2011.11.12 23:58:46 | 000,091,432 | -H-- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.10.25 21:14:28 | 000,361,984 | -H-- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.06.21 18:12:30 | 000,341,296 | -H-- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.11.12 23:58:46 | 000,419,624 | -H-- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.04 14:34:48 | 002,329,480 | -H-- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.07.11 20:41:07 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 20:33:33 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.26 21:47:08 | 000,075,136 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.03.31 15:08:14 | 000,080,896 | -H-- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.01.30 16:05:17 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.01.30 16:04:32 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.01.30 16:03:44 | 000,079,360 | -H-- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010.11.11 14:39:34 | 000,128,928 | -H-- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | -H-- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.07.11 20:41:07 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.11 20:41:07 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.12.17 23:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.11 06:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2006.11.10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV - [2011.06.24 05:31:02 | 000,055,424 | -H-- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 71 BC A0 6D A4 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 21:27:32 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 15:29:39 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.25 21:56:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.12.25 21:56:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.28 19:36:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions [2011.11.28 19:36:39 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.22 19:01:09 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.02 21:40:37 | 000,000,950 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin-1.xml [2011.11.10 17:26:03 | 000,001,056 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin.xml [2011.11.10 21:27:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.10 21:27:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.06.26 13:19:01 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.26 13:19:01 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.06.26 13:19:01 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.22 16:37:26 | 000,002,045 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.06.26 13:19:01 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.26 13:19:01 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.26 13:19:01 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) O4 - HKLM..\Run: [KWosWQElxCrnJTM.exe] C:\ProgramData\KWosWQElxCrnJTM.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D489E35E-A143-443D-9617-A0459D08A689}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell - "" = AutoRun O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe O33 - MountPoints2\{17f31f71-6fec-11e0-b49d-00252268eb09}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\atisetup.exe O33 - MountPoints2\Z\Shell - "" = AutoRun O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files - Modified Within 30 Days ========== [2011.12.09 13:26:33 | 000,001,108 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.09 13:22:35 | 000,001,104 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.09 13:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.09 13:22:12 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys [2011.12.08 14:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.08 14:10:43 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.08 12:27:32 | 000,000,456 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x [2011.12.08 12:26:07 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3x [2011.12.08 11:09:49 | 000,000,525 | -H-- | M] () -- C:\Users\*****\Desktop\unhide nonsystem files.lnk [2011.12.07 21:58:54 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3xr [2011.12.07 21:27:06 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.07 21:27:06 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.07 21:27:06 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.07 21:27:06 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.07 21:27:06 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.07 21:21:04 | 000,141,120 | -H-- | M] (GridinSoft) -- C:\Users\*****\Desktop\unhider.exe [2011.12.07 20:09:02 | 000,000,653 | -H-- | M] () -- C:\Users\*****\Desktop\System Fix.lnk [2011.12.07 20:08:19 | 000,371,712 | -H-- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x.exe [2011.12.07 20:01:55 | 000,371,712 | -H-- | M] () -- C:\ProgramData\TPjkY19NSBR6GK.exe [2011.12.07 19:49:00 | 000,462,848 | -HS- | M] () -- C:\ProgramData\KWosWQElxCrnJTM.exe [2011.12.05 17:06:38 | 000,361,320 | -H-- | M] () -- C:\Users\*****\Desktop\Rechnung.jpg [2011.12.05 17:05:32 | 000,349,800 | -H-- | M] () -- C:\Users\*****\Desktop\Austauschbeleg.jpg [2011.12.04 02:03:45 | 000,000,000 | -H-- | M] () -- C:\Windows\ativpsrm.bin [2011.12.03 12:16:34 | 000,430,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.02 22:59:59 | 000,007,619 | -H-- | M] () -- C:\Users\Fabio\AppData\Local\Resmon.ResmonCfg [2011.12.02 22:54:01 | 000,010,156 | -H-- | M] () -- C:\Users\Fabio\Documents\cc_20111202_225358.reg [2011.11.26 14:11:49 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2011.11.26 14:11:49 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2011.11.25 14:02:46 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.11 18:01:35 | 000,280,736 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.11 18:01:35 | 000,280,736 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.11 17:59:56 | 000,280,768 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== LOP Check ========== [2011.12.02 18:11:24 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.11.28 20:18:21 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\.minecraft_xray [2011.03.09 21:10:58 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Cuttermaran [2011.08.24 19:49:17 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Downloaded Installations [2011.11.25 22:56:04 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Dropbox [2011.01.30 16:26:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.04 11:48:51 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\HTC [2011.09.04 11:47:12 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.12.07 18:06:34 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2011.03.09 20:57:47 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\MPEG Streamclip [2011.10.23 13:20:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Nitro PDF [2011.01.02 19:18:55 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org [2011.07.22 21:22:58 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Origin [2011.09.04 11:48:51 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Outlook [2011.08.06 11:39:45 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\ROCCAT [2010.12.25 21:56:56 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird [2011.11.07 16:55:39 | 000,000,000 | -H-D | M] -- C:\Users\*****\AppData\Roaming\Ubisoft [2011.11.05 17:02:13 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ----------------------------------------------------------------- Generiert wurde auch eine Extras.txt -------------------------------------------------------------------- OTL Extras logfile created on: 09.12.2011 13:24:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = J:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,64 Gb Available Physical Memory | 82,97% Memory free 16,00 Gb Paging File | 14,49 Gb Available in Paging File | 90,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,29 Gb Total Space | 37,26 Gb Free Space | 16,25% Space Free | Partition Type: NTFS Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,19% Space Free | Partition Type: FAT Drive Z: | 298,02 Gb Total Space | 11,14 Gb Free Space | 3,74% Space Free | Partition Type: FAT32 Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit) "{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}" = Nitro PDF Reader 2 "{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager "{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16 "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2 "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11 "{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver "{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "{DD8D87E5-C372-462F-B168-94612B1D9451}" = HTC Sync "{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy "{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Afterburner" = MSI Afterburner 2.1.0 "American Conquest" = American Conquest "AMP WinOFF" = AMP WinOFF 5.0.0 "ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.76 "ATITool" = ATITool Overclocking Utility "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DVD Decrypter" = DVD Decrypter (Remove Only) "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2 "Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.29 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32 "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM) "InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "OpenAL" = OpenAL "Origin" = Origin "PhotoScape" = PhotoScape "PunkBusterSvc" = PunkBuster Services "Steam App 17500" = Zombie Panic Source "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 43110" = Metro 2033 "Steam App 44320" = DiRT 3 "Uninstall_is1" = Uninstall 1.0.0.1 "Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.46 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.7 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.11.2011 16:35:08 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm ASROC.exe, Version 2.3.76.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1010 Startzeit: 01cca565720e4e5e Endzeit: 21 Anwendungspfad: C:\Program Files (x86)\ASRock Utility\OCTuner\ASROC.exe Berichts-ID: a17ab51b-115b-11e1-a49f-00252268eb09 Error - 18.11.2011 13:53:11 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9d8 Startzeit: 01cca6163b40740f Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 2c7d4fac-120e-11e1-a444-00252268eb09 Error - 18.11.2011 13:54:16 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13ac Startzeit: 01cca61af07adb1b Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 53927c75-120e-11e1-a444-00252268eb09 Error - 18.11.2011 13:55:08 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 524 Startzeit: 01cca61b1735939a Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 7284ae1f-120e-11e1-a444-00252268eb09 Error - 21.11.2011 16:25:15 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: c28 Startzeit: 01cca88b991e79e6 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: eaa7ce2d-147e-11e1-b139-00252268eb09 Error - 21.11.2011 16:26:03 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 754 Startzeit: 01cca88bae9e357c Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: 073dee97-147f-11e1-b139-00252268eb09 Error - 30.11.2011 14:33:21 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a30 Startzeit: 01ccaf8c0e593b4f Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe Berichts-ID: c66bd484-1b81-11e1-8a57-00252268eb09 Error - 02.12.2011 17:55:15 | Computer Name = *****-PC | Source = Microsoft-Windows-RestartManager | ID = 10007 Description = Die Anwendung oder der Dienst "AODService" konnte nicht neu gestartet werden. Error - 02.12.2011 18:11:34 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12bc Startzeit: 01ccb13cd3da2086 Endzeit: 0 Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe Berichts-ID: 91f85f63-1d32-11e1-a1c3-00252268eb09 Error - 07.12.2011 15:08:30 | Computer Name = *****-PC | Source = Application Hang | ID = 1002 Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2d4 Startzeit: 01ccb51382887acc Endzeit: 15 Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe Berichts-ID: d57bee5e-2106-11e1-82df-00252268eb09 [ System Events ] Error - 08.12.2011 06:12:21 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = Error - 08.12.2011 06:12:21 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = Error - 08.12.2011 06:14:45 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 08.12.2011 06:27:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.12.2011 06:27:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 08.12.2011 07:29:39 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. Error - 08.12.2011 09:07:20 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = Error - 08.12.2011 09:07:20 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = Error - 09.12.2011 08:26:10 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = Error - 09.12.2011 08:26:10 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866314 Description = < End of report > ---------------------------------------------------------------------- Ich habe weiterhin dieselben Symptome wie vorher ohne jegliche Besserung auch wenn Malwarebytes die letzten Dateien aus der Registry gelöscht hat (soweit ich das herrauslesen konnte  ).ComboFix wollte ich erst benutzen wenn ich dazu aufgefordert werde. Sollte irgendetwas fehlen, dann sagt mir einfach Bescheid, ich hoffe die Logs sind korrekt erstellt worden... Danke für eure Mühe! |
|
10.12.2011, 15:24
| #2 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Kann mir bitte jemand helfen
__________________?Ich habe mittlerweile eine Vielzahl an Programmen gefunden, die einen Systemscan durchführen und schädliche Software entfernen. All dies verwirrte mich aber dermaßen, dass ich nun garnicht mehr weiter weiss. |
|
10.12.2011, 18:54
| #3 | ||
| /// Selecta Jahrusso   | Ordner/Dateien verschwinden, mehrere Trojaner gefundenZitat:
 Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste in deiner nächsten Antwort Combofix.txt
__________________ |
|
10.12.2011, 22:27
| #4 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Hallo Daniel, danke für deine Antwort! ComboFix sagte ständig Avira wäre noch im Betrieb, Avira war allerdings deaktiviert, Prozesse beendet und anschliessend hatte ich es nach einem Neustart sogar deinstalliert! ComboFix meinte immernoch es wäre aktiv... Hier nun die Log.txt: Combofix Logfile: Code:
ATTFilter ComboFix 11-12-06.02 - Fabio 10.12.2011 21:30:02.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.6843 [GMT 1:00]
ausgeführt von:: c:\users\Fabio\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\KWosWQElxCrnJTM.exe
c:\programdata\TPjkY19NSBR6GK.exe
c:\programdata\xml4125.tmp
c:\programdata\xml4441.tmp
c:\programdata\xml46E1.tmp
c:\programdata\zHdbjIpb0JrA3x.exe
c:\users\Fabio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Fabio\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-10 bis 2011-12-10 ))))))))))))))))))))))))))))))
.
.
2011-12-10 20:35 . 2011-12-10 20:35 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-12-10 20:35 . 2011-12-10 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----w- c:\users\Fabio\AppData\Roaming\Malwarebytes
2011-12-07 20:44 . 2011-12-07 20:44 -------- d-----w- c:\programdata\Malwarebytes
2011-12-07 20:44 . 2011-12-08 11:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-07 20:44 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 01:04 . 2011-12-04 01:04 -------- d-----w- c:\programdata\ATI
2011-12-04 01:03 . 2011-12-04 01:03 0 ----a-w- c:\windows\ativpsrm.bin
2011-12-04 01:01 . 2011-12-04 01:01 -------- d-----w- c:\program files (x86)\AMD APP
2011-12-04 01:01 . 2011-12-04 01:01 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-12-04 01:01 . 2011-12-04 01:01 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-12-04 01:00 . 2011-12-04 01:00 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-12-04 00:59 . 2011-12-04 01:01 -------- d-----w- c:\program files\ATI Technologies
2011-12-04 00:59 . 2011-12-04 00:59 -------- d-----w- c:\program files\ATI
2011-12-04 00:59 . 2011-12-04 00:59 -------- d-----w- C:\ATI
2011-12-01 17:31 . 2011-12-03 11:45 -------- d--h--w- c:\users\Fabio\AppData\Local\LogMeIn Hamachi
2011-12-01 17:31 . 2011-12-01 17:31 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2011-11-29 15:48 . 2011-11-29 15:48 -------- d-----w- c:\program files (x86)\Phyxion.net
2011-11-26 13:11 . 2011-11-26 13:11 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-26 13:11 . 2011-11-26 13:11 -------- d-----w- c:\program files\Java
2011-11-26 12:31 . 2011-12-02 17:11 -------- d-----w- c:\users\Fabio\AppData\Roaming\.minecraft
2011-11-25 20:49 . 2011-11-25 20:50 -------- d-----r- c:\users\Fabio\Dropbox
2011-11-25 20:47 . 2011-11-25 21:56 -------- d-----w- c:\users\Fabio\AppData\Roaming\Dropbox
2011-11-18 15:01 . 2011-11-18 15:01 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 13:39 . 2011-11-12 13:39 -------- d-----w- c:\program files\Futuremark
2011-11-11 12:30 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 12:30 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-11 12:29 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 12:29 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 13:02 . 2011-05-22 15:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-11 17:01 . 2011-04-27 11:41 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-11 17:01 . 2011-04-26 18:28 280736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-11-11 16:59 . 2011-04-26 18:28 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-10-26 02:05 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2011-10-26 02:04 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2011-10-26 01:55 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2011-10-26 01:46 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-10-26 01:43 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2011-10-26 01:35 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2011-10-26 01:32 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-10-26 01:29 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2011-10-12 19:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2011-10-26 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2011-10-26 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-10-26 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2011-10-26 01:20 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-25 20:21 . 2011-10-25 20:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-25 20:21 . 2011-10-25 20:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-25 20:21 . 2011-10-25 20:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-25 20:21 . 2011-10-25 20:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-25 20:20 . 2011-10-25 20:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-19 21:14 . 2011-10-19 21:14 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-10-12 15:14 . 2011-10-12 15:14 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-07 20:09 . 2010-12-26 13:36 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-10-07 20:09 . 2010-12-26 13:36 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-09-14 09:47 . 2011-09-14 09:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 09:38 . 2011-09-14 09:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\SysWow64\amdoclcl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2011-02-18 1666560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 ALSysIO;ALSysIO;c:\users\Fabio\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz130;cpuz130;c:\users\Fabio\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-30 79360]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-01-30 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 13:15]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 13:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ---ha-w- c:\users\Fabio\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube to iPod Converter - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
FF - ProfilePath - c:\users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-KWosWQElxCrnJTM.exe - c:\programdata\KWosWQElxCrnJTM.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-91760106-2761533190-790837504-1000\Software\SecuROM\License information*]
"datasecu"=hex:5b,01,e0,33,e2,89,ad,d0,42,cc,db,93,83,c9,c7,c7,67,1e,68,eb,71,
c1,10,be,40,81,11,a8,45,60,32,35,39,bd,e5,78,44,f6,43,fd,bd,15,e6,cd,2b,15,\
"rkeysecu"=hex:a8,16,9d,c0,a1,d3,af,f2,11,b1,cf,a9,ec,60,3a,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-10 21:41:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-10 20:41
.
Vor Suchlauf: 14 Verzeichnis(se), 40.070.975.488 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 39.673.360.384 Bytes frei
.
- - End Of File - - 048A538214DEA968769B8F7C83A80321
Grüße ausm Westerwald Fabio |
|
10.12.2011, 22:42
| #5 |
| /// Selecta Jahrusso | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Update bitte Malwarebytes und führe einen Quick Scan durch. Poste das Logfile hier. ESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.12.2011, 11:15
| #6 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Da bin ich wieder  Hier nun die Logfile von Malwarebytes! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8349 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10.12.2011 23:17:52 mbam-log-2011-12-10 (23-17-52).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 187604 Laufzeit: 2 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Und von ESET ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e645ef4582c5624a9760e71ca3298684 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-11 01:37:50 # local_time=2011-12-11 02:37:50 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 23592316 75187650 0 0 # compatibility_mode=8192 67108863 100 0 5664 5664 0 0 # scanned=326286 # found=11 # cleaned=0 # scan_time=9671 C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\ProgramData\KWosWQElxCrnJTM.exe.vir a variant of Win32/Kryptik.WWI trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\ProgramData\TPjkY19NSBR6GK.exe.vir a variant of Win32/Kryptik.WWI trojan (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\ProgramData\zHdbjIpb0JrA3x.exe.vir a variant of Win32/Kryptik.WWI trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Fabio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4295a2f0-51a3e6eb a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Fabio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4295a2f0-579d3a87 a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I Z:\Fabio\AppData\Local\Temp\gggf0.6990261074860815.exe a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I Z:\Fabio\AppData\Local\Temp\kolf0.7288894253479103.exe a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I Z:\Fabio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4295a2f0-51a3e6eb a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I Z:\Fabio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4295a2f0-579d3a87 a variant of Win32/Kryptik.XAD trojan (unable to clean) 00000000000000000000000000000000 I Z:\Fabio\Downloads\WinOFFSetup.exe a variant of Win32/Adware.OpenInstall application (unable to clean) 00000000000000000000000000000000 I MfG Fabio |
|
11.12.2011, 14:14
| #7 |
| /// Selecta Jahrusso | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Was ist die Platte Z: ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.12.2011, 14:32
| #8 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Z: ist meine Externe mit 320GB. Ich hatte vor einiger Zeit (aus welchem Grund auch immer) eine Vielzahl von virtuellen Laufwerken. Habe alle bis auf eins entfernt und meiner externen Festplatte einen anderen Laufwerksbuchstaben gegeben |
|
11.12.2011, 15:06
| #9 |
| /// Selecta Jahrusso | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Deinstalliere bitte Java(TM) 6 Update 16 Speichere bitte folgende Datei auf deiner Externen Festplatte. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off
cd \
for %%g in (
Fabio\AppData\Local\Temp
) do (
del /a /f /q *.exe
)
del %0
Downloade bitte Grinler's unhide.exe auf deinem Desktop Starte das Tool mit Doppelklick. Wenn es seine Arbeit getan hat, wir eine Nachricht mit Done aufpoppen
Code:
ATTFilter :commands
[emptytemp]
[emptyflash]
Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort OTL.txt Extras.txt Eventuell noch offene Probleme
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.12.2011, 15:57
| #10 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Java(TM) 6 Update 16 habe ich deinstalliert! Nachdem ich die Batchdatei auf meiner Externen ausgeführt habe sind ein paar Dateien verschwunden (vorher waren da noch ein paar WinRar-Archive). Unhide.exe habe ich ausgeführt. Hier der Log von OTL ''Fix'' All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fabio ->Temp folder emptied: 855142 bytes ->Temporary Internet Files folder emptied: 1231138 bytes ->Java cache emptied: 5708677 bytes ->FireFox cache emptied: 42904449 bytes ->Flash cache emptied: 57222 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 3866536 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3238112 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 141120 bytes Total Files Cleaned = 55,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Fabio ->Flash cache emptied: 0 bytes User: Gast User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12112011_153035 Files\Folders moved on Reboot... C:\Users\Fabio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6Z70Q0Y\background-banner-middle-v9[1].jpg moved successfully. C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6Z70Q0Y\list-item-plus[1].png moved successfully. C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPE2K76\background-banner-right-v9[1].jpg moved successfully. C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGPE2K76\background_banner_green_50_v9[1].jpg moved successfully. C:\Users\Fabio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6V3M7D92\background_button_green_full[1].png moved successfully. Registry entries deleted on Reboot... Nun die normale OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.12.2011 15:38:37 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = J:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,06% Memory free 16,00 Gb Paging File | 14,12 Gb Available in Paging File | 88,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,29 Gb Total Space | 36,70 Gb Free Space | 16,01% Space Free | Partition Type: NTFS Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,13% Space Free | Partition Type: FAT Drive Z: | 298,02 Gb Total Space | 13,59 Gb Free Space | 4,56% Space Free | Partition Type: FAT32 Computer Name: FABIO-PC | User Name: Fabio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.08 12:40:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- J:\OTL.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.11.12 23:47:01 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011.11.10 21:27:32 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.26 21:47:08 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.02.18 10:06:06 | 001,666,560 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE PRC - [2011.02.18 10:05:32 | 000,495,616 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe PRC - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2011.12.11 15:33:11 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2011.12.11 15:33:10 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2011.12.11 15:33:10 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2011.12.11 15:33:10 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2011.12.11 15:33:10 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2011.11.10 21:27:31 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.10.25 21:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.06.21 18:12:30 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.11.12 23:58:46 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.04.26 21:47:08 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.03.31 15:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.01.30 16:05:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.01.30 16:04:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.01.30 16:03:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service) SRV - [2010.11.11 14:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.03.04 14:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.12.11 06:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2006.11.10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV - [2011.06.24 05:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 71 BC A0 6D A4 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.12.10 23:17:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 21:27:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 15:29:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.25 07:37:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.25 21:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions [2010.12.25 21:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.28 19:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions [2011.11.28 19:36:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.01.22 19:01:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabio\AppData\Roaming\mozilla\Firefox\Profiles\cj9n2xpc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.10 23:21:02 | 000,000,950 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin-1.xml [2011.11.10 17:26:03 | 000,001,056 | ---- | M] () -- C:\Users\Fabio\AppData\Roaming\Mozilla\Firefox\Profiles\cj9n2xpc.default\searchplugins\icqplugin.xml [2011.11.10 21:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\FABIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI () (No name found) -- C:\USERS\FABIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJ9N2XPC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.10 21:27:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.06.26 13:19:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.26 13:19:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.06.26 13:19:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.02.22 16:37:26 | 000,002,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.06.26 13:19:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.26 13:19:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.26 13:19:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.10 21:36:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D489E35E-A143-443D-9617-A0459D08A689}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.10 23:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.10 23:20:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe [2011.12.10 23:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.12.10 23:04:16 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.12.10 23:04:14 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.12.10 23:04:09 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.12.10 23:04:08 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.12.10 23:04:07 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.12.10 23:04:06 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.12.10 23:04:06 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.12.10 23:03:55 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.12.10 23:03:55 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.12.10 23:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.12.10 23:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.12.10 21:41:14 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.10 21:37:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.10 21:28:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.12.10 21:28:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.12.10 21:28:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.12.10 21:15:03 | 004,331,784 | R--- | C] (Swearware) -- C:\Users\Fabio\Desktop\ComboFix.exe [2011.12.08 11:26:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.08 11:24:19 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.12.07 22:01:41 | 000,141,120 | ---- | C] (GridinSoft) -- C:\Users\Fabio\Desktop\unhider.exe [2011.12.07 21:44:42 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Malwarebytes [2011.12.07 21:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.07 21:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.07 21:44:30 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.07 21:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.04 02:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.12.04 02:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.12.04 02:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011.12.04 02:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.12.04 02:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011.12.04 02:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.12.04 01:59:52 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011.12.04 01:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.12.04 01:59:01 | 000,000,000 | ---D | C] -- C:\ATI [2011.12.02 22:48:16 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Desktop\Wichtig dies das [2011.12.02 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\Fabio\Desktop\Minecraft dies das, Stick [2011.11.29 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net [2011.11.29 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net [2011.11.28 20:18:21 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\.minecraft_xray [2011.11.26 14:11:57 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2011.11.26 14:11:57 | 000,252,296 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2011.11.26 14:11:57 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2011.11.26 14:11:57 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2011.11.26 14:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.11.26 13:31:12 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\.minecraft [2011.11.25 21:49:46 | 000,000,000 | R--D | C] -- C:\Users\Fabio\Dropbox [2011.11.25 21:48:05 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.11.25 21:47:42 | 000,000,000 | ---D | C] -- C:\Users\Fabio\AppData\Roaming\Dropbox [2011.11.25 20:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.18 16:01:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.12 14:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark ========== Files - Modified Within 30 Days ========== [2011.12.11 15:40:00 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 15:40:00 | 000,016,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 15:32:30 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.11 15:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.11 15:32:03 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys [2011.12.11 15:26:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.11 15:22:22 | 000,684,297 | ---- | M] () -- C:\Users\Fabio\Desktop\unhide.exe [2011.12.11 11:50:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.12.10 23:21:12 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe [2011.12.10 23:04:17 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.12.10 22:51:21 | 000,001,288 | ---- | M] () -- C:\Users\Fabio\Desktop\Steam.lnk [2011.12.10 22:50:32 | 000,001,310 | ---- | M] () -- C:\Users\Fabio\Desktop\iTunes.lnk [2011.12.10 22:50:20 | 000,001,402 | ---- | M] () -- C:\Users\Fabio\Desktop\Mozilla Firefox.lnk [2011.12.10 22:50:07 | 000,001,476 | ---- | M] () -- C:\Users\Fabio\Desktop\Mozilla Thunderbird.lnk [2011.12.10 21:36:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.10 21:15:12 | 000,000,456 | ---- | M] () -- C:\ProgramData\zHdbjIpb0JrA3x [2011.12.10 21:13:53 | 000,000,296 | ---- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3x [2011.12.10 21:08:34 | 000,000,525 | ---- | M] () -- C:\unhide nonsystem files.lnk [2011.12.07 22:42:02 | 004,331,784 | R--- | M] (Swearware) -- C:\Users\Fabio\Desktop\ComboFix.exe [2011.12.07 21:58:54 | 000,000,184 | ---- | M] () -- C:\ProgramData\~zHdbjIpb0JrA3xr [2011.12.07 21:27:06 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.07 21:27:06 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.07 21:27:06 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.07 21:27:06 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.07 21:27:06 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.07 21:21:04 | 000,141,120 | ---- | M] (GridinSoft) -- C:\Users\Fabio\Desktop\unhider.exe [2011.12.05 17:06:38 | 000,361,320 | ---- | M] () -- C:\Users\Fabio\Desktop\Rechnung.jpg [2011.12.05 17:05:32 | 000,349,800 | ---- | M] () -- C:\Users\Fabio\Desktop\Austauschbeleg.jpg [2011.12.04 02:03:45 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.12.03 12:16:34 | 000,430,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.02 22:59:59 | 000,007,619 | ---- | M] () -- C:\Users\Fabio\AppData\Local\Resmon.ResmonCfg [2011.12.02 22:54:01 | 000,010,156 | ---- | M] () -- C:\Users\Fabio\Documents\cc_20111202_225358.reg [2011.11.28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.11.28 19:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.11.28 19:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.11.26 14:11:49 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2011.11.26 14:11:49 | 000,252,296 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2011.11.26 14:11:49 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2011.11.25 14:02:46 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.11 18:01:35 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.11 18:01:35 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.11 17:59:56 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2011.12.11 15:22:10 | 000,684,297 | ---- | C] () -- C:\Users\Fabio\Desktop\unhide.exe [2011.12.10 23:04:17 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.12.10 23:04:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011.12.10 22:51:21 | 000,001,288 | ---- | C] () -- C:\Users\Fabio\Desktop\Steam.lnk [2011.12.10 22:50:32 | 000,001,310 | ---- | C] () -- C:\Users\Fabio\Desktop\iTunes.lnk [2011.12.10 22:50:20 | 000,001,402 | ---- | C] () -- C:\Users\Fabio\Desktop\Mozilla Firefox.lnk [2011.12.10 22:50:07 | 000,001,476 | ---- | C] () -- C:\Users\Fabio\Desktop\Mozilla Thunderbird.lnk [2011.12.10 21:28:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.12.10 21:28:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.12.10 21:28:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.12.10 21:28:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.12.10 21:28:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.12.10 21:08:34 | 000,000,525 | ---- | C] () -- C:\unhide nonsystem files.lnk [2011.12.07 20:09:02 | 000,000,296 | ---- | C] () -- C:\ProgramData\~zHdbjIpb0JrA3x [2011.12.07 20:09:02 | 000,000,184 | ---- | C] () -- C:\ProgramData\~zHdbjIpb0JrA3xr [2011.12.07 20:08:56 | 000,000,456 | ---- | C] () -- C:\ProgramData\zHdbjIpb0JrA3x [2011.12.05 17:24:08 | 000,361,320 | ---- | C] () -- C:\Users\Fabio\Desktop\Rechnung.jpg [2011.12.05 17:24:08 | 000,349,800 | ---- | C] () -- C:\Users\Fabio\Desktop\Austauschbeleg.jpg [2011.12.04 02:03:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.02 22:53:59 | 000,010,156 | ---- | C] () -- C:\Users\Fabio\Documents\cc_20111202_225358.reg [2011.10.28 16:13:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.19 17:58:41 | 000,007,619 | ---- | C] () -- C:\Users\Fabio\AppData\Local\Resmon.ResmonCfg [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.25 13:33:20 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.07.19 13:17:40 | 000,151,892 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.04.26 19:28:16 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.26 19:28:13 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.04.26 19:28:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.04.26 11:44:43 | 000,004,608 | ---- | C] () -- C:\Users\Fabio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.19 22:03:09 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.30 16:05:39 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2011.01.30 16:05:39 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2011.01.30 16:05:39 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2011.01.30 16:05:24 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.01.30 16:05:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.01.16 11:49:32 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb [2010.12.27 19:21:48 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > Zu guter Letzt die Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 11.12.2011 15:38:37 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = J:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,06% Memory free
16,00 Gb Paging File | 14,12 Gb Available in Paging File | 88,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229,29 Gb Total Space | 36,70 Gb Free Space | 16,01% Space Free | Partition Type: NTFS
Drive D: | 229,64 Gb Total Space | 194,58 Gb Free Space | 84,73% Space Free | Partition Type: NTFS
Drive J: | 1,93 Gb Total Space | 1,74 Gb Free Space | 90,13% Space Free | Partition Type: FAT
Drive Z: | 298,02 Gb Total Space | 13,59 Gb Free Space | 4,56% Space Free | Partition Type: FAT32
Computer Name: FABIO-PC | User Name: Fabio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{3DA00A00-C3E9-4064-B62C-CAD25EAF0B6A}" = Nitro PDF Reader 2
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA54C4B1-98E3-AEFA-7254-C4038DC739AF}" = AMD Media Foundation Decoders
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DD8D87E5-C372-462F-B168-94612B1D9451}" = HTC Sync
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Afterburner" = MSI Afterburner 2.1.0
"American Conquest" = American Conquest
"AMP WinOFF" = AMP WinOFF 5.0.0
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.76
"ATITool" = ATITool Overclocking Utility
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"OpenAL" = OpenAL
"Origin" = Origin
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"Steam App 17500" = Zombie Panic Source
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 43110" = Metro 2033
"Steam App 44320" = DiRT 3
"Uninstall_is1" = Uninstall 1.0.0.1
"Verbatim GREEN BUTTON_is1" = Verbatim GREEN BUTTON 1.46
"VLC media player" = VLC media player 1.1.7
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.11.2011 16:26:03 | Computer Name = Fabio-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 754 Startzeit:
01cca88bae9e357c Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID:
073dee97-147f-11e1-b139-00252268eb09
Error - 30.11.2011 14:33:21 | Computer Name = Fabio-PC | Source = Application Hang | ID = 1002
Description = Programm Steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a30 Startzeit:
01ccaf8c0e593b4f Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID:
c66bd484-1b81-11e1-8a57-00252268eb09
Error - 02.12.2011 17:55:15 | Computer Name = Fabio-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "AODService" konnte nicht neu gestartet
werden.
Error - 02.12.2011 18:11:34 | Computer Name = Fabio-PC | Source = Application Hang | ID = 1002
Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 12bc Startzeit: 01ccb13cd3da2086 Endzeit: 0 Anwendungspfad: C:\Program
Files\CCleaner\CCleaner64.exe Berichts-ID: 91f85f63-1d32-11e1-a1c3-00252268eb09
Error - 07.12.2011 15:08:30 | Computer Name = Fabio-PC | Source = Application Hang | ID = 1002
Description = Programm CCleaner64.exe, Version 3.0.0.1303 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 2d4 Startzeit: 01ccb51382887acc Endzeit: 15 Anwendungspfad: C:\Program
Files\CCleaner\CCleaner64.exe Berichts-ID: d57bee5e-2106-11e1-82df-00252268eb09
Error - 10.12.2011 18:22:10 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Fabio\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 10.12.2011 18:22:14 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 10.12.2011 18:22:16 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Fabio\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 10.12.2011 22:03:25 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 11.12.2011 06:06:00 | Computer Name = Fabio-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 10.12.2011 20:23:45 | Computer Name = Fabio-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.12.2011 20:23:51 | Computer Name = Fabio-PC | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.12.2011 20:25:04 | Computer Name = Fabio-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 10.12.2011 20:25:05 | Computer Name = Fabio-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 11.12.2011 06:54:10 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.12.2011 06:55:04 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 11.12.2011 09:28:37 | Computer Name = Fabio-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 11.12.2011 10:30:36 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Audio Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 11.12.2011 10:32:31 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 11.12.2011 10:34:14 | Computer Name = Fabio-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
|
|
11.12.2011, 17:05
| #11 |
| /// Selecta Jahrusso | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Noch Probleme ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
11.12.2011, 18:20
| #12 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Konkrete Probleme fallen mir im Moment nicht auf. Heisst das etwa wir haben den Kampf gewonnen? Juhu  Ich bedanke mich ganz hezrlich bei dir für deine schnelle und vorallem ausführliche Hilfe, wirklich spitze  .Sollte ich vielleicht irgendwann wieder ein Problem mit Malware oder ähnlichem haben dann wird das Trojaner-Board meine erste Anlaufstelle sein. Nochmals Danke! |
|
11.12.2011, 20:25
| #13 |
| /// Selecta Jahrusso | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
13.12.2011, 22:33
| #14 |
| | Ordner/Dateien verschwinden, mehrere Trojaner gefunden Alle Fragen haben sich geklärt nochmals Danke für alles!  |
|
| Themen zu Ordner/Dateien verschwinden, mehrere Trojaner gefunden |
| antivir, audacity, avira, bho, black, bonjour, c:\windows\system32\rundll32.exe, call of duty, converter, decrypter, desktop, error, festplatte, firefox, flash player, format, google, google earth, grand theft auto, helper, install.exe, langs, logfile, mbamservice.exe, mozilla thunderbird, mp3, object, plug-in, problem, realtek, registry, scan, security, software, system, trojaner, trojaner gefunden, usb 3.0, vdeck.exe, version=1.0, webcheck, windows, windows professional, world at war |
Textbox.
Linear-Darstellung
