| |
| |||||||
Log-Analyse und Auswertung: Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht wegWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.12.2011, 00:40
| #1 |
 |  Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Moin liebes Team, ich hab vor 2 Tagen einen Link bei Facebook geöffnet, den ich von einem Freund bekam. Seit ich diesen angeklickt habe, bekomme ich im Minutentakt Trojanermeldungen von Antivir. "Malware gefunden" und dann heißt der Trojaner iwie Alureon TK 4 Ich habe Malwarebytes durchlaufen lassen vor ein paar Stunden. Gefunden wurde so einiges. Was ich dann gelöscht habe. Nach dem Neustarten des Pc, was auf anhieb nicht funktionierte, kam die Meldung aber sofort wieder. Habe grade den Eset Online Scanner laufen der hat auch schon was gefunden. Er ist grade bei 46% und hat 6 infizierte Dateien. Variante von WIN 32/kryptik XZM Trojaner 2 mal. Variante von MSIL/Injector.GQ Trojaner 4 mal. Ich habe OTL durchlaufen lassen mit folgendem Log: OTL logfile created on: 12/26/2011 11:41:28 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Daniel\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.61 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 56.65% Memory free 7.21 Gb Paging File | 5.31 Gb Available in Paging File | 73.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.95 Gb Total Space | 409.46 Gb Free Space | 90.20% Space Free | Partition Type: NTFS Drive D: | 11.71 Gb Total Space | 1.43 Gb Free Space | 12.24% Space Free | Partition Type: NTFS Computer Name: DANIEL-HP | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/12/15 14:59:39 | 000,490,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe PRC - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/12/15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/07/08 08:31:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe PRC - [2011/04/07 09:29:14 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/01/28 12:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2011/01/26 01:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010/11/15 15:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/07/14 02:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2011/09/26 10:58:00 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011/07/08 08:31:38 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/21 04:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/02/19 02:45:17 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/10/11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2011/12/25 11:52:16 | 000,039,936 | ---- | M] () [Auto | Stopped] -- C:\Windows\TEMP\aieolv\setup.exe -- (AMService) SRV - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS) SRV - [2011/04/07 09:29:14 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/01/28 12:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2011/01/26 01:40:22 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/12/15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/12/15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/12/15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/07/24 12:24:33 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011/07/08 16:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS) DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/19 03:27:29 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/02/19 02:03:52 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS) DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON) DRV:64bit: - [2010/12/24 08:32:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/29 11:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/04 14:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/11/04 14:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005/08/15 10:02:18 | 000,126,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P0620Vid.sys -- (P0620VID) DRV - [2011/09/09 18:44:05 | 001,152,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110909.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2011/08/22 23:17:32 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110917.033\IDSviA64.sys -- (IDSVia64) DRV - [2011/08/18 19:33:57 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110920.032\EX64.SYS -- (NAVEX15) DRV - [2011/08/18 19:33:57 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110920.032\ENG64.SYS -- (NAVENG) DRV - [2011/07/28 01:36:09 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/06/30 09:20:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/30 09:20:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/30 09:20:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/12/27 05:44:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3 [2011/12/27 05:44:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/07 18:15:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/26 12:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2011/09/23 20:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\2opf7tyq.default\extensions [2011/09/23 20:00:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\2opf7tyq.default\extensions\firefox@tvunetworks.com [2011/12/01 20:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011/11/13 12:07:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/09/15 15:44:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011/12/01 20:13:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/07/08 08:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/01/01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2010/01/01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/01/01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/01/01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: ICQ Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=chrome_ut&q={searchTerms}&icid=chrome CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Skype Click to Call = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\ CHR - Extension: ICQ Sparberater = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.668_0\ CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ Hosts file not found O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.) O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found O2 - BHO: (ICQ Sparberater) - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [PD0620 STISvc] C:\Windows\SysNative\P0620Pin.dll (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.182 195.50.140.248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E5FFC9F-ACA1-484E-9D0C-F39E7D2E782C}: DhcpNameServer = 195.50.140.182 195.50.140.248 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9d321413-e05d-11e0-bcf2-2c27d7254817}\Shell - "" = AutoRun O33 - MountPoints2\{9d321413-e05d-11e0-bcf2-2c27d7254817}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: BFE - Service SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MPSSvc - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/12/26 23:06:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2011/12/26 22:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/12/26 20:50:17 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ElevatedDiagnostics [2011/12/26 16:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar [2011/12/26 16:58:59 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011/12/26 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2011/12/26 16:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/26 16:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/26 16:45:29 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/26 16:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/25 23:10:47 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Tific [2011/12/25 23:10:43 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Symantec [2011/12/25 15:06:18 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Avira [2011/12/25 14:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011/12/25 14:00:28 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/12/25 14:00:28 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/12/25 14:00:28 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/12/25 14:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011/12/25 14:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011/12/25 11:41:07 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011/12/21 12:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader [2011/12/21 12:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader [2011/12/21 11:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2011/12/20 09:30:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/12/01 20:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2011/12/01 20:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011/12/01 20:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2007/08/13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Daniel\AppData\Local\CDRip.dll [2007/01/18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Daniel\AppData\Local\No23 Recorder.exe [2006/12/11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Daniel\AppData\Local\basscd.dll [2006/12/11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Daniel\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2011/12/26 23:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job [2011/12/26 23:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job [2011/12/26 23:45:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/12/26 23:06:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2011/12/26 22:56:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-927668359-3191819325-1266115741-1000UA.job [2011/12/26 22:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job [2011/12/26 22:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job [2011/12/26 22:20:21 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 22:20:21 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/26 22:15:59 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/26 22:15:59 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011/12/26 22:15:59 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/26 22:15:59 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011/12/26 22:15:59 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/26 22:11:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/12/26 22:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/26 22:11:06 | 2903,486,464 | -HS- | M] () -- C:\hiberfil.sys [2011/12/26 20:47:02 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job [2011/12/26 20:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job [2011/12/26 17:55:26 | 001,733,584 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB [2011/12/26 17:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job [2011/12/26 17:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job [2011/12/26 16:58:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2011/12/26 16:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job [2011/12/26 16:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job [2011/12/26 12:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job [2011/12/26 12:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job [2011/12/26 02:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job [2011/12/26 02:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job [2011/12/26 01:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job [2011/12/26 01:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job [2011/12/26 00:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job [2011/12/26 00:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job [2011/12/25 23:10:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job [2011/12/25 23:10:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job [2011/12/25 15:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job [2011/12/25 15:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job [2011/12/25 14:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job [2011/12/25 14:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job [2011/12/25 13:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job [2011/12/25 13:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job [2011/12/25 11:52:58 | 000,000,000 | ---- | M] () -- C:\ProgramData\Jld30852f.dat [2011/12/24 19:45:36 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2011/12/24 18:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-927668359-3191819325-1266115741-1000Core.job [2011/12/15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011/12/15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011/12/15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011/12/14 10:19:42 | 000,276,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011/12/25 11:52:58 | 000,000,000 | ---- | C] () -- C:\ProgramData\Jld30852f.dat [2011/12/25 11:52:57 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job [2011/12/25 11:52:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job [2011/12/25 11:52:56 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job [2011/12/25 11:52:55 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job [2011/12/25 11:52:54 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job [2011/12/25 11:52:53 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job [2011/12/25 11:52:53 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job [2011/12/25 11:52:52 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job [2011/12/25 11:52:51 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job [2011/12/25 11:52:50 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job [2011/12/25 11:52:49 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job [2011/12/25 11:52:48 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job [2011/12/25 11:52:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job [2011/12/25 11:52:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job [2011/12/25 11:52:46 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job [2011/12/25 11:52:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job [2011/12/25 11:52:45 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job [2011/12/25 11:52:45 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job [2011/12/25 11:52:44 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job [2011/12/25 11:52:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job [2011/12/25 11:52:43 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job [2011/12/25 11:52:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job [2011/12/25 11:52:41 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job [2011/12/25 11:52:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job [2011/12/25 11:52:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job [2011/12/25 11:52:40 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job [2011/12/25 11:52:39 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job [2011/12/25 11:52:38 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job [2011/12/25 11:52:38 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job [2011/12/25 11:52:37 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job [2011/12/25 11:52:36 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job [2011/12/25 11:52:35 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job [2011/12/25 11:52:35 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job [2011/12/25 11:52:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job [2011/12/25 11:52:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job [2011/12/25 11:52:33 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job [2011/12/25 11:52:32 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job [2011/12/25 11:52:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job [2011/12/25 11:52:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job [2011/12/25 11:52:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job [2011/12/25 11:52:29 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job [2011/12/25 11:52:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job [2011/12/25 11:52:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job [2011/12/25 11:52:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job [2011/12/25 11:52:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job [2011/12/25 11:52:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job [2011/12/25 11:52:26 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job [2011/12/25 11:52:25 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job [2011/07/23 15:18:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/06/30 09:08:12 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/06/30 08:45:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/06/30 08:39:19 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/03/04 05:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/11 18:15:43 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/14 00:27:10 | 000,427,008 | ---- | C] () -- C:\Windows\regedit.exe [2009/07/13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007/08/13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Daniel\AppData\Local\lame_enc.dll [2006/10/26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\vorbisenc.dll [2006/10/26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Daniel\AppData\Local\vorbisfile.dll [2006/10/26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Daniel\AppData\Local\vorbis.dll [2006/10/26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Daniel\AppData\Local\ogg.dll [2005/08/23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Daniel\AppData\Local\no23xwrapper.dll ========== LOP Check ========== [2011/12/26 22:14:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ [2011/07/27 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\kikin [2011/12/25 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tific [2011/12/26 00:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At1.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At10.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At11.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At12.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At13.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At14.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At15.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At16.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At17.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At18.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At19.job [2011/12/26 00:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At2.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At20.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At21.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At22.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At23.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At24.job [2011/12/26 12:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At25.job [2011/12/26 12:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At26.job [2011/12/25 13:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At27.job [2011/12/25 13:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At28.job [2011/12/25 14:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At29.job [2011/12/26 01:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At3.job [2011/12/25 14:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At30.job [2011/12/25 15:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At31.job [2011/12/25 15:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At32.job [2011/12/26 16:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At33.job [2011/12/26 16:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At34.job [2011/12/26 17:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At35.job [2011/12/26 17:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At36.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At37.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At38.job [2011/12/25 23:10:21 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At39.job [2011/12/26 01:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At4.job [2011/12/25 23:10:21 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At40.job [2011/12/26 20:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At41.job [2011/12/26 20:47:02 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At42.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At43.job [2011/12/25 23:10:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At44.job [2011/12/26 22:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At45.job [2011/12/26 22:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At46.job [2011/12/26 23:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At47.job [2011/12/26 23:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At48.job [2011/12/26 02:47:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At5.job [2011/12/26 02:47:00 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At6.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At7.job [2011/12/25 23:10:22 | 000,000,352 | ---- | M] () -- C:\Windows\Tasks\At8.job [2011/12/25 23:10:22 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\At9.job [2011/12/24 19:45:36 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job [2011/11/12 20:38:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/07/23 15:30:22 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Adobe [2011/08/07 18:17:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Apple Computer [2011/07/23 15:27:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ATI [2011/12/25 15:06:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Avira [2011/10/19 12:32:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Google [2011/07/23 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Hewlett-Packard [2011/07/24 15:48:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\HpUpdate [2011/12/26 22:14:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ [2011/07/23 15:25:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Identities [2011/07/27 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\kikin [2011/06/30 09:18:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Macromedia [2011/12/26 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2010/11/21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Center Programs [2011/12/25 14:40:26 | 000,000,000 | --SD | M] -- C:\Users\Daniel\AppData\Roaming\Microsoft [2011/07/26 12:56:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla [2011/12/26 22:44:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Skype [2011/12/25 23:10:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tific < %APPDATA%\*.exe /s > [2011/07/27 18:41:08 | 000,752,688 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\kikin\kikin_updater_2.4.15.exe [2011/07/27 22:08:09 | 001,166,568 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\kikin\kikin_updater_2.9.1.exe [2011/06/30 09:18:43 | 000,038,784 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/10/13 17:26:46 | 000,003,262 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe [2011/10/13 17:26:46 | 000,010,134 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\system64\netlogon.dll [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\system64\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll [2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\system64] -> \systemroot\system32 -> Mount Point ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp  1B5B4F1< End of report > Vielleicht könnt ihr mir ja helfen, ich habe nicht so wirklich Ahnung von Pc's  |
|
27.12.2011, 07:11
| #2 | ||
| /// Helfer-Team    | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
(alle vorhandenen Protokolle!)
Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
27.12.2011, 11:44
| #3 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Hey, danke für die schnelle Antwort!
__________________Hier Malwarebytes: : Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122603
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
26.12.2011 18:11:02
mbam-log-2011-12-26 (18-11-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 294106
Laufzeit: 1 Stunde(n), 23 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 13
Infizierte Speicherprozesse:
c:\Users\Daniel\m-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> 3276 -> Unloaded process successfully.
Infizierte Speichermodule:
c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\apple computer\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Manager (Trojan.MSIL) -> Value: Microsoft® Windows Manager -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Users\Daniel\m-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\Daniel\m-1-25-5432-6437-5685\winmgr.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\apple computer\sp.DLL (TrojanProxy.Agent) -> Quarantined and deleted successfully.
c:\$RECYCLE.BIN\s-1-5-21-927668359-3191819325-1266115741-1000\$RXA1MXW.scr (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\Google\Chrome\user data\Default\Cache\f_006f23 (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\MW2KSUR8\b[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\QAY4YDMW\fa[1].exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\Temp\51948.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\Temp\8537977.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
g:\6497125\Contacts.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
g:\6497125\calendars.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Local\Temp\2248985.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\System32\regedit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
27.12.2011, 11:47
| #4 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Und hier das von CCleaner : Code:
ATTFilter Adobe AIR Adobe Systems Inc. 29.06.2011 1.5.3.9130
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 25.09.2011 6,00MB 10.3.183.10
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 22.10.2011 6,00MB 11.0.1.152
Adobe Shockwave Player 11.6 Adobe Systems, Inc. 18.10.2011 11.6.1.629
Apple Application Support Apple Inc. 06.08.2011 51,0MB 1.5.2
Apple Mobile Device Support Apple Inc. 06.08.2011 22,7MB 3.4.1.2
Apple Software Update Apple Inc. 06.08.2011 2,38MB 2.1.3.127
Ask Toolbar Ask.com 30.11.2011 3,28MB 1.13.1.0
ATI Catalyst Install Manager ATI Technologies, Inc. 29.06.2011 22,4MB 3.0.816.0
Avira Free Antivirus Avira 24.12.2011 108,9MB 12.0.0.872
Bing Bar Microsoft Corporation 29.06.2011 6.0.2282.0
Bonjour Apple Inc. 06.08.2011 1,54MB 3.0.0.2
CCleaner Piriform 26.12.2011 3.14
Compaq Setup Manager Hewlett-Packard Company 29.06.2011 8,83MB 1.1.13253.3682
Creative WebCam Instant Driver (2.00.04.0825) 15.11.2011
ESET Online Scanner v3 25.12.2011
Google Chrome Google Inc. 22.07.2011 16.0.912.63
Google Toolbar for Internet Explorer Google Inc. 20.12.2011 7.2.2318.1946
HP Games WildTangent 29.06.2011 1.0.2.4
HP Odometer Hewlett-Packard 29.06.2011 48,00KB 2.10.0000
HP Setup Hewlett-Packard Company 29.06.2011 8.6.4530.3651
HP Support Assistant Hewlett-Packard Company 29.06.2011 57,4MB 5.2.9.2
HP Support Information Hewlett-Packard 29.06.2011 0,15MB 10.1.1000
HP Update Hewlett-Packard 29.06.2011 2,97MB 5.002.003.003
HP Vision Hardware Diagnostics Hewlett-Packard 29.06.2011 11,6MB 2.5.0.0
ICQ Sparberater solute gmbh 24.07.2011 0,18MB 1.0.601
ICQ Toolbar ICQ 24.07.2011 3.0.0
ICQ7.5 ICQ 24.07.2011 7.5
iTunes Apple Inc. 06.08.2011 142,8MB 10.4.0.80
Java(TM) 6 Update 29 Sun Microsystems, Inc. 14.09.2011 94,5MB 6.0.290
kikin Plugin (NO23 Edition) 1.11 kikin 25.07.2011 1.11
LabelPrint CyberLink Corp. 29.06.2011 229MB 2.5.3609
Magic Desktop EasyBits Software AS 29.06.2011 107,4MB 3.0
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 26.12.2011 13,8MB 1.51.2.1300
McAfee Security Scan Plus McAfee, Inc. 02.10.2011 8,30MB 2.0.181.2
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 10.02.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 10.02.2011 52,0MB 4.0.30319
Microsoft Office 2010 Microsoft Corporation 29.06.2011 6,41MB 14.0.4763.1000
Microsoft Silverlight Microsoft Corporation 29.06.2011 20,4MB 4.0.50401.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 29.06.2011 1,70MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.02.2011 0,42MB 8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10.02.2011 1,48MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.02.2011 0,77MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 29.06.2011 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.02.2011 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 29.06.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 29.06.2011 13,7MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 24.12.2011 11,1MB 10.0.40219
Mozilla Firefox 5.0.1 (x86 de) Mozilla 25.07.2011 31,2MB 5.0.1
No23 Recorder No23 25.07.2011 2,45MB 2.1.0.3
Norton Internet Security Symantec Corporation 22.07.2011 18.6.0.29
PDF Complete Special Edition PDF Complete, Inc 29.06.2011 4.0.35
PlayReady PC Runtime amd64 Microsoft Corporation 29.06.2011 2,06MB 1.3.0
PokerStars PokerStars 10.08.2011
PokerStars.net PokerStars.net 10.08.2011
Power2Go CyberLink Corp. 29.06.2011 169,7MB 6.1.4817
QuickTime Apple Inc. 06.08.2011 73,7MB 7.69.80.9
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.06.2011 6.0.1.6321
Registry Mechanic 10.0 PC Tools 18.10.2011 39,3MB 10.0
Skype Click to Call Skype Technologies S.A. 12.11.2011 14,5MB 5.7.8524
Skype™ 5.5 Skype Technologies S.A. 12.11.2011 17,0MB 5.5.124
Veetle TV Veetle, Inc 06.08.2011 0.9.18
Web Security Guard with Crawler Toolbar Crawler, LLC 25.12.2011
Windows Live Essentials Microsoft Corporation 30.06.2011 15.4.3508.1109
Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 29.06.2011 5,58MB 15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 29.06.2011 5,57MB 15.4.5722.2
YouTube Downloader 3.4 BienneSoft 20.12.2011
Zinio Reader 4 Zinio LLC 29.06.2011 4.0.3184
|
|
27.12.2011, 11:49
| #5 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Falls es dir hilft ich hab gestern schon den Eset-Online-Scanner laufen lassen. : Code:
ATTFilter C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H9EDHW5\fa[1].exe Variante von MSIL/Injector.QO Trojaner
C:\Users\Daniel\AppData\Local\Temp\3616445.exe Variante von MSIL/Injector.QO Trojaner
C:\Users\Daniel\AppData\Local\Temp\3703775.exe Variante von MSIL/Injector.QO Trojaner
C:\Users\Daniel\AppData\Local\Temp\5748074.exe Variante von MSIL/Injector.QO Trojaner
C:\Users\Daniel\AppData\Local\Temp\msimg32.dll Variante von Win32/Kryptik.XZM Trojaner
C:\Windows\assembly\temp\U\80000032.@ möglicherweise Variante von Win32/Olmarik.AVQ Trojaner
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\main[1].htm JS/Kryptik.EY.Gen Trojaner
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\main[1].htm JS/Kryptik.EY.Gen Trojaner
C:\Windows\Temp\aieolv\setup.exe Variante von Win32/Kryptik.XYR Trojaner
Arbeitsspeicher Variante von Win32/Sirefef.DN Trojaner
|
|
27.12.2011, 11:56
| #6 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Bin jetzt auch im abgesicherten Modus. Ich konnte heute einmal ganz normal hochladen, doch danach kam nur noch schwarzer Bildschirm oder der Pc startete ein paar mal neu, aber ohne Ergebnis! |
|
27.12.2011, 12:43
| #7 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Habe Malwarebytes eben nochmal im abgesicherten Modus laufen lassen, hier das Protokoll Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 911122701
Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514
27.12.2011 12:41:44
mbam-log-2011-12-27 (12-41-44).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 293902
Laufzeit: 26 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
|
|
27.12.2011, 15:32
| #8 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Jedoch funktioniert das normale Hochfahren jetzt gar nicht mehr. Da steht noch Windows wird gestartet, der Bildschirm wird dann aber schwarz und bleibt auch so! |
|
27.12.2011, 22:06
| #9 |
| | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg Das ist noch vom Eset-Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aef1f66b07e20c4ca6ce7ed765a0807e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 12:33:14
# local_time=2011-12-27 01:33:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 120726 120726 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 79 0 28827958 0 0
# compatibility_mode=5893 16776574 66 94 0 76565002 0 0
# compatibility_mode=8192 67108863 100 0 3772 3772 0 0
# scanned=144951
# found=10
# cleaned=0
# scan_time=10843
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6H9EDHW5\fa[1].exe Variante von MSIL/Injector.QO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Daniel\AppData\Local\Temp\3616445.exe Variante von MSIL/Injector.QO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Daniel\AppData\Local\Temp\3703775.exe Variante von MSIL/Injector.QO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Daniel\AppData\Local\Temp\5748074.exe Variante von MSIL/Injector.QO Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Users\Daniel\AppData\Local\Temp\msimg32.dll Variante von Win32/Kryptik.XZM Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Windows\assembly\temp\U\80000032.@ möglicherweise Variante von Win32/Olmarik.AVQ Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\main[1].htm JS/Kryptik.EY.Gen Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\main[1].htm JS/Kryptik.EY.Gen Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
C:\Windows\Temp\aieolv\setup.exe Variante von Win32/Kryptik.XYR Trojaner (Säubern nicht möglich) 00000000000000000000000000000000 I
${Memory} Variante von Win32/Sirefef.DN Trojaner 00000000000000000000000000000000 I
|
|
29.12.2011, 00:16
| #10 | |||
| /// Helfer-Team | Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Zitat:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software : -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software ► AV Deinstallations Hinweise also Entscheide Dich für NUR einen Virenscanner und benutze diesen regelmäßig! 2. Wenn nicht bewusst installiert hast bzw nicht benötigst, kannst deinstallieren (unter Software): Code:
ATTFilter Bing Bar -> Bing Bar aus Firefox und Internet Explorer entfernen  Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...- meiste Toolbars bzw Browserhelper wollen sich doch nur wichtig machen 3. Code:
ATTFilter kikin plugin
4. Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere: Code:
ATTFilter McAfee Security Scan Plus
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. 5. deinstalliere falls unter `Systemsteuerung -->Software -->Ändern/Entfernen...` existieren: Code:
ATTFilter Adware -Toolbars: Ask Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 6. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Habe seit 2 Tagen Trojaner-Meldungen von Antivir, bekomme die Trojaner nicht weg |
| 4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivir, autorun, avira, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, firefox, format, helper, home, infizierte, intrusion prevention, logfile, malware, malware gefunden, mozilla, nvstor.sys, object, plug-in, realtek, registry, rundll, scan, security, security scan, services.exe, software, spyware, symantec, version=1.0, webcheck, wildtangent games, windows, wrapper |
Linear-Darstellung
