| |
| |||||||
Log-Analyse und Auswertung: Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.01.2012, 18:11
| #1 |
 |  Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? Liebe Leute, auf meinem Laptop (Acer Aspire 5610Z), Betreibssystem VISTA, haben sich vor einigen Tagen schädliche Objekte eingeschlichen; anfangs meldete mir der WindowsDefender: Backdoor:/win32/cybot.B und TR/Rootkit.Gen2. Beim Versuch ins Internet zu gehen, meldete Firefox eine fehlerhafte Verbindung zum Proxy-Server (was allerdings seit Häkchen-Umsetzen in den FF-Einstellungen nicht mehr der Fall ist). Ich machte mit (meiner üblichen) antivirus-Software "Avira Antivir" einen Scan und dieser befand zwei "bedrohliche Dateien". Trotz "Delete"-click erschien beim nächsten Computer-Start die Meldung vom WindowsDefender über den Backdoor erneut. Ich ließ diverse Programme durchlaufen, u.a. Malwarebytes, welches 10 Objekte fand und löschte / in Quarantäne steckte (Logfile kann ich bei Bedarf gerne noch nachschicken). Ein weiterer Scan Spybot zeigte auch den Backdoor und "löschte" ihn. Alle anschließenden Scans mit CCleaner, AviraAntivir und Malwarebytes ergaben keinen Fund von Schädlingen... auch schien auf dem Laptop alles wie gehabt zu funktionieren, nicht weniger schnell als sonst. Doch ein Durchlauf mit Uniblue Registry Booster ergab noch 649 Fehler in System und Benutzerkonten; Und besonders merkwürdig und störend war der plötzlich schwindende Speicherplatz auf der System-Platte. Nur noch 2GB von 70,4GB wurden als frei angezeigt, stets schwankend bis zu 500MB runter. Auf der Daten-Partition war alles wie gehabt. Also habe ich alle meine Daten gesichert und mich schonmal (psychisch  ) auf eine Neuinstallation eingestellt, doch seit vorhin scheint wieder alles ganz normal, der freie Speicherplatz auf der C-Platte hat wieder die alte Größe.Sicherheitshalber hätte ich gerne einen kompetenten Blick von jemandem darauf, der Ahnung hat vom Innenleben eines PCs. Deshalb wende ich mich an euch, mit den soeben gemachten Logfiles (im Anhang). Herzlichen Dank schonmal im Voraus, Lillix defogger_disable-Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 16:04 on 04/01/2012 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... SPTD -> Disabled -=E.O.F=- OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2012 16:09:51 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = D:\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,82% Memory free 4,22 Gb Paging File | 3,36 Gb Available in Paging File | 79,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 70,77 Gb Total Space | 27,45 Gb Free Space | 38,78% Space Free | Partition Type: NTFS Drive D: | 70,47 Gb Total Space | 27,10 Gb Free Space | 38,46% Space Free | Partition Type: NTFS Computer Name: A***-PC | User Name: A*** R*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.03 23:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe PRC - [2011.11.07 09:26:14 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.04 11:31:43 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\AURLIE~1\AppData\Local\Temp\RtkBtMnt.exe PRC - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.01.02 18:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe PRC - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2006.12.01 06:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (No Company Name) ========== MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.01.02 18:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService) SRV - [2010.02.27 17:58:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.02 18:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.02 16:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.01.02 09:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2006.12.28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2006.12.28 17:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.22 14:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.01.04 21:47:30 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2006.12.20 06:50:00 | 004,448,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.12.07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 08:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2006.10.30 02:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 07:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2006.10.25 07:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR) DRV - [2006.10.25 07:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2006.10.18 15:44:30 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006.08.04 10:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65050 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.freitag.de/kultur" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 65050 FF - prefs.js..network.proxy.type: 4 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.30 20:43:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.02 13:31:47 | 000,000,000 | ---D | M] [2008.09.02 07:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Extensions [2012.01.01 16:27:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions [2008.06.24 21:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A*** R***\AppData\Roaming\mozilla\Firefox\Profiles\83r1d5sg.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.10 05:30:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 07:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.29 19:03:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.06.11 05:34:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\AURéLIE RüTHLING\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\83R1D5SG.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2009.09.03 23:29:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.12.30 20:43:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 07:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2011.12.30 20:43:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.30 20:43:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.30 20:43:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.08 19:35:23 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2011.12.30 20:43:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.30 20:43:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.30 20:43:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.28 10:43:02 | 000,380,280 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13103 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SetPanel] File not found O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [捁牥吠畯r] File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2847AA76-DC08-4D4F-8368-D05B33C98177}: DhcpNameServer = 83.169.184.33 83.169.184.97 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68E9DEC-C597-412F-9254-F7F9BAFC28F8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\A*** R***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\A*** R***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{0ecf6315-df9c-11df-967f-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{2f57391c-c5b6-11dc-aee3-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{c1db14e7-dd94-11de-a782-0016d4ca79a7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell - "" = AutoRun O33 - MountPoints2\{de056e71-23b3-11df-89c3-0016d4ca79a7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.03 23:54:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.01.01 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\Malwarebytes [2012.01.01 13:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.01 13:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.01 13:47:35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.01.01 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.01 13:46:01 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.60.0.1800.exe [2012.01.01 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\Uniblue [2012.01.01 13:30:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2012.01.01 13:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012.01.01 13:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2012.01.01 13:30:48 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx [2012.01.01 13:30:15 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Local\PackageAware [2011.12.30 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.12.30 23:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.12.30 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\8B45B [2011.12.30 14:44:23 | 000,000,000 | ---D | C] -- C:\Users\A*** R***\AppData\Roaming\A008B [2011.12.15 10:46:47 | 000,000,000 | ---D | C] -- D:\Desktop\wurst [2007.09.04 11:34:20 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.01.19 11:56:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.04 16:07:19 | 000,013,542 | ---- | M] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.001 [2012.01.04 16:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 16:07:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.04 16:07:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012.01.04 16:06:59 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.04 16:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.04 16:04:32 | 000,000,020 | ---- | M] () -- C:\Users\A*** R***\defogger_reenable [2012.01.04 00:04:32 | 000,302,592 | ---- | M] () -- D:\Desktop\5wzco674.exe [2012.01.03 23:54:55 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.01.03 23:52:52 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe [2012.01.03 21:08:13 | 000,013,542 | ---- | M] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.dat [2012.01.02 01:18:23 | 000,096,932 | ---- | M] () -- D:\Documents\cc_20120102_011802.reg [2012.01.01 13:47:39 | 000,000,928 | ---- | M] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.01 13:46:30 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- D:\Desktop\mbam-setup-1.60.0.1800.exe [2011.12.30 21:08:10 | 000,638,418 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.30 21:08:10 | 000,604,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.30 21:08:10 | 000,107,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.30 21:08:09 | 000,131,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.18 02:51:36 | 000,047,018 | ---- | M] () -- D:\Desktop\opu.mmp [2011.12.17 16:51:49 | 000,010,240 | ---- | M] () -- C:\Users\A*** R***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.16 14:53:11 | 002,378,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.13 13:23:15 | 000,048,784 | ---- | M] () -- D:\Desktop\stundenplan themen.pdf [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.04 16:04:13 | 000,000,020 | ---- | C] () -- C:\Users\A*** R***\defogger_reenable [2012.01.04 00:04:27 | 000,302,592 | ---- | C] () -- D:\Desktop\5wzco674.exe [2012.01.03 23:52:49 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe [2012.01.03 20:56:47 | 000,000,928 | ---- | C] () -- D:\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.02 01:18:06 | 000,096,932 | ---- | C] () -- D:\Documents\cc_20120102_011802.reg [2012.01.01 13:31:12 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.12.13 13:23:11 | 000,048,784 | ---- | C] () -- D:\Desktop\stundenplan themen.pdf [2011.07.18 12:58:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.02.28 17:45:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.09.24 18:33:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 18:33:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.27 22:28:25 | 000,000,680 | ---- | C] () -- C:\Users\A*** R***\AppData\Local\d3d9caps.dat [2008.10.24 23:23:07 | 000,024,064 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\UserTile.png [2008.08.14 21:08:18 | 000,000,000 | ---- | C] () -- C:\Windows\DMM.INI [2008.07.24 23:32:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.05.16 19:36:53 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.03.31 16:15:59 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2008.02.05 19:26:18 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv [2008.02.05 19:26:17 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll [2007.09.10 14:22:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.09.10 14:22:43 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.09.10 14:22:43 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.09.10 14:22:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.09.07 16:42:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.07 14:08:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.09.05 21:34:09 | 000,010,240 | ---- | C] () -- C:\Users\A*** R***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.04 17:47:37 | 000,013,542 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.001 [2007.09.04 12:26:59 | 000,013,542 | ---- | C] () -- C:\Users\A*** R***\AppData\Roaming\nvModes.dat [2007.09.04 11:34:20 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.09.04 11:30:31 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini [2007.03.08 08:31:30 | 000,000,101 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.03.08 08:24:19 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\Desktop_.ini [2007.03.08 01:13:47 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2007.01.19 21:01:56 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.01.19 19:03:19 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.01.19 12:11:31 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll [2007.01.19 12:04:40 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.01.19 12:04:40 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.01.19 12:03:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.01.19 11:56:42 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.01.19 11:46:19 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2007.01.19 11:39:34 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.01.02 18:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.01.02 18:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.01.02 18:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.01.02 18:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MsnChatHook_org.dll [2007.01.02 18:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.01.02 18:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.01.02 18:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 16:33:31 | 000,638,418 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,332 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 002,378,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,280 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,958 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\8B45B [2012.01.01 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\A008B [2011.03.28 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Amazon [2008.01.03 00:02:58 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Anvil Studio [2010.02.27 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\DAEMON Tools Lite [2011.03.09 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.02.06 10:51:23 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\gtk-2.0 [2011.07.12 14:05:36 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Gutscheinmieze [2009.01.21 22:57:54 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Propellerhead Software [2008.05.16 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Steinberg [2012.01.01 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\A*** R***\AppData\Roaming\Uniblue [2012.01.04 16:07:02 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2012.01.04 16:05:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von lillix (04.01.2012 um 18:26 Uhr) |
| Themen zu Kürzlich angezeigter Backdoor:/win32/cybot.B und Rootkit noch im System? |
| 0x00000001, acer aspire, autorun, avira, backdoor, bho, bonjour, error, explorer, firefox, format, home, hook, internet, logfile, nvidia, plug-in, popup, port, programme, proxy-server, realtek, registry, registry booster, rootkit, safer networking, scan, speicherplatz, system, temp, trojaner, vista |
Baum-Darstellung