|
Log-Analyse und Auswertung: Trojaner gefunden (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.03.2012, 17:49 | #16 |
| Trojaner gefunden (Windows 7) CC Cleaner Log Scan Code:
ATTFilter Logfile vom Scan via 7-Zip 9.20 08.03.2012 Adobe AIR Adobe Systems Inc. 01.03.2012 2.5.1.17730 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 01.03.2012 6,00MB 10.1.53.64 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 08.03.2012 6,00MB 11.1.102.63 Adobe Reader 9.5.0 - Deutsch Adobe Systems Incorporated 30.01.2012 118,3MB 9.5.0 Adobe Shockwave Player 11.5 Adobe Systems, Inc. 01.03.2012 11.5.9.620 Apple Application Support Apple Inc. 08.03.2012 61,0MB 2.1.7 Apple Mobile Device Support Apple Inc. 08.03.2012 24,2MB 5.1.1.4 Apple Software Update Apple Inc. 17.07.2011 2,38MB 2.1.3.127 BeCyPDFMetaEdit Benjamin Bentmann 01.03.2012 2.37.0 Bonjour Apple Inc. 19.10.2011 1,02MB 3.0.0.10 Boot Camp-Dienste Apple Inc. 30.08.2011 193,9MB 3.3.2921 CCleaner Piriform 10.03.2012 3.16 DivX-Setup DivX, Inc. 01.03.2012 1.0.2.23 DoremiSoft AVI to MP4 Converter 1.0 DoremiSoft, Inc. 01.03.2012 1.0 Driver Detective PC Drivers HeadQuarters 17.07.2010 9,95MB 8.0.1 DriverAgent by eSupport.com 01.03.2012 EA Download Manager UI Electronic Arts 01.03.2012 6.0.4.10 ESET Online Scanner v3 04.03.2012 EventGhost 0.3.7.r1462 EventGhost Project 25.06.2010 0.3.7.r1462 EVEREST Home Edition v2.20 Lavalys Inc 01.03.2012 2.20 Facebook Video Calling 1.1.1.1 Skype Limited 21.02.2012 3,93MB 1.1.1 Fraps 01.03.2012 Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 21.07.2010 8,08MB Free Audio Converter version 2.2.9 DVDVideoSoft Limited. 21.11.2010 25,6MB Free YouTube Download 2.10 DVDVideoSoft Limited. 21.11.2010 26,1MB Free YouTube to MP3 Converter version 3.7 DVDVideoSoft Limited. 21.07.2010 32,0MB G Data InternetSecurity 2011 G Data Software AG 28.01.2011 69,7MB 21.0.0.0 Game Booster IObit 16.07.2010 3,18MB 1.5.0.96 Garmin Training Center Garmin Ltd or its subsidiaries 30.06.2010 43,6MB 3.4.5 Garmin USB Drivers Garmin Ltd or its subsidiaries 30.06.2010 0,12MB 2.3.0.0 GMATPrep(TM) Graduate Management Admission Council ® 02.10.2011 2.3.601.409 Google Earth Google 24.11.2011 92,7MB 6.1.0.5001 iCloud Apple Inc. 08.03.2012 24,3MB 1.1.0.40 ICQ 7.2 Build #3129 Banner Remover 1.0 murb.com 16.07.2010 1,02MB ICQ7.2 ICQ 16.12.2010 7.2 Intel(R) Programm für Prozessor-IDs Intel Corporation 16.07.2010 3,97MB 4.22.0000 iTunes Apple Inc. 08.03.2012 157,4MB 10.6.0.40 Java(TM) 6 Update 27 Oracle 19.09.2011 95,0MB 6.0.270 Logitech SetPoint 6.32 Logitech 01.03.2012 39,1MB 6.32.20 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 01.03.2012 17,3MB 1.60.1.1000 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.03.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.03.2012 2,94MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Standard 2007 Microsoft Corporation 07.03.2012 12.0.6612.1000 Microsoft Project Professional 2010 Microsoft Corporation 01.03.2012 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 15.02.2012 40,5MB 4.1.10111.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.08.2010 0,20MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 04.05.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.08.2010 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.11.2011 15,0MB 10.0.40219 MobileMe Control Panel Apple Inc. 26.10.2011 12,9MB 3.1.8.0 Mozilla Firefox 10.0.2 (x86 de) Mozilla 01.03.2012 43,0MB 10.0.2 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.06.2010 35,00KB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 20.06.2010 1,33MB 4.20.9876.0 MyTomTom 3.1.0.530 TomTom 01.03.2012 3.1.0.530 NVIDIA 3D Vision Treiber 285.62 NVIDIA Corporation 11.11.2011 285.62 NVIDIA Display Control Panel NVIDIA Corporation 01.03.2012 6.14.12.5721 NVIDIA Drivers NVIDIA Corporation 01.03.2012 67,5MB 1.10.61.39 NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 11.11.2011 285.62 NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 11.11.2011 9.11.0621 NVIDIA Update 1.5.20 NVIDIA Corporation 11.11.2011 1.5.20 Octoshape add-in for Adobe Flash Player 07.08.2010 Octoshape Streaming Services 18.08.2010 Oracle IRM Desktop Oracle Corporation 04.03.2012 23,2MB 11.1.54.2 PASW Statistics 18 SPSS Inc. 03.12.2010 600MB 18.0.0 PDFCreator Frank Heindörfer, Philip Chinery 06.03.2012 1.2.3 pdfsam 19.09.2011 2.2.1 Pharos 01.03.2012 PunkBuster for Joint Operations: Typhoon Rising 01.03.2012 1.00.0000 PunkBuster Services Even Balance, Inc. 01.03.2012 0.988 QuickTime Apple Inc. 26.10.2011 73,3MB 7.71.80.42 RealPlayer RealNetworks 01.03.2012 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.08.2010 6.0.1.5936 Safari Apple Inc. 14.12.2011 43,3MB 5.34.52.7 Samsung Drive Manager Clarus 05.01.2012 1.0.140 SAMSUNG Mobile Composite Device Software 01.03.2012 SAMSUNG Mobile Modem Driver Set 01.03.2012 Samsung Mobile phone USB driver Drive Software 01.03.2012 SAMSUNG Mobile USB Modem 1.0 Software 01.03.2012 SAMSUNG Mobile USB Modem Software 01.03.2012 Samsung PC Studio 3 Samsung Electronics Co., Ltd. 19.06.2010 3.2.2.80601 Shape Collage Shape Collage Inc. 01.03.2012 SharpKeys RandyRants.com 02.09.2010 88,00KB 2.1.1000 Skype Click to Call Skype Technologies S.A. 03.03.2012 14,4MB 5.9.9216 Skype™ 5.8 Skype Technologies S.A. 05.03.2012 19,0MB 5.8.158 SpeedFan (remove only) 01.03.2012 Steam Valve Corporation 11.11.2011 35,5MB 1.0.0.0 System Requirements Lab 01.03.2012 TeamSpeak 3 Client TeamSpeak Systems GmbH 01.03.2012 The Elder Scrolls V: Skyrim Bethesda Game Studios 01.03.2012 Trojan Remover 6.8.3 Simply Super Software 01.03.2012 16,3MB 6.8.3 Veetle TV 0.9.18 Veetle, Inc 01.03.2012 0.9.18 Visual Studio C++ 10.0 Runtime TomTom International B.V. 28.01.2012 8,00KB 10.0.0 VLC media player 1.1.4 VideoLAN 01.03.2012 1.1.4 Winamp Nullsoft, Inc 01.03.2012 5.621 Winamp Erkennungs-Plug-in Nullsoft, Inc 15.09.2011 75,00KB 1.0.0.1 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 01.03.2012 06/03/2009 2.3.0.0 Windows Media Player Firefox Plugin Microsoft Corp 15.06.2010 0,29MB 1.0.0.8 Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) Apple Inc. 01.03.2012 01/11/2008 3.4.3.18 Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) Apple Inc. 01.03.2012 02/01/2008 3.8.3.10 Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Apple Inc. 01.03.2012 06/27/2007 2.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1) Apple Inc. 01.03.2012 04/27/2011 4.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) Apple Inc. 01.03.2012 11/23/2009 3.1.0.1 Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Apple Inc. 01.03.2012 10/25/2007 2.0.1.0 Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) Apple Inc. 01.03.2012 01/23/2009 3.0.0.0 Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) Apple Inc. 01.03.2012 02/21/2008 2.0.4.0 Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) Apple Inc. 01.03.2012 04/06/2009 3.0.0.0 Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) Apple Inc. 01.03.2012 05/05/2011 4.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) Apple Inc. 01.03.2012 03/25/2009 2.1.2.112 Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) Apple Inc. 01.03.2012 05/05/2011 4.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) Apple Inc. 01.03.2012 09/10/2009 3.0.0.0 Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) Apple Inc. 01.03.2012 10/05/2010 3.2.0.1 Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) Apple Inc. 01.03.2012 03/25/2009 2.1.2.112 Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) Apple Inc. 01.03.2012 05/05/2011 4.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) Apple Inc. 01.03.2012 09/10/2009 3.0.0.0 Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) Apple Inc. 01.03.2012 10/05/2010 3.2.0.1 Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) Apple Inc. 01.03.2012 01/17/2008 2.0.2.2 Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) Apple Inc. 01.03.2012 05/17/2010 3.1.0.0 Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) Apple Inc. 01.03.2012 04/05/2011 3.2.0.8 Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) Apple Inc. 01.03.2012 07/13/2009 3.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) Apple Inc. 01.03.2012 07/13/2009 3.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) Apple Inc. 01.03.2012 06/01/2011 4.0.0.1 Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) Apple Inc. 01.03.2012 11/30/2009 3.0.0.6 Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) Apple Inc. 01.03.2012 08/24/2010 3.1.0.7 Windows-Treiberpaket - Apple Inc. Bluetooth (11/23/2009 3.0.0.4) Apple Inc. 01.03.2012 11/23/2009 3.0.0.4 Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) Apple Inc. 01.03.2012 08/22/2008 2.1.1.1 Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) Atheros Communications Inc. 01.03.2012 11/18/2009 8.0.0.258 Windows-Treiberpaket - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3) Broadcom 01.03.2012 05/28/2009 12.2.0.3 Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) Broadcom 01.03.2012 08/21/2009 5.60.18.8 Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) Cirrus Logic, Inc. 01.03.2012 01/02/2010 6.6001.1.21 Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) Cirrus Logic, Inc. 01.03.2012 08/16/2010 6.6001.1.26 Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0) Intel 01.03.2012 02/06/2008 9.12.17.0 Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0) Intel 01.03.2012 01/08/2008 8.3.9.0 Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) Intel 01.03.2012 07/22/2008 10.3.45.0 Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) Intel 01.03.2012 08/05/2008 10.3.49.0 Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) Intel 01.03.2012 07/16/2008 9.52.10.0 Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0) Intel 01.03.2012 02/06/2008 9.12.18.0 Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0) Intel 01.03.2012 06/13/2008 9.52.9.0 Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) Intel 01.03.2012 07/22/2008 10.3.45.0 Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) Intel 01.03.2012 08/05/2008 10.3.49.0 Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0) Intel 01.03.2012 11/07/2007 8.10.1.0 Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) Intel 01.03.2012 07/20/2007 1.2.76.0 Windows-Treiberpaket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) Marvell 01.03.2012 03/23/2007 10.12.7.3 WinRAR 01.03.2012 Xvid 1.2.2 final uninstall Xvid team (Koepi) 01.03.2012 1.2 |
11.03.2012, 21:09 | #17 |
| Trojaner gefunden (Windows 7) Mein Malwarebytes Scan Log
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.11.08 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Xxxander :: XXX-PC [Administrator] Schutz: Deaktiviert 11.03.2012 17:58:33 mbam-log-2012-03-11 (17-58-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328932 Laufzeit: 1 Stunde(n), 10 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55639 (Spyware.Zeus) -> Daten: C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\Local Settings\Temp\msbufn.cmd (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/11/2012 at 06:14 PM Application Version : 5.0.1146 Core Rules Database Version : 8324 Trace Rules Database Version: 6136 Scan type : Quick Scan Total Scan Time : 00:23:30 Operating System Information Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 505 Memory threats detected : 0 Registry items scanned : 27820 Registry threats detected : 0 File items scanned : 14680 File threats detected : 3 Adware.Tracking Cookie .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] |
12.03.2012, 15:14 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!
__________________
__________________ |
13.03.2012, 07:29 | #19 | |
| Trojaner gefunden (Windows 7)Zitat:
Code:
ATTFilter ComboFix 12-03-10.02 - Xxx 13.03.2012 2:14.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2792.1868 [GMT 1:00] ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Xxx\AppData\Roaming\froot c:\windows\system32\~.inf c:\windows\system32\odbcad32.exe c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll . . ((((((((((((((((((((((( Dateien erstellt von 2012-02-13 bis 2012-03-13 )))))))))))))))))))))))))))))) . . 2012-03-13 06:20 . 2012-03-13 06:21 -------- d-----w- c:\users\Xxx\AppData\Local\temp 2012-03-13 06:20 . 2012-03-13 06:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-13 06:20 . 2012-03-13 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-12 20:46 . 2012-03-12 20:56 2512121 ----a-w- c:\windows\system32\~.tmp 2012-03-11 16:50 . 2012-03-11 16:50 -------- d-----w- c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com 2012-03-11 16:49 . 2012-03-11 16:50 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-11 16:49 . 2012-03-11 16:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-11 16:40 . 2012-03-11 16:40 -------- d-----w- c:\program files\CCleaner 2012-03-11 15:16 . 2012-03-11 15:17 -------- d-----w- c:\users\Xxx\AppData\Roaming\kodak 2012-03-11 15:16 . 2012-03-13 03:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll 2012-03-11 15:16 . 2012-03-11 15:16 -------- d-----w- c:\programdata\Local Settings 2012-03-09 15:02 . 2012-03-09 15:02 -------- d-----w- C:\_OTL 2012-03-09 14:29 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll 2012-03-09 00:49 . 2012-03-09 00:49 -------- d-----w- c:\program files\7-Zip 2012-03-09 00:09 . 2012-03-09 00:09 -------- d-----w- c:\program files\iPod 2012-03-09 00:09 . 2012-03-09 00:11 -------- d-----w- c:\program files\iTunes 2012-03-07 01:36 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-03-07 01:36 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-03-07 01:36 . 1998-07-06 17:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL 2012-03-07 01:36 . 1998-07-06 17:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL 2012-03-07 01:36 . 1998-07-06 17:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL 2012-03-07 01:36 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-03-07 01:36 . 2012-03-07 01:36 -------- d-----w- c:\program files\PDFCreator 2012-03-05 20:48 . 2012-03-05 20:48 -------- d-----w- c:\users\Xxx\AppData\Roaming\Oracle 2012-03-05 20:35 . 2012-03-05 20:35 -------- d-----w- c:\program files\Oracle 2012-03-05 20:35 . 2012-03-05 20:35 -------- d-----w- c:\programdata\Oracle 2012-03-05 20:22 . 2012-03-05 20:22 -------- d-----w- c:\program files\ESET 2012-03-04 15:56 . 2012-03-04 15:56 -------- d-----w- c:\program files\Common Files\Skype 2012-03-02 00:52 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-03-02 00:52 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-03-02 00:52 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-03-02 00:52 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-03-02 00:52 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2012-03-02 00:52 . 2012-03-02 07:04 -------- d-----w- c:\program files\Trojan Remover 2012-03-02 00:52 . 2012-03-02 00:52 -------- d-----w- c:\users\Xxx\AppData\Roaming\Simply Super Software 2012-03-02 00:52 . 2012-03-02 00:52 -------- d-----w- c:\programdata\Simply Super Software 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\users\Xxx\AppData\Roaming\Malwarebytes 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-02 00:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-22 17:00 . 2012-02-22 17:00 -------- d-----w- c:\programdata\Xerox 2012-02-22 17:00 . 2011-06-16 09:24 10240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll 2012-02-21 23:24 . 2012-02-21 23:24 -------- d-----w- c:\users\Xxx\AppData\Roaming\NVIDIA 2012-02-21 23:24 . 2012-02-21 23:24 -------- d-----w- c:\users\Xxx\AppData\Local\Facebook 2012-02-15 11:38 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 11:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 11:21 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 11:21 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-09 14:27 . 2011-05-16 10:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-06-16 00:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-27 22:21 . 2011-12-27 22:21 53248 ----a-r- c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-12-27 22:21 . 2011-12-27 22:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-02-18 14:12 . 2011-05-13 08:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936] "G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144] "GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-02-21 23:24 137536 ----atw- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe] 2011-12-13 14:37 661888 ----a-w- c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-06 18:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe] 2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2010-03-09 15:04 7739936 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager] 2011-05-26 13:39 5797496 ----a-w- c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-11-12 12:24 1242448 ----a-w- c:\program files\Steam\steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-07 17:40 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2012-03-02 00:53 1238800 ----a-w- c:\program files\Trojan Remover\Trjscan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856] R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432] R3 NRKCTL32;NRKCTL32; [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824] S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184] S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824] S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288] S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners . 2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job - c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24] . 2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job - c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24] . 2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55] . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 80.58.61.250 80.58.61.254 FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe MSConfigStartUp-UIExec - c:\program files\T-Mobile Internet Manager 03\UIExec.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Xxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*] "datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65, de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\ "rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-03-13 07:25:00 ComboFix-quarantined-files.txt 2012-03-13 06:24 . Vor Suchlauf: 12 Verzeichnis(se), 28.978.814.976 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 32.981.110.784 Bytes frei . - - End Of File - - A5F8B2C9A3A013B6726716C6B6EA2D95 Klecks |
13.03.2012, 16:59 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File:: c:\windows\system32\~.tmp 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.03.2012, 19:34 | #21 |
| Trojaner gefunden (Windows 7) Hi Arne, der neue Combo Fix Log. ( Es gab keine Nachfrage bzgl. Neustart) Combofix Logfile: Code:
ATTFilter ComboFix 12-03-10.02 - Xxx 13.03.2012 18:41:07.3.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2792.1393 [GMT 1:00] ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Xxx\Downloads\CFScript.txt AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\~.tmp" . . ((((((((((((((((((((((( Dateien erstellt von 2012-02-13 bis 2012-03-13 )))))))))))))))))))))))))))))) . . 2012-03-13 17:54 . 2012-03-13 17:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-13 17:54 . 2012-03-13 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-13 06:25 . 2012-03-13 17:54 -------- d-----w- c:\users\Xxx\AppData\Local\temp 2012-03-12 20:46 . 2012-03-12 20:56 2512121 ----a-w- c:\windows\system32\~.tmp 2012-03-11 16:50 . 2012-03-11 16:50 -------- d-----w- c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com 2012-03-11 16:49 . 2012-03-11 16:50 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-03-11 16:49 . 2012-03-11 16:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-03-11 16:40 . 2012-03-11 16:40 -------- d-----w- c:\program files\CCleaner 2012-03-11 15:16 . 2012-03-11 15:17 -------- d-----w- c:\users\Xxx\AppData\Roaming\kodak 2012-03-11 15:16 . 2012-03-13 03:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll 2012-03-11 15:16 . 2012-03-11 15:16 -------- d-----w- c:\programdata\Local Settings 2012-03-09 15:02 . 2012-03-09 15:02 -------- d-----w- C:\_OTL 2012-03-09 14:29 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll 2012-03-09 00:49 . 2012-03-09 00:49 -------- d-----w- c:\program files\7-Zip 2012-03-09 00:09 . 2012-03-09 00:09 -------- d-----w- c:\program files\iPod 2012-03-09 00:09 . 2012-03-09 00:11 -------- d-----w- c:\program files\iTunes 2012-03-07 01:36 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-03-07 01:36 . 1998-06-24 00:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-03-07 01:36 . 1998-07-06 17:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL 2012-03-07 01:36 . 1998-07-06 17:55 158208 ----a-w- c:\windows\system32\MSCMCDE.DLL 2012-03-07 01:36 . 1998-07-06 17:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL 2012-03-07 01:36 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-03-07 01:36 . 2012-03-07 01:36 -------- d-----w- c:\program files\PDFCreator 2012-03-05 20:48 . 2012-03-05 20:48 -------- d-----w- c:\users\Xxx\AppData\Roaming\Oracle 2012-03-05 20:35 . 2012-03-05 20:35 -------- d-----w- c:\program files\Oracle 2012-03-05 20:35 . 2012-03-05 20:35 -------- d-----w- c:\programdata\Oracle 2012-03-05 20:22 . 2012-03-05 20:22 -------- d-----w- c:\program files\ESET 2012-03-04 15:56 . 2012-03-04 15:56 -------- d-----w- c:\program files\Common Files\Skype 2012-03-02 00:52 . 2006-06-19 12:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-03-02 00:52 . 2006-05-25 14:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-03-02 00:52 . 2005-08-26 00:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-03-02 00:52 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-03-02 00:52 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2012-03-02 00:52 . 2012-03-02 07:04 -------- d-----w- c:\program files\Trojan Remover 2012-03-02 00:52 . 2012-03-02 00:52 -------- d-----w- c:\users\Xxx\AppData\Roaming\Simply Super Software 2012-03-02 00:52 . 2012-03-02 00:52 -------- d-----w- c:\programdata\Simply Super Software 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\users\Xxx\AppData\Roaming\Malwarebytes 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-02 00:45 . 2012-03-02 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-02 00:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-22 17:00 . 2012-02-22 17:00 -------- d-----w- c:\programdata\Xerox 2012-02-22 17:00 . 2011-06-16 09:24 10240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll 2012-02-21 23:24 . 2012-02-21 23:24 -------- d-----w- c:\users\Xxx\AppData\Roaming\NVIDIA 2012-02-21 23:24 . 2012-02-21 23:24 -------- d-----w- c:\users\Xxx\AppData\Local\Facebook 2012-02-15 11:38 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-02-15 11:22 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 11:21 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 11:21 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-09 14:27 . 2011-05-16 10:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-06-16 00:01 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-12-27 22:21 . 2011-12-27 22:21 53248 ----a-r- c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-12-27 22:21 . 2011-12-27 22:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-02-18 14:12 . 2011-05-13 08:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936] "G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144] "GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] 2012-02-21 23:24 137536 ----atw- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe] 2011-12-13 14:37 661888 ----a-w- c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-06 18:05 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe] 2011-11-14 11:02 435672 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2010-03-09 15:04 7739936 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager] 2011-05-26 13:39 5797496 ----a-w- c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-29 07:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-11-12 12:24 1242448 ----a-w- c:\program files\Steam\steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-11-07 17:40 273528 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] 2012-03-02 00:53 1238800 ----a-w- c:\program files\Trojan Remover\Trjscan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2011-07-11 21:47 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856] R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456] R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432] R3 NRKCTL32;NRKCTL32; [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992] S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824] S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448] S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184] S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944] S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880] S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824] S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016] S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536] S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512] S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288] S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mchInjDrv . Inhalt des "geplante Tasks" Ordners . 2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job - c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24] . 2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job - c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24] . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55] . 2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 80.58.61.250 80.58.61.254 FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*] "datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65, de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\ "rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-03-13 19:31:25 ComboFix-quarantined-files.txt 2012-03-13 18:31 ComboFix2.txt 2012-03-13 06:25 . Vor Suchlauf: 16 Verzeichnis(se), 32.989.253.632 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 32.932.249.600 Bytes frei . - - End Of File - - 00E97E58E6439C771DD9AA353C3FFFDF |
13.03.2012, 20:09 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
13.03.2012, 22:47 | #23 |
| Trojaner gefunden (Windows 7) Anbei die GMER und OSAM logs: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:45:54 on 13.03.2012 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "IrmControlPanel" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmControlPanel.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AppleHFS" (AppleHFS) - "Apple Inc." - C:\Windows\system32\drivers\AppleHFS.sys "AppleMNT" (AppleMNT) - "Apple Inc." - C:\Windows\system32\drivers\AppleMNT.sys "catchme" (catchme) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys (File not found) "DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\Windows\system32\Drivers\DrvAgent32.sys "G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys "G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys "G DATA WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys "GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys "GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys "GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys "inpout32" (inpout32) - "Highresolution Enterprises [www.highrez.co.uk]" - C:\Windows\System32\Drivers\inpout32.sys "KeyAgent" (KeyAgent) - "Apple Inc." - C:\Windows\system32\drivers\KeyAgent.sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys "Mac HAL" (MacHALDriver) - "Apple Inc." - C:\Windows\system32\drivers\MacHALDriver.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys "mvd23" (mvd23) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys "NRKCTL32" (NRKCTL32) - ? - C:\Windows\system32\drivers\NRKCTL32.sys (File not found) "pcidrv" (pcidrv) - ? - C:\Program Files\uICE\devices\pcidrv.sys (File not found) "pwldrpod" (pwldrpod) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys (Hidden registry entry, rootkit activity | File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys (File not found) "ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys (File not found) "ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys (File not found) "ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll {EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll {63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll {EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll {68751EAA-C2BD-4319-A9E1-58D40ACFA03C} "OracleIRM.ShellExtension.InfotipExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll {1E98CD8D-6AE0-47E1-99F7-B6BD24E61AAA} "OracleIRM.ShellExtension.PropertySheetExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll {237013E6-C476-4D56-ABB6-40FC3412A78D} "OracleIRM.ShellExtension.ShortcutMenuExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Xxx Roshal" - C:\Program Files\WinRAR\rarext.dll Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe "SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Apple_KbdMgr" - "Apple Inc." - C:\Program Files\Boot Camp\Bootcamp.exe "G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe "GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Pharos Systems Popup Port Monitor" - "Pharos Systems International" - C:\Windows\system32\PSR38A0E.DLL "SealPrintMonitor" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Apple OS Switch Manager" (AppleOSSMgr) - ? - C:\Windows\system32\AppleOSSMgr.exe "Apple-Time-Server" (AppleTimeSrv) - "Apple Inc." - C:\Windows\system32\AppleTimeSrv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe "G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe "G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe "G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe "G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Oracle IRM Desktop Service Host" (OracleIRMServiceHost) - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe "Pharos Systems ComTaskMaster" (Pharos Systems ComTaskMaster) - "Pharos Systems International" - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Samsung Drive Manager Service" (SZDrvSvc) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe "SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL "LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-03-13 22:44:33 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA02 rev.FBEAC50F Running: ub69lq4x.exe; Driver: C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 83290369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\drivers\awjqyoqt.sys Das System kann den angegebenen Pfad nicht finden. ! PAGE peauth.sys 9D61EB9B 9 Bytes JMP B9BDA47F ? C:\Windows\system32\Drivers\mchInjDrv.sys Das System kann die angegebene Datei nicht finden. ! ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. ! ? C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtClose 771D54C8 5 Bytes JMP 020586E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtMapViewOfSection 771D5C28 5 Bytes JMP 0205B280 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtQueryDirectoryFile 771D5F98 5 Bytes JMP 02056550 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileW 76AF6AF7 5 Bytes JMP 02059A80 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntW 76AF7ACD 5 Bytes JMP 02059070 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FlushFileBuffers 76AF84E7 5 Bytes JMP 02058D30 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFileTime 76AFC3E2 5 Bytes JMP 02059630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntA 76AFDFE8 5 Bytes JMP 02058FB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hread 76AFFAB0 5 Bytes JMP 0205A630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_llseek 76AFFADE 5 Bytes JMP 0205A750 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSize 76B00823 5 Bytes JMP 02058EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileMappingW 76B0120C 5 Bytes JMP 0205AEA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileW 76B016EF 5 Bytes JMP 0205A520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileTime 76B016FC 5 Bytes JMP 02059530 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetEndOfFile 76B02BA5 5 Bytes JMP 02059260 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesExW 76B0307E 5 Bytes JMP 02059450 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileA 76B04382 5 Bytes JMP 0205A410 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileExW 76B08DB0 5 Bytes JMP 0205A0E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSizeEx 76B099B1 5 Bytes JMP 02059190 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileW 76B09B4E 5 Bytes JMP 0205ABB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReadFile 76B09B66 5 Bytes JMP 02058860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileA 76B0A611 5 Bytes JMP 0205AB50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileA 76B0BF53 5 Bytes JMP 0205A7D0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DuplicateHandle 76B0D888 5 Bytes JMP 0205AD50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileW 76B0E8A5 5 Bytes JMP 020582A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileA 76B0EA61 5 Bytes JMP 02057EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFilePointer 76B1060D 5 Bytes JMP 02058D90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileW 76B1404C 5 Bytes JMP 0205A900 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesW 76B14C14 5 Bytes JMP 020593E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindClose 76B14C24 5 Bytes JMP 0205AAF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!OpenFileMappingW 76B150EA 5 Bytes JMP 0205B160 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!WriteFile 76B153EE 5 Bytes JMP 02058AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileType 76B16AB4 5 Bytes JMP 02059730 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileExW 76B16BD6 5 Bytes JMP 0205A9F0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesA 76B16C06 5 Bytes JMP 02059370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReplaceFile 76B21708 5 Bytes JMP 0205A310 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileA 76B26D5A 5 Bytes JMP 020598A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileW 76B26ED6 5 Bytes JMP 02059E90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!UnlockFile 76B27B2B 5 Bytes JMP 02059820 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!LockFile 76B27B43 5 Bytes JMP 020597A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetShortPathNameA 76B29CEE 5 Bytes JMP 0205AC10 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileA 76B4BF49 5 Bytes JMP 02059C60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hwrite 76B4D505 5 Bytes JMP 0205A6C0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDCEx 757A2D57 5 Bytes JMP 02056AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetWindowDC 757A4AB7 5 Bytes JMP 02056B40 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC 757A5421 3 Bytes JMP 02057180 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC + 4 757A5425 1 Byte [8C] .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDC 757A544C 5 Bytes JMP 02056A60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] USER32.dll!PrintWindow 757F4D87 5 Bytes JMP 02057340 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!DeleteDC 75866EAA 5 Bytes JMP 02057200 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!BitBlt 758672C0 5 Bytes JMP 02056BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetPixel 7586C3D5 5 Bytes JMP 02056D50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCA 7586CCA9 5 Bytes JMP 020566A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCW 7586CF79 5 Bytes JMP 02056880 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StretchBlt 7586F467 5 Bytes JMP 02056FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileW 75871260 5 Bytes JMP 02057860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileW 75871341 5 Bytes JMP 02057980 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileW 7587456F 5 Bytes JMP 02057AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileA 75893CD5 5 Bytes JMP 02057400 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileA 758947C6 5 Bytes JMP 02057640 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocW 75895BB0 5 Bytes JMP 0205D440 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocA 758960E1 5 Bytes JMP 0205D360 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyEnhMetaFileW 7589D651 5 Bytes JMP 02057CB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileA 7589D758 5 Bytes JMP 02057520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] ole32.dll!CoInitializeEx 756609AD 5 Bytes JMP 0205D690 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Windows\System32\spoolsv.exe[1904] ole32.dll!DoDragDrop 7572A827 5 Bytes JMP 0205B370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongA 75798BA3 5 Bytes JMP 5C1701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongW 757A4449 5 Bytes JMP 5C170135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!GetWindowInfo 757A4B5E 5 Bytes JMP 5BF00924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!TrackPopupMenu 757B2228 5 Bytes JMP 5BF00ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[6788] ntdll.dll!LdrLoadDll 771F223E 5 Bytes JMP 5BD85B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[6788] USER32.dll!GetWindowInfo 757A4B5E 5 Bytes JMP 5BF0802D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000085 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000087 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0023125dfba3 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0023125dfba3 (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\Users\Xxx\AppData\Local\temp\fla45F5.tmp 7063172 bytes File C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll 1170944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll 1170944 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe 3957616 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe 3902320 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys 177152 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys 178176 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys 183808 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys 183808 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll 129536 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll 57856 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll 129536 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll 57856 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll 129536 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll 58880 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll 129536 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll 58880 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe 8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe 8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe 8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe 8192 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys 2341376 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll 1074176 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys 2350592 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll 1077248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll 1077248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll 1077248 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe 3971440 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe 3915632 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll 152064 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe 3968368 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe 3913584 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe 3971440 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe 3916656 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys 2343424 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a 0 bytes File C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys 2351104 bytes executable ---- EOF - GMER 1.0.15 ---- |
14.03.2012, 07:52 | #24 |
| Trojaner gefunden (Windows 7) aswMBR stürzt leider immer ab |
14.03.2012, 15:18 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
14.03.2012, 18:09 | #26 |
| Trojaner gefunden (Windows 7)Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-03-14 17:51:03 ----------------------------- 17:51:03.429 OS Version: Windows 6.1.7601 Service Pack 1 17:51:03.429 Number of processors: 2 586 0x1706 17:51:03.433 ComputerName: XXX-PC UserName: 17:51:06.462 Initialize success* 17:51:12.302 AVAST engine defs: 12031300 17:51:34.570 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:51:34.572 Disk 0 Vendor: Hitachi_HTS543225L9SA02 FBEAC50F Size: 238475MB BusType: 3 17:51:34.670 Disk 0 MBR read successfully 17:51:34.672 Disk 0 MBR scan 17:51:34.761 Disk 0 Windows 7 default MBR code 17:51:34.776 Disk 0 Partition 1 00 EE GPT 200 MB offset 1 17:51:34.999 Disk 0 Partition 2 00 AF HFS / HFS+ 122880 MB offset 409640 17:51:35.073 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 115266 MB offset 252332032 17:51:35.114 Disk 0 scanning sectors +488396800 17:51:35.267 Disk 0 scanning C:\Windows\system32\drivers 17:52:16.872 Service scanning 17:53:22.141 Modules scanning 17:54:34.778 Disk 0 trace - called modules: 17:54:34.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 17:54:34.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865bc210] 17:54:34.798 3 CLASSPNP.SYS[8b47059e] -> nt!IofCallDriver -> [0x86144918] 17:54:34.798 5 ACPI.sys[8ac8f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86101030] 17:54:34.798 Scan finished successfully 17:57:00.609 Disk 0 MBR has been saved successfully to "C:\Users\Xxxxxx\Documents\MBR.dat" 17:57:00.615 The log file has been saved successfully to "C:\Users\Xxxxxx\Documents\aswMBR.txt" |
14.03.2012, 18:31 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
14.03.2012, 20:32 | #28 |
| Trojaner gefunden (Windows 7) hi Arne, lass gerade beide Programme laufen. Gdata hat gerade folgende Meldung gegeben. "Die Datei wurde gelöscht. Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928 Virus: Java:ClassLoader-U [Trj] (Engine B)" |
14.03.2012, 21:44 | #29 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7)Zitat:
Leere diesen Ordner => C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache
__________________ Logfiles bitte immer in CODE-Tags posten |
14.03.2012, 22:54 | #30 |
| Trojaner gefunden (Windows 7)Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 03/14/2012 at 10:09 PM Application Version : 5.0.1146 Core Rules Database Version : 8335 Trace Rules Database Version: 6147 Scan type : Complete Scan Total Scan Time : 03:29:56 Operating System Information Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Administrator Memory items scanned : 1046 Memory threats detected : 0 Registry items scanned : 37805 Registry threats detected : 0 File items scanned : 50398 File threats detected : 203 Adware.Tracking Cookie C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\5XEGG0FA.txt [ /doubleclick.net ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\Y5TGY90R.txt [ /ad.yieldmanager.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\37YUNF1M.txt [ /ar.atwola.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\FOF88BDC.txt [ /ru4.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\OPSE4XR6.txt [ /tacoda.at.atwola.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\68JI3B0C.txt [ /atdmt.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\PTG52TYY.txt [ /at.atwola.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\LXYHKM57.txt [ /media6degrees.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\8EHB2CEN.txt [ /lucidmedia.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\QTCNNA6A.txt [ /advertising.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\BRSRR0EG.txt [ /c.atdmt.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\P3UHSQIM.txt [ /atwola.com ] C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\0Y7CE0EH.txt [ /adbrite.com ] C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ] C:\USERS\XXX\Cookies\Y5TGY90R.txt [ Cookie:xxx@ad.yieldmanager.com/ ] C:\USERS\XXX\Cookies\FOF88BDC.txt [ Cookie:xxx@ru4.com/ ] C:\USERS\XXX\Cookies\OPSE4XR6.txt [ Cookie:xxx@tacoda.at.atwola.com/ ] C:\USERS\XXX\Cookies\PTG52TYY.txt [ Cookie:xxx@at.atwola.com/ ] C:\USERS\XXX\Cookies\LXYHKM57.txt [ Cookie:xxx@media6degrees.com/ ] C:\USERS\XXX\Cookies\8EHB2CEN.txt [ Cookie:xxx@lucidmedia.com/ ] C:\USERS\XXX\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ] C:\USERS\XXX\Cookies\QTCNNA6A.txt [ Cookie:xxx@advertising.com/ ] C:\USERS\XXX\Cookies\BRSRR0EG.txt [ Cookie:xxx@c.atdmt.com/ ] C:\USERS\XXX\Cookies\P3UHSQIM.txt [ Cookie:xxx@atwola.com/ ] files.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ] stat.easydate.biz [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ] es.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .static.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] 7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] 7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] 7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .www.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ads.crakmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] www.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .es.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .exoclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .sexad.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ads.trafficjunky.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] media.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] www.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLACONTROL\PROFILES\MOZILLACONTROL\E70WPKA8.SLT\COOKIES.TXT ] |
Themen zu Trojaner gefunden (Windows 7) |
administrator, anschluss, anti-malware, appdata, autostart, beseitigung, browser, code, dateien, dateisystem, entfernen, exploit.drop.4, explorer, gelöscht, gen, helper, heuristiks/extra, heuristiks/shuriken, infizierte, infizierte dateien, löschen, malwarebytes, microsoft, problem, roaming, rojaner gefunden, software, speicher, temp, trojaner, trojaner gefunden, trojaner-board, windows |