| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.04.2012, 13:36
| #1 |
 |  Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus Hallo liebe Foren-Mitglieder, ich habe ein Problem, dass ich schon sehr oft (auch in diesem Forum) gelesen habe. Aber damit man mir helfen kann, muss ich anscheinend die Scans der diversen Programme hier reinschreiben, deswegen hoffe ich, dass ihr mir trotzdem helft. Mein Problem: Vor einigen Tagen hatte ich den BKA-Virus ("Bundeskriminalamt-Virus") auf meinem Laptop. Diesen habe ich erfolgreich (zumindest augenscheinlich) beseitigt. Doch meldet nun bei jedem Neustart meines PC's Anit-Vir folgendes: TR\Crypt.ZPack.Gen2 Malewarebytes habe ich schon mehrmals, wie auch Anti-Vir durchlaufen lassen. Es wird aber nichts gefunden. Ich habe in einem anderen Forum gelesen, dass es hilft Java neu zu installieren. Hab ich auch gemacht, jedoch ohne Erfolg. Ich glaube, dass ich mein System nicht neu aufsetzen kann, da ich eine limitierte Windows 7 Version von der Uni benutze, die man, glaube ich nur einmal installieren kann... Deswegen möchte ich mein System so bereinigen. Hier ist schon mal der Scan von Malewarebytes. Ich würde mich sehr über eure Hilfe freuen :-). Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Dirk Nikolaus :: DIRKNIKOLAUS-PC [administrator] Protection: Enabled 02.04.2012 09:50:33 mbam-log-2012-04-02 (09-50-33).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 433795 Time elapsed: 3 hour(s), 17 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
02.04.2012, 18:08
| #2 |
| /// Malware-holic   | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus hi,
__________________wo ist die avira fundmeldung? avira, ereignisse, dort raus suchen. 2. gibts Malwarebytes logs mit funden? falls ja posten. 3. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
02.04.2012, 20:23
| #3 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus Vielen Dank für die schnelle Antwort! :-)
__________________1. The file 'C:\Windows\System32\jpg46t33.dll' contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen2' [trojan] Action(s) taken: The file was moved to the quarantine directory under the name '4a75e0b2.qua'. (Ich hoffe, das hattest du gemeint) 2. Das ist der älteste Log, aber auch hier wurde nichts gefunden. Ich schreib auch nochmal den Trojaner der sich in Quarantäne befindet, wobei der noch vom BKA-Virus stammt. Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.02.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Dirk Nikolaus :: DIRKNIKOLAUS-PC [administrator] Protection: Enabled 02.04.2012 09:50:33 mbam-log-2012-04-02 (09-50-33).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 433795 Time elapsed: 3 hour(s), 17 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Tronjaner: Trojan.Downloader.Gen -> Pfad: AppData\Local\Temp\0.45259769972555464.exe Ich werde mich gleich mal an diese OLT-Programm machen und das posten. Vielen Dank schon mal für deine Hilfe! So die Logs von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.04.2012 21:41:03 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,70% Memory free 4,00 Gb Paging File | 2,10 Gb Available in Paging File | 52,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,44 Gb Total Space | 19,82 Gb Free Space | 14,53% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,18 Gb Free Space | 61,75% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.) PRC - C:\Windows\System32\FSRremoS.EXE () ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\libglesv2.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\libegl.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll () MOD - C:\Users\DIRKNI~1\AppData\Local\Google\Chrome\APPLIC~1\180102~1.142\gcswf32.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\FSRremoS.EXE () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LanmanWorkstation) -- C:\Windows\System32\aptwwsj6y.dll (Works Ltd.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ntqvg88k) -- C:\Windows\System32\ntqvg88k.sys (New Technology Quality, Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (pelusblf) -- C:\Windows\System32\drivers\pelusblf.sys (Primax Electronics Ltd.) DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 79 3D DB 4B C5 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{B4A4BABF-1B4B-4E03-9AD2-AE1C9556305B}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dirk Nikolaus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dirk Nikolaus\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.06 18:55:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 19:38:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.02 09:34:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.06 18:55:33 | 000,000,000 | ---D | M] [2010.09.04 15:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.03.26 18:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions [2011.11.25 18:51:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.11 23:56:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.03.26 18:59:30 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gr1jtqne.default\searchplugins\icqplugin.xml [2012.04.02 09:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.03 17:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.05 15:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.11 20:18:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.23 11:02:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2010.09.06 10:25:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.02.18 19:38:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 19:38:06 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 19:38:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 19:38:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 19:38:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NPSStartup] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Program Files\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D003D96E-1841-4D2D-A73C-EC498AFA5277}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{085d7a5b-99a1-11df-963c-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{085d7a5b-99a1-11df-963c-001c23a73c8a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{085d7a66-99a1-11df-963c-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{085d7a66-99a1-11df-963c-001c23a73c8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{381448a0-a063-11df-98e8-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{381448a0-a063-11df-98e8-001c23a73c8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.02 21:24:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.02 21:14:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.04.02 09:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.25 09:45:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.25 00:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.25 00:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.25 00:30:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.25 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.24 10:18:55 | 000,463,872 | ---- | C] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqvg88k.sys [2012.03.23 10:06:08 | 000,221,184 | ---- | C] (Works Ltd.) -- C:\Windows\System32\aptwwsj6y.dll [2012.03.12 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.12 21:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.12 21:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2012.04.02 21:24:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.02 21:14:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.04.02 21:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.02 21:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.02 21:07:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.02 20:56:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001Core.job [2012.04.02 20:56:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001UA.job [2012.04.02 17:02:38 | 000,744,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.02 17:02:38 | 000,699,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.02 17:02:38 | 000,160,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.02 17:02:38 | 000,133,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.02 09:36:45 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 09:36:45 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 08:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.02 08:56:47 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys [2012.03.31 18:00:03 | 000,002,448 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2012.03.25 00:30:46 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.24 10:18:55 | 000,463,872 | ---- | M] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqvg88k.sys [2012.03.23 10:06:08 | 000,221,184 | ---- | M] (Works Ltd.) -- C:\Windows\System32\aptwwsj6y.dll [2012.03.14 21:19:52 | 000,417,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.13 22:07:07 | 000,000,712 | ---- | M] () -- C:\Users\***\Documents\*** - Verknüpfung.lnk [2012.03.12 21:23:16 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.03.29 10:38:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.25 00:30:46 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.13 22:07:07 | 000,000,712 | ---- | C] () -- C:\Users\***\Documents\*** - Verknüpfung.lnk [2012.03.12 21:23:16 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 13:11:26 | 000,185,873 | ---- | C] () -- C:\Windows\hpoins43.dat [2011.11.06 13:11:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat [2011.07.02 10:43:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.30 15:53:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.07.04 15:28:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.07.04 15:28:49 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.06.06 18:54:58 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.06.05 16:36:57 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.05 16:35:28 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.05.30 18:02:46 | 000,226,442 | ---- | C] () -- C:\Windows\hpoins18.dat [2010.05.30 18:02:46 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2010.05.27 00:31:31 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.27 18:06:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.27 18:06:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.04.13 22:11:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.04.13 22:11:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.13 22:11:19 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.04.13 22:11:19 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.13 22:11:17 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.12 12:08:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL [2010.04.12 12:08:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE ========== LOP Check ========== [2010.09.06 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2011.08.18 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant [2012.04.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.21 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mestrelab Research S.L [2010.03.16 23:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVD [2010.04.27 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.11.01 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2010.03.21 00:32:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StatSoft [2010.03.16 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.03.14 09:57:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < Database version: v2012.04.02.03 > < > < Windows 7 Service Pack 1 x86 NTFS > < Internet Explorer 9.0.8112.16421 > < *** :: ***-PC [administrator] > < > < Protection: Enabled > < > < 02.04.2012 09:50:33 > < mbam-log-2012-04-02 (09-50-33).txt > < > < Scan type: Full scan > < Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM > Invalid Switch: Shuriken | PUP | PUM < Scan options disabled: P2P > < Objects scanned: 433795 > < Time elapsed: 3 hour(s), 17 minute(s), 32 second(s) > < > < Memory Processes Detected: 0 > < (No malicious items detected) > < > < Memory Modules Detected: 0 > < (No malicious items detected) > < > < Registry Keys Detected: 0 > < (No malicious items detected) > < > < Registry Values Detected: 0 > < (No malicious items detected) > < > < Registry Data Items Detected: 0 > < (No malicious items detected) > < > < Folders Detected: 0 > < (No malicious items detected) > < > < Files Detected: 0 > < (No malicious items detected) > < > < (end) > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\***\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Word-Dokumente:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Studium_Biologie_Chemie_LAG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Studienunterlagen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Referate:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Muskeltraining:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Mein Literaturkanon:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Hausaufgaben:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Geburtsurkunden:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Facharbeit:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\RockHouse:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Busfahrplan:Roxio EMC Stream < End of report > sorry, ich glaube, dass ich vorher das Falsche gescannt habe. Ich hoffe jetzt passt es: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.04.2012 21:57:56 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,35% Memory free 4,00 Gb Paging File | 2,74 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,44 Gb Total Space | 19,84 Gb Free Space | 14,54% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,18 Gb Free Space | 61,75% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.) PRC - C:\Windows\System32\FSRremoS.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Windows\System32\FSRremoS.EXE () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (LanmanWorkstation) -- C:\Windows\System32\aptwwsj6y.dll (Works Ltd.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ntqvg88k) -- C:\Windows\System32\ntqvg88k.sys (New Technology Quality, Ltd.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (pelusblf) -- C:\Windows\System32\drivers\pelusblf.sys (Primax Electronics Ltd.) DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 79 3D DB 4B C5 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\..\SearchScopes\{B4A4BABF-1B4B-4E03-9AD2-AE1C9556305B}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.06 18:55:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 19:38:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.02 09:34:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.06 18:55:33 | 000,000,000 | ---D | M] [2010.09.04 15:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.03.26 18:59:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions [2011.11.25 18:51:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.11 23:56:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gr1jtqne.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.03.26 18:59:30 | 000,001,056 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gr1jtqne.default\searchplugins\icqplugin.xml [2012.04.02 09:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.01.03 17:32:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.05 15:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.11 20:18:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.23 11:02:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2010.09.06 10:25:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.02.18 19:38:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.18 19:38:06 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.18 19:38:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 19:38:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 19:38:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [NPSStartup] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Program Files\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL)) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D003D96E-1841-4D2D-A73C-EC498AFA5277}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{085d7a5b-99a1-11df-963c-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{085d7a5b-99a1-11df-963c-001c23a73c8a}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{085d7a66-99a1-11df-963c-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{085d7a66-99a1-11df-963c-001c23a73c8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{381448a0-a063-11df-98e8-001c23a73c8a}\Shell - "" = AutoRun O33 - MountPoints2\{381448a0-a063-11df-98e8-001c23a73c8a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico - () MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.02 21:24:39 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.02 09:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.25 09:45:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.25 00:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.25 00:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.25 00:30:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.25 00:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.24 10:18:55 | 000,463,872 | ---- | C] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqvg88k.sys [2012.03.23 10:06:08 | 000,221,184 | ---- | C] (Works Ltd.) -- C:\Windows\System32\aptwwsj6y.dll [2012.03.12 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.12 21:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.12 21:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2012.04.02 21:56:01 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001UA.job [2012.04.02 21:24:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.04.02 21:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.02 21:07:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.02 21:07:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.02 20:56:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001Core.job [2012.04.02 17:02:38 | 000,744,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.02 17:02:38 | 000,699,110 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.02 17:02:38 | 000,160,690 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.02 17:02:38 | 000,133,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.02 09:36:45 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 09:36:45 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.02 08:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.02 08:56:47 | 1609,187,328 | -HS- | M] () -- C:\hiberfil.sys [2012.03.31 18:00:03 | 000,002,448 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2012.03.25 00:30:46 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.24 10:18:55 | 000,463,872 | ---- | M] (New Technology Quality, Ltd.) -- C:\Windows\System32\ntqvg88k.sys [2012.03.23 10:06:08 | 000,221,184 | ---- | M] (Works Ltd.) -- C:\Windows\System32\aptwwsj6y.dll [2012.03.14 21:19:52 | 000,417,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.13 22:07:07 | 000,000,712 | ---- | M] () -- C:\Users\***\Documents\*** - Verknüpfung.lnk [2012.03.12 21:23:16 | 000,001,715 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012.03.29 10:38:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.03.25 00:30:46 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.13 22:07:07 | 000,000,712 | ---- | C] () -- C:\Users\***\Documents\*** - Verknüpfung.lnk [2012.03.12 21:23:16 | 000,001,715 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 13:11:26 | 000,185,873 | ---- | C] () -- C:\Windows\hpoins43.dat [2011.11.06 13:11:26 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat [2011.07.02 10:43:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.08.30 15:53:28 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.07.04 15:28:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.07.04 15:28:49 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.06.06 18:54:58 | 000,023,689 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.06.05 16:36:57 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.05 16:35:28 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2010.05.30 18:02:46 | 000,226,442 | ---- | C] () -- C:\Windows\hpoins18.dat [2010.05.30 18:02:46 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2010.05.27 00:31:31 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.04.27 18:06:47 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.27 18:06:47 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.04.13 22:11:21 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.04.13 22:11:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.13 22:11:19 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.04.13 22:11:19 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.13 22:11:17 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.12 12:08:48 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL [2010.04.12 12:08:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\FSRremoS.EXE ========== LOP Check ========== [2010.09.06 10:26:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2011.08.18 10:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoPal Assistant [2012.04.02 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.21 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mestrelab Research S.L [2010.03.16 23:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVD [2010.04.27 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.11.01 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2010.03.21 00:32:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StatSoft [2010.03.16 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.03.14 09:57:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.24 20:43:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.11.01 20:29:45 | 000,000,000 | ---D | M] -- C:\AgreeOutput [2011.07.18 23:42:58 | 000,000,000 | -HSD | M] -- C:\Boot [2012.04.02 09:34:51 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2010.03.20 22:27:03 | 000,000,000 | ---D | M] -- C:\CStemp [2010.08.30 15:53:26 | 000,000,000 | ---D | M] -- C:\DELL [2007.10.30 08:59:31 | 000,000,000 | ---D | M] -- C:\doctemp [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.11.05 14:24:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2007.10.30 08:59:22 | 000,000,000 | ---D | M] -- C:\Drivers [2011.11.03 21:18:48 | 000,000,000 | ---D | M] -- C:\DVDdecrypter images [2010.11.25 14:34:08 | 000,000,000 | ---D | M] -- C:\DVDshrink images [2010.11.04 14:27:28 | 000,000,000 | ---D | M] -- C:\Microsoft Office 2003 Professional [2010.11.04 14:11:13 | 000,000,000 | ---D | M] -- C:\Microsoft Office 2007 Enterprise [2010.11.04 14:29:23 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.02.25 02:41:00 | 000,000,000 | ---D | M] -- C:\MyVideos [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.26 21:02:21 | 000,000,000 | ---D | M] -- C:\Program Files [2012.04.01 09:04:18 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.11.05 14:24:41 | 000,000,000 | -HSD | M] -- C:\Programme [2010.03.20 22:36:03 | 000,000,000 | ---D | M] -- C:\Python25 [2010.03.16 22:56:30 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.04.02 22:00:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.02.27 00:02:24 | 000,000,000 | ---D | M] -- C:\Temp [2012.03.24 20:43:12 | 000,000,000 | R--D | M] -- C:\Users [2012.03.15 20:43:10 | 000,000,000 | ---D | M] -- C:\Windows [2010.03.18 14:20:56 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 23:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.04.02 22:00:11 | 005,242,880 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2012.04.02 22:00:10 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2010.03.16 22:56:45 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2010.03.16 23:54:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.03.16 23:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.03.16 23:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.03.16 22:56:45 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\***\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Word-Dokumente:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Studium_Biologie_Chemie_LAG:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Studienunterlagen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Referate:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Privat:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Muskeltraining:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Mein Literaturkanon:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Hausaufgaben:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Geburtsurkunden:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Facharbeit:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\RockHouse:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Busfahrplan:Roxio EMC Stream < End of report > |
|
03.04.2012, 09:00
| #4 |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
SRV - (LanmanWorkstation) -- C:\Windows\System32\aptwwsj6y.dll (Works Ltd.)
:Files
C:\Windows\System32\aptwwsj6y.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 12:03
| #5 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus Danke nochmal! :-) Hier ist die Textdatei von OTL: All processes killed ========== OTL ========== Error: Unable to stop service LanmanWorkstation! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation deleted successfully. C:\Windows\System32\aptwwsj6y.dll moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: Administrator.***-PC User: All Users User: Default User: Default User User: *** ->Flash cache emptied: 1082 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: Administrator.***-PC ->Temp folder emptied: 244975 bytes ->Temporary Internet Files folder emptied: 61317 bytes ->Java cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 4254751197 bytes ->Temporary Internet Files folder emptied: 1620738437 bytes ->Java cache emptied: 1805044 bytes ->FireFox cache emptied: 83582509 bytes ->Google Chrome cache emptied: 335717643 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 99008448 bytes RecycleBin emptied: 829878796 bytes Total Files Cleaned = 6.891,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04032012_124650 Files\Folders moved on Reboot... Registry entries deleted on Reboot... den Ordner werde ich gleich hochladen. so hat alles geklappt. Habe den zip-Ordner hochgeladen :-) |
|
03.04.2012, 13:00
| #6 | |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus danke für den upload Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus |
|
03.04.2012, 14:03
| #7 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus so, das ist der Combo-Log :-): Combofix Logfile: Code:
ATTFilter ComboFix 12-04-02.01 - *** 03.04.2012 14:38:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2046.1159 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-03 bis 2012-04-03 ))))))))))))))))))))))))))))))
.
.
2012-04-03 12:47 . 2012-04-03 12:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 12:45 . 2012-04-03 12:45 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4006223E-C822-4D9F-B94B-D51ABA8A6C7A}\offreg.dll
2012-04-03 10:46 . 2012-04-03 11:02 -------- d-----w- C:\_OTL
2012-04-03 07:26 . 2012-04-03 07:26 -------- d-----w- c:\program files\iPod
2012-04-03 07:26 . 2012-04-03 07:28 -------- d-----w- c:\program files\iTunes
2012-04-03 06:58 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4006223E-C822-4D9F-B94B-D51ABA8A6C7A}\mpengine.dll
2012-04-02 07:34 . 2012-04-02 07:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-02 07:34 . 2012-04-02 07:33 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-29 08:38 . 2012-03-29 09:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-25 07:45 . 2012-03-25 07:45 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-03-24 22:30 . 2012-03-24 22:30 -------- d-----w- c:\programdata\Malwarebytes
2012-03-24 22:30 . 2012-03-24 22:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-24 22:30 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 18:43 . 2012-03-24 18:44 -------- d-----w- c:\users\Administrator.***-PC
2012-03-24 08:18 . 2012-03-24 08:18 463872 ----a-w- c:\windows\system32\ntqvg88k.sys
2012-03-14 18:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 18:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:05 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:05 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 09:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 09:39 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:39 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:12 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:12 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:12 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 07:33 . 2011-01-03 15:31 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-29 09:09 . 2011-05-17 12:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-23 13:58 . 2010-04-30 16:35 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-23 13:58 . 2010-05-19 12:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-23 08:18 . 2010-03-16 20:35 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 14:38 . 2010-04-08 19:34 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-15 12:32 . 2011-10-15 17:02 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-20 04:08 . 2011-07-10 16:54 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-04-28 05:40 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-17 00:21 136176 ----atw- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-08-01 08:28 124480 ----a-w- c:\program files\ICQ7.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-11 12:00 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-01-08 233472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 msftesql$CSSQL05;SQL Server FullText Search (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - ntqvg88k
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:09]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 12:00]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 12:00]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 00:21]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3337355901-651043016-4110394291-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 00:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gr1jtqne.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$CSSQL05]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:CSSQL05"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-03 14:51:10
ComboFix-quarantined-files.txt 2012-04-03 12:51
.
Vor Suchlauf: 19 Verzeichnis(se), 30.442.176.512 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 29.961.404.416 Bytes frei
.
- - End Of File - - 2FCB8C459EB03C086CD8FC3788687472
|
|
03.04.2012, 14:49
| #8 |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus hi da hätt ich fast was übersehen sorry für die nun folgende extra arbeit. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. [CODE] :OTL DRV - (ntqvg88k) -- C:\Windows\System32\ntqvg88k.sys (New Technology Quality, Ltd.) :Files C:\Windows\System32\ntqvg88k.sys :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 17:19
| #9 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus super, das erste mal, dass Anti-Vir den Trojaner nicht meldet :-) hier nochmal die OTL-Log: All processes killed Error: Unable to interpret <[CODE]> in the current context! ========== OTL ========== Error: No service named ntqvg88k was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntqvg88k deleted successfully. C:\Windows\System32\ntqvg88k.sys moved successfully. ========== FILES ========== File\Folder C:\Windows\System32\ntqvg88k.sys not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: Administrator.***-PC User: All Users User: Default User: Default User User: *** ->Flash cache emptied: 607 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: Administrator.DirkNikolaus-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 14396 bytes ->Temporary Internet Files folder emptied: 33300 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 51755762 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 195381 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 50,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04032012_181040 Files\Folders moved on Reboot... Registry entries deleted on Reboot... so der upload hat geklappt. Vielen Dank nochmal für alles! :-) |
|
03.04.2012, 17:32
| #10 |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus danke. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 21:48
| #11 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus So Malwarebytes ist durchgelaufen. Wurde aber nichts gefunden. Anscheinend hat dann alles geklappt :-) ?? Zumindest wird kein Trojaner mehr von Antivir angezeigt. Hier ist der Log: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.03.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Deaktiviert 03.04.2012 19:04:50 mbam-log-2012-04-03 (19-04-50).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 431632 Laufzeit: 3 Stunde(n), 39 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.04.2012, 09:03
| #12 |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus teste mal ob alle browser funktionieren, auch der internet explorer. danach: lade den CCleaner standard: CCleaner Download - CCleaner 3.17.1689 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.04.2012, 10:06
| #13 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus So das ist die Liste: Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 28.03.2012 6,00MB 11.2.202.228 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 28.03.2012 6,00MB 11.2.202.228 notwendig Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 04.02.2012 120,8MB 10.1.2 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 28.12.2011 11.6.3.633 notwendig Apple Application Support Apple Inc. 11.03.2012 61,0MB 2.1.7 notwendig Apple Mobile Device Support Apple Inc. 12.03.2012 24,2MB 5.1.1.4 notwendig Apple Software Update Apple Inc. 11.07.2011 2,38MB 2.1.3.127 notwendig Assistant 5.05.010 Medion 17.08.2011 5.5.10.0 unbekannt Avira Free Antivirus Avira 14.02.2012 104,6MB 12.0.0.898 notwendig AVS Cover Editor 2.0.1.3 Online Media Technologies Ltd. 17.02.2012 26,7MB unnötig AVS Disc Creator version 5.0.1 Online Media Technologies Ltd. 17.02.2012 128,1MB unnötig AVS Update Manager 1.0 Online Media Technologies Ltd. 17.02.2012 unnötig AVS Video Converter 7 Online Media Technologies Ltd. 17.02.2012 unnötig AVS4YOU Software Navigator 1.4 Online Media Technologies Ltd. 17.02.2012 0,67MB unnötig Bonjour Apple Inc. 17.10.2011 0,73MB 3.0.0.10 unbekannt CCleaner Piriform 03.04.2012 3.17 notwendig Cisco Systems VPN Client 5.0.06.0110 Cisco Systems, Inc. 20.03.2010 12,3MB 5.0.6 notwendig Compatibility Pack für 2007 Office System Microsoft Corporation 05.03.2012 199,0MB 12.0.6612.1000 notwendig Corel Paint Shop Pro Photo X2 Corel Corporation 05.06.2010 348MB 12.00.0000 notwendig Dell Driver Download Manager Dell Inc. 14.04.2010 2.1.0.0 notwendig Dell Touchpad Synaptics 29.08.2010 10.1.2.0 notwendig DivX-Setup DivX, Inc. 12.04.2010 1.0.1.4 unnötig Foxit Reader Foxit Software Company 05.09.2010 10,6MB 4.1.1.805 notwendig Google Chrome Google Inc. 29.08.2010 18.0.1025.142 notwendig Google Toolbar for Internet Explorer Google Inc. 20.03.2012 7.3.2710.138 unnötig HP Customer Participation Program 13.0 HP 29.05.2010 13.0 unbekannt HP Imaging Device Functions 13.0 HP 29.05.2010 13.0 unbekannt HP Photosmart All-In-One Driver Software 13.0 Rel. A HP 29.05.2010 13.0 notwendig HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6 HP 05.11.2011 14.0 notwendig HP Photosmart Essential 3.5 HP 29.05.2010 3.5 notwendig HP Smart Web Printing 4.60 HP 05.06.2010 4.60 notwendig HP Solution Center 13.0 HP 29.05.2010 13.0 notwendig HP Update Hewlett-Packard 21.12.2011 3,98MB 5.003.001.001 notwendig ICQ7.5 ICQ 24.11.2011 7.5 unnötig IrfanView (remove only) 27.04.2010 unnötig iTunes Apple Inc. 03.04.2012 156,1MB 10.6.1.7 notwendig Java(TM) 7 Update 3 Oracle 02.04.2012 99,2MB 7.0.30 notwendig K-Lite Codec Pack 5.8.3 (Full) 12.04.2010 47,7MB 5.8.3 unnötig Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 02.04.2012 17,3MB 1.60.1.1000 notwendig MDL Chime/Chime Pro for Internet Explorer MDL Information Systems, Inc. 09.07.2011 2.6 SP8 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 2,94MB 4.0.30319 unbekannt Microsoft Office 2000 SR-1 Premium Microsoft Corporation 04.07.2010 205MB 9.00.3821 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 06.03.2012 12.0.6612.1000 notwenidg Microsoft Office File Validation Add-In Microsoft Corporation 15.09.2011 7,95MB 14.0.5130.5003 notwendig Microsoft PhotoDraw 2000 V2 Microsoft Corporation 04.07.2010 111,5MB 2.00.00.1429 notwendig Microsoft Silverlight Microsoft Corporation 16.02.2012 168,5MB 4.1.10111.0 notwendig Microsoft SQL Server 2005 Microsoft Corporation 04.04.2011 unbekannt Microsoft SQL Server Native Client Microsoft Corporation 05.04.2011 2,61MB 9.00.5000.00 unbekannt Microsoft SQL Server Setup Support Files (English) Microsoft Corporation 05.04.2011 24,5MB 9.00.5000.00 unbekannt Microsoft SQL Server VSS Writer Microsoft Corporation 05.04.2011 0,66MB 9.00.5000.00 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.02.2012 0,29MB 8.0.61001 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 18.03.2010 0,20MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.03.2010 0,58MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 16.10.2011 12,3MB 10.0.40219 unbekannt Mouse Suite 11.04.2010 notwendig Mozilla Firefox (3.6.23) Mozilla 17.02.2012 3.6.23 (de) unnötig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.03.2010 35,00KB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.03.2010 1,33MB 4.20.9876.0 unbekannt NVIDIA Display Control Panel NVIDIA Corporation 20.04.2010 129,0MB 6.14.11.9713 notwendig NVIDIA Drivers NVIDIA Corporation 20.04.2010 63,0MB 1.10.57.35 notwendig OCR Software by I.R.I.S. 13.0 HP 29.05.2010 13.0 unbekannt Python 2.5 Martin v. Löwis 20.03.2010 32,3MB 2.5.150 unbekannt QuickTime Apple Inc. 31.10.2011 73,3MB 7.71.80.42 notwendig SAMSUNG Mobile Composite Device Software 26.04.2010 notwendig SAMSUNG Mobile Modem Driver Set 26.04.2010 notwendig Samsung Mobile phone USB driver Drive Software 26.04.2010 notwendig SAMSUNG Mobile USB Modem 1.0 Software 26.04.2010 notwendig SAMSUNG Mobile USB Modem Software 26.04.2010 notwendig Samsung New PC Studio Samsung Electronics Co., Ltd. 26.04.2010 166,0MB 1.00.0000 notwendig Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Microsoft 19.03.2010 57,00KB 1.0.0 unbekannt Shop for HP Supplies HP 29.05.2010 13.0 unbekannt VLC media player 1.0.5 VideoLAN Team 16.03.2010 1.0.5 notwendig Windows Media Player Firefox Plugin Microsoft Corp 10.08.2011 0,29MB 1.0.0.8 notwendig Windows Mobile-Gerätecenter Microsoft Corporation 18.08.2011 27,5MB 6.1.6965.0 notwendig WinRAR 19.03.2010 notwendig oh verdammt, eigentlich hatte ich es in der Textdatei so geschrieben, dass alles in einer Linie am Rand steht. Ich weiß aber nicht, wie ich das hier so posten kann. Ich hoffe es ist auch so noch einigermaßen leserlich, sorry. Vielen Dank nochmal :-) |
|
04.04.2012, 11:05
| #14 |
| /// Malware-holic | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus passt so. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AVS : alle DivX Google Toolbar ICQ7.5 IrfanView K-Lite MDL Mozilla Shop öffne otl bereinigen neusart. öffne CCleaner analysieren, ccleaner starten, pc neustarten, testen wie das system läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.04.2012, 09:13
| #15 |
| | Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus so hat etwas länger gedauert, da ich längere Zeit keinen Internetzugang hatte. Hat jetzt aber alles geklappt. Scheint alles wieder in Ordnung zu sein und klappt auch ganz gut :-). Vielen Dank nochmal für die Hilfe und die Zeit! :-) |
|
| Themen zu Trojaner TR\Crypt.ZPACK.Gen2 nach Entfernung von BKA-Virus |
| administrator, anti-malware, aufsetzen, detected, diverse, entfernung, explorer, forum, java, meldet, neu aufsetzen, neustart, nichts, problem, programme, registry, service, startup, system, tr/crypt.zpack.gen2, trojaner, version, windows, windows 7 |
Linear-Darstellung
