|
Plagegeister aller Art und deren Bekämpfung: GVU Virus eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.06.2012, 14:32 | #1 |
| GVU Virus eingefangen Hallo liebes Trojaner-Board Team, Ich habe mir beim surfen einen GVU Trojaner eingefangen. Nach meiner Suche im Netzt wäre die beste Lösung gewesen den Computer neu aufzusetzen, hätte ich ja gemacht, sitze aber gerade an meiner Diplomarbeit und möchte meine Möhre(Rechner) noch bis zur Abgabe rüber retten. Habe also den Kapersky WindowsUnlocker ausgeführt und war glücklich dass ich wieder Zugriff auf meinen Computer hatte. Danach unüberlegter Weise Malwarebytes laufen gelassen und Funde gelöscht. Erst später bin ich auf eure Seite aufmerksam geworden und nun weiß ich, ich hätte nichts löschen sollen. Habe dann Malwarebytes nochmal und ESET laufenlassen. Wieder mit Befunden. Ach ja, habe auch Unhide.exe ausgeführt ESET log Code:
ATTFilter C:\Documents and Settings\xxxxx\Local Settings\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung H:\Programme\SGPSA\BHO.dll Variante von Win32/BHO.OCS Trojaner J:\download\codec8.1.exe Variante von Win32/Packed.GHFProtector.A Anwendung J:\download\free-wma-mp3-converter.exe möglicherweise Variante von Win32/PSW.Agent.BUPXGWL Trojaner Code:
ATTFilter C:\Documents and Settings\xxxxx\Local Settings\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung H:\Programme\SGPSA\BHO.dll Variante von Win32/BHO.OCS Trojaner J:\download\codec8.1.exe Variante von Win32/Packed.GHFProtector.A Anwendung J:\download\free-wma-mp3-converter.exe möglicherweise Variante von Win32/PSW.Agent.BUPXGWL Trojaner Code:
ATTFilter Unhide by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: hxxp://www.bleepingcomputer.com/forums/topic405109.html Program started at: 06/18/2012 12:39:26 AM Windows Version: Windows XP Please be patient while your files are made visible again. Processing the A:\ drive Finished processing the A:\ drive. 0 files processed. Processing the C:\ drive Finished processing the C:\ drive. 88146 files processed. Processing the E:\ drive Finished processing the E:\ drive. 32745 files processed. Processing the F:\ drive Finished processing the F:\ drive. 25685 files processed. Processing the G:\ drive Finished processing the G:\ drive. 10402 files processed. Processing the H:\ drive Finished processing the H:\ drive. 92449 files processed. Processing the I:\ drive Finished processing the I:\ drive. 33137 files processed. Processing the J:\ drive Finished processing the J:\ drive. 18220 files processed. Processing the K:\ drive Finished processing the K:\ drive. 13695 files processed. Restoring the Start Menu. * 211 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer * NoDesktop policy was found and deleted! - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System * DisableTaskMgr policy was found and deleted! - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop * HidNoChangingWallPaperden policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * HideIcons was set to 1! It was set back to 0! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 06/18/2012 12:56:23 AM Execution time: 0 hours(s), 16 minute(s), and 57 seconds(s) In der Hoffnung auf Hilfe profan07 Hatte in der Anleitung leider Punkt 2 bis 4 übersehen Hier die fehlenden logs ---------- OTL logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2012 09:20:30 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\xxxxx\Desktop\TroBord Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,94% Memory free 3,85 Gb Paging File | 3,19 Gb Available in Paging File | 82,78% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19,53 Gb Total Space | 3,37 Gb Free Space | 17,23% Space Free | Partition Type: NTFS Drive E: | 39,06 Gb Total Space | 23,43 Gb Free Space | 59,99% Space Free | Partition Type: NTFS Drive F: | 39,06 Gb Total Space | 0,26 Gb Free Space | 0,67% Space Free | Partition Type: NTFS Drive G: | 51,39 Gb Total Space | 19,36 Gb Free Space | 37,67% Space Free | Partition Type: NTFS Drive H: | 19,99 Gb Total Space | 2,62 Gb Free Space | 13,13% Space Free | Partition Type: NTFS Drive I: | 85,93 Gb Total Space | 75,30 Gb Free Space | 87,62% Space Free | Partition Type: NTFS Drive J: | 78,13 Gb Total Space | 37,79 Gb Free Space | 48,37% Space Free | Partition Type: NTFS Drive K: | 48,83 Gb Total Space | 0,28 Gb Free Space | 0,57% Space Free | Partition Type: NTFS Computer Name: KURVE | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 23:54:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xxxxx\Desktop\TroBord\OTL.exe PRC - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\xxxxx\Application Data\Dropbox\bin\Dropbox.exe PRC - [2012.05.03 23:43:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.15 15:28:02 | 000,021,416 | ---- | M] () -- E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012.03.11 23:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2012.02.07 12:26:19 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.01.18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2011.10.03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files\Java\bin\jqs.exe PRC - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2007.05.11 02:59:23 | 000,349,808 | ---- | M] (Adobe Systems Incorporated) -- E:\Programme\Acrobat\Acrobat.exe PRC - [2007.04.16 15:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004.08.04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.15 15:28:10 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\xxxxx\Local Settings\Temp\6573b3c6-4299-4ce1-bc75-7f3a9cd9d739\CliSecureRT.dll MOD - [2012.03.15 15:28:02 | 000,021,416 | ---- | M] () -- E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.02.14 17:59:40 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL MOD - [2011.02.14 17:59:37 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL MOD - [2011.01.30 17:45:16 | 000,301,056 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- E:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe MOD - [2009.08.28 17:08:26 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.10.15 01:03:07 | 003,559,424 | ---- | M] () -- e:\Programme\Acrobat\ExLang32.DEU MOD - [2008.01.11 21:49:23 | 000,098,304 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\EScript.DEU MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- E:\Programme\RarExt.dll MOD - [2007.05.11 02:55:44 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Weblink.DEU MOD - [2007.05.11 02:55:43 | 000,012,288 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\XPS2PDF.DEU MOD - [2007.05.11 02:55:16 | 000,176,128 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\TouchUp.DEU MOD - [2007.05.11 02:55:15 | 000,143,360 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\WebPDF.DEU MOD - [2007.05.11 02:54:28 | 000,036,864 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Spelling.DEU MOD - [2007.05.11 02:54:26 | 000,015,360 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\TablePicker.DEU MOD - [2007.05.11 02:54:20 | 000,026,112 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SendMail.DEU MOD - [2007.05.11 02:54:02 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Search.DEU MOD - [2007.05.11 02:53:59 | 000,098,304 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Scan.DEU MOD - [2007.05.11 02:53:51 | 000,974,848 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\PPKLite.DEU MOD - [2007.05.11 02:53:39 | 000,019,456 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SaveAsXML.DEU MOD - [2007.05.11 02:53:32 | 000,028,672 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\SaveAsRTF.DEU MOD - [2007.05.11 02:53:22 | 000,013,312 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ReadOutLoud.DEU MOD - [2007.05.11 02:53:12 | 000,045,056 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\PaperCapture.DEU MOD - [2007.05.11 02:52:57 | 000,159,744 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Multimedia.DEU MOD - [2007.05.11 02:52:54 | 000,086,016 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\MakeAccessible.DEU MOD - [2007.05.11 02:52:53 | 000,245,760 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\JDFProdDef.DEU MOD - [2007.05.11 02:52:26 | 000,102,400 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ImageConversion.DEU MOD - [2007.05.11 02:52:21 | 000,061,440 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\HTML2PDF.DEU MOD - [2007.05.11 02:52:05 | 000,229,376 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Editor.DEU MOD - [2007.05.11 02:52:01 | 000,006,656 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\EWH32.DEU MOD - [2007.05.11 02:51:41 | 000,221,184 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\DigSig.DEU MOD - [2007.05.11 02:51:40 | 000,015,872 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\DistillerPI.DEU MOD - [2007.05.11 02:51:37 | 001,224,704 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Annots.DEU MOD - [2007.05.11 02:51:23 | 000,192,512 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Checkers.DEU MOD - [2007.05.11 02:50:50 | 000,053,248 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Catalog.DEU MOD - [2007.05.11 02:50:29 | 000,811,008 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\AcroForm.DEU MOD - [2007.05.11 02:50:19 | 000,009,728 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\ADBC.DEU MOD - [2007.05.11 02:50:04 | 000,077,824 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Accessibility.DEU MOD - [2007.05.11 01:31:33 | 000,921,600 | ---- | M] () -- E:\Programme\Acrobat\AdistRes.DEU MOD - [2007.03.22 12:38:44 | 002,748,416 | R--- | M] () -- E:\Programme\Acrobat\libmysqld.dll MOD - [2006.10.23 01:34:44 | 000,005,120 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\updater.DEU MOD - [2006.10.23 01:33:38 | 000,012,288 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Search5.DEU MOD - [2006.10.23 01:33:02 | 000,008,192 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Reflow.deu MOD - [2006.10.23 01:32:30 | 000,011,264 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\pddom.DEU MOD - [2006.10.23 01:31:30 | 000,013,312 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\Hls.deu MOD - [2006.10.23 01:30:32 | 000,028,672 | ---- | M] () -- E:\Programme\Acrobat\plug_ins\eBook.DEU MOD - [2006.08.31 09:28:18 | 000,008,704 | R--- | M] () -- E:\Programme\Acrobat\plug_ins\InDesignPI.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - File not found [Auto | Stopped] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.05.03 23:43:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- E:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.11 23:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.01.18 06:21:52 | 000,737,184 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2011.11.17 18:39:02 | 003,993,576 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc) SRV - [2011.10.03 05:06:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- E:\Program Files\Java\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.09.08 23:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- E:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.03.11 23:13:46 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect) DRV - [2012.03.11 23:13:45 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.03.11 23:13:44 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2011.06.10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2011.05.06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2011.03.08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.03.01 11:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 15:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.08.19 02:05:56 | 000,100,368 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.08.13 18:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.09.24 10:40:22 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [1999.10.21 16:10:52 | 000,095,336 | ---- | M] (EPPSCAN WDM Driver) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EPPSCAN.sys -- (EPPSCSIx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1844237615-823518204-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\Mozilla Plugins\npitunes.dll File not found FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: E:\Programme\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: E:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: E:\Program Files\Java\lib\deploy\jqs\ff [2011.05.26 18:48:40 | 000,000,000 | ---D | M] O1 HOSTS File: ([2011.11.19 16:43:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\xxxxx\Application Data\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] "E:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] E:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [u9OL0J5DO04DjkD] C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe File not found O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [KiesPDLR] E:\Programme\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [Registry Reviver] E:\Programme\Registry Reviver\RegistryReviver.exe File not found O4 - HKU\S-1-5-21-1844237615-823518204-682003330-1003..\Run: [u9OL0J5DO04DjkD] C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe File not found O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\xxxxx\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1844237615-823518204-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - F:\Programme\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save Flash - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O8 - Extra context menu item: Save YouTube Video - E:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Programme\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima) O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - E:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll (Eltima) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1656CD7F-B110-4856-A785-9A8DA61E0CC8}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1844237615-823518204-682003330-1003 Winlogon: UserInit - (C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe) - File not found O20 - HKU\S-1-5-21-1844237615-823518204-682003330-1003 Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.02.14 17:19:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.01.25 22:40:39 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.20 09:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Desktop\TroBord [2012.06.18 23:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.18 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato [2012.06.18 00:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Stream SDK v2 [2012.06.18 00:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Desktop\New Folder [2012.06.16 22:40:07 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.06.16 20:05:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012.06.13 23:49:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GretagMacbeth [2012.06.13 23:48:59 | 000,026,045 | ---- | C] (GretagMacbeth) -- C:\WINDOWS\System32\drivers\i1.sys [2012.06.08 00:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSTAT für Excel [2012.06.08 00:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\Downloaded Installations [2012.06.07 23:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\Deployment [2012.06.06 22:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Application Data\Design Science [2012.06.06 00:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012.05.29 22:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.05.29 22:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012.05.29 00:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xxxxx\Start Menu\Programs\Adobe [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.20 09:19:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\xxxxx\defogger_reenable [2012.06.20 09:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.20 09:11:47 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-823518204-682003330-1003.job [2012.06.20 09:11:38 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-823518204-682003330-1003.job [2012.06.20 09:09:06 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.16 15:26:19 | 000,000,427 | ---- | M] () -- C:\WINDOWS\i1Share.ini [2012.06.13 00:51:47 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.08 11:23:04 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2012.06.07 23:32:24 | 000,472,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.07 23:32:24 | 000,075,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.07 11:40:39 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.06 00:37:06 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\xxxxx\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.06 00:36:37 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\xxxxx\Desktop\Dropbox.lnk [2012.06.04 15:48:26 | 000,000,026 | ---- | M] () -- C:\Documents and Settings\xxxxx\Desktop\speicher_frei.vbs [2012.06.03 15:12:22 | 000,002,177 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012.05.26 12:32:55 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf [8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.20 09:19:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\xxxxx\defogger_reenable [2012.06.18 00:56:18 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk [2012.06.18 00:56:18 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk [2012.06.18 00:56:18 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk [2012.06.18 00:56:18 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012.06.18 00:56:18 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012.06.18 00:56:18 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012.06.18 00:56:18 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk [2012.06.18 00:56:18 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk [2012.06.18 00:56:18 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk [2012.06.18 00:56:18 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to explorer.exe.lnk [2012.06.18 00:56:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf [2012.06.18 00:56:17 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk [2012.06.18 00:56:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk [2012.06.18 00:56:16 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk [2012.06.18 00:56:16 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk [2012.06.18 00:56:16 | 000,001,560 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk [2012.06.18 00:56:16 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2012.06.18 00:56:16 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk [2012.06.18 00:56:15 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 8.lnk [2012.06.18 00:56:15 | 000,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk [2012.06.18 00:56:15 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk [2012.06.18 00:56:15 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk [2012.06.18 00:56:15 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk [2012.06.16 01:42:27 | 000,189,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1844237615-823518204-682003330-1003-0.dat [2012.06.13 23:48:17 | 000,000,427 | ---- | C] () -- C:\WINDOWS\i1Share.ini [2012.06.08 04:41:40 | 000,189,566 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2012.06.04 15:42:38 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\xxxxx\Desktop\speicher_frei.vbs [2012.05.26 12:32:55 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\xxxxx\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf [2012.05.11 16:54:38 | 000,000,499 | ---- | C] () -- C:\WINDOWS\Shortcut (2) to explorer.exe.lnk [2012.04.26 09:21:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.10 21:32:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2011.12.10 21:32:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2011.12.10 21:32:31 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.09.27 21:34:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011.06.22 09:58:16 | 000,064,110 | ---- | C] () -- C:\WINDOWS\System32\UpdateList.dat [2011.05.13 23:08:15 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.05.11 13:54:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Snape50.bin [2011.05.11 13:54:59 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Snape40.bin [2011.04.27 20:28:43 | 000,000,383 | ---- | C] () -- C:\WINDOWS\psnetwork.ini [2011.04.05 22:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011.03.10 18:15:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.03.02 20:00:20 | 001,386,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011.02.16 14:46:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2011.02.16 14:46:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.02.16 14:39:54 | 000,000,499 | ---- | C] () -- C:\WINDOWS\Shortcut to explorer.exe.lnk [2011.02.16 01:26:24 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2011.02.15 18:59:41 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\xxxxx\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.15 01:55:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.02.14 18:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.02.14 17:58:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.02.14 17:57:22 | 000,181,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.02.14 17:54:05 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2011.02.14 17:53:57 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.02.14 17:53:57 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.02.14 17:53:57 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.02.14 17:22:16 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat [2011.02.14 17:16:43 | 000,022,704 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== LOP Check ========== [2011.02.22 15:23:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera [2012.05.07 09:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoUpdate [2011.05.13 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2011.02.24 14:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2011.02.24 14:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter [2012.04.02 08:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM [2012.05.16 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco [2011.05.26 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\elsterformular [2012.04.26 14:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2011.04.04 16:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung [2012.06.08 04:14:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2011.02.16 14:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.09.21 23:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Audacity [2012.05.07 10:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\BL-Soft [2011.05.13 23:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Canneverbe Limited [2012.02.26 20:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Complitly [2012.06.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Design Science [2012.06.20 09:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Dropbox [2012.04.12 12:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoft [2012.04.12 12:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\DVDVideoSoftIEHelpers [2012.03.19 11:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\elsterformular [2011.02.14 23:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\GetRightToGo [2011.09.21 22:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Iggels [2012.03.07 18:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\MyPhoneExplorer [2012.04.12 12:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenCandy [2012.03.14 01:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\OpenOffice.org [2011.06.16 12:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Opera [2011.04.27 20:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\PPMate [2011.11.19 16:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\ppStream [2011.02.23 13:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Reviversoft [2011.04.04 16:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Samsung [2011.09.13 11:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Systweak [2012.03.02 17:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Temp [2011.12.10 21:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xxxxx\Application Data\Video DVD Maker FREE ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DED17083 < End of report > und die beiden Anderen gezippt: |
21.06.2012, 20:38 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Virus eingefangen Die Logs von Malwarebytes bitte alle vollständig posten!
__________________Ich glaube dir ist beim Kopieren ein Fehler unterlaufen, denn du hast 2x das von ESET gepostet
__________________ |
21.06.2012, 22:27 | #3 | |
| GVU Virus eingefangen Erstmal vielen Dank für die Antwort und
__________________oh ja mist, da hab ich mich vertan. Hier also noch der Malware log: Zitat:
|
22.06.2012, 09:58 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Virus eingefangen Der Scan ist ja schon fast ne Woche her! Bitte routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
22.06.2012, 23:21 | #5 |
| GVU Virus eingefangen Danke für das Annehmen meines Problems. hier ein "aktueller" log: [quote) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: v2012.06.22.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 xxxxx :: KURVE [administrator] Protection: Enabled 22.06.2012 15:51:49 mbam-log-2012-06-22 (15-51-49).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 474694 Time elapsed: 1 hour(s), 45 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{0jm95fMk-FJxC-Z1Xk-ikm2-Er7OOTChHiCY} (Trojan.Agent.WNL) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Agent.WNL) -> Data: C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe,C:\WINDOWS\System32\userinit.exe, -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u9OL0J5DO04DjkD (Trojan.Agent.WNL) -> Data: C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|u9OL0J5DO04DjkD (Trojan.Agent.WNL) -> Data: C:\Documents and Settings\xxxxx\Application Data\hjnwr46js6ju.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully. Files Detected: 5 H:\Dokumente und Einstellungen\kurve\Lokale Einstellungen\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully. I:\download\Acrobat_8_keygen___Activation.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully. (end) [/quote) und dann noch den vor dem erst geposteten, da hatte ich aber Glaube nur C: gescannt [Quote) Malwarebytes Anti-Malware (Trial) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: v2012.06.08.06 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 xxxxx :: KURVE [administrator] Protection: Enabled 08.06.2012 23:18:22 mbam-log-2012-06-08 (23-18-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243449 Time elapsed: 12 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> No action taken. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|44310 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmn.bat -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\11.0.19.0\firefox\extensions -> Quarantined and deleted successfully. Registry Data Items Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 9 C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0 (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully. Files Detected: 5 C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0\copyright.txt (Adware.ClickPotato) -> Quarantined and deleted successfully. C:\Program Files\ClickPotatoLite\bin\11.0.19.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully. (end) Gruß Profan |
24.06.2012, 15:59 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | GVU Virus eingefangenCode:
ATTFilter I:\download\Acrobat_8_keygen___Activation.exe (RiskWare.Tool.CK) Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ --> GVU Virus eingefangen |
Themen zu GVU Virus eingefangen |
about, alternate, audacity, branding, canon, cdburnerxp, computer, desktop, device driver, disabletaskmgr, download, enigma, explorer.exe, gen, gvu virus, gvu virus eingefangen, launch, locker, löschen, lösung, malwarebytes, microsoft, microsoft office word, neu, plug-in, programme, rechner, registry, saving, seite, software, suche, surfen, temp, this, trojaner-board, version=1.0, virus, win32/psw.agent.bupxgwl, win32/toolbar.babylon, windowsunlocker, zugriff |