Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe

TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe


Log-Analyse und Auswertung: TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.07.2012, 17:29   #1
Fbnt
 
TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe - Standard

TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe


Hallo,


Vor 3 Tagen kam aufeinmal dieses Fake AV Fenster (dass Trojaner gefunden wurden etc.). Da dieser Trick ja schon relativ alt ist, hab ich diesen Prozess direkt per Taskmanager geschlossen und dann kam auch direkt mein Avira Guard in Aktion und hat diesen in Quarantäne verschoben. Ich habe einen Scan mit Avira und Malwarebytes gemacht, nichts wurde gefunden.
Ich habe der Anleitung gefolgt und defogger aktiviert.

Hier die OTL.txt:

Zitat:
OTL logfile created on: 02.07.2012 13:56:00 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\fabian\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,07% Memory free
6,00 Gb Paging File | 4,40 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 115,69 Gb Total Space | 13,22 Gb Free Space | 11,43% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 16,78 Gb Free Space | 14,32% Space Free | Partition Type: NTFS

Computer Name: FABIAN-PC | User Name: fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.02 13:55:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\fabian\Downloads\OTL.exe
PRC - [2012.07.02 13:53:50 | 000,050,477 | ---- | M] () -- C:\Users\fabian\Downloads\Defogger.exe
PRC - [2012.06.23 10:45:55 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.17 11:22:58 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.05.29 12:05:35 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7M\ICQ.exe
PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012.05.12 08:44:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.12 08:44:38 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012.05.12 08:44:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.12 08:44:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.12 08:44:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.05 11:11:16 | 000,231,424 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe


========== Modules (No Company Name) ==========

MOD - [2012.07.02 13:53:50 | 000,050,477 | ---- | M] () -- C:\Users\fabian\Downloads\Defogger.exe
MOD - [2012.06.23 10:45:54 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.17 11:22:58 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.05.13 11:57:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.13 11:54:13 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.13 11:18:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 11:17:29 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.13 11:17:27 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.13 11:17:24 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.13 11:17:06 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\305c4315c192a2964a312051caa5259e\ReachFramework.ni.dll
MOD - [2012.05.13 11:16:52 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012.05.13 11:16:00 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.13 11:15:40 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.13 11:14:03 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012.05.13 11:13:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 11:12:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 11:12:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 11:11:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 11:10:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.12 16:04:31 | 000,096,347 | ---- | M] () -- C:\Users\fabian\AppData\Local\Temp\cf10548b-4826-43a0-a537-b00caca95ab2\CliSecureRT.dll
MOD - [2012.04.05 11:11:16 | 007,436,800 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
MOD - [2012.04.05 11:11:16 | 000,540,672 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
MOD - [2012.04.05 11:11:16 | 000,346,624 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
MOD - [2012.04.05 11:11:16 | 000,231,424 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
MOD - [2012.04.05 11:11:16 | 000,229,888 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
MOD - [2012.04.05 11:11:16 | 000,169,984 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
MOD - [2012.04.05 11:11:16 | 000,169,984 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
MOD - [2012.04.05 11:11:16 | 000,168,960 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
MOD - [2012.04.05 11:11:16 | 000,147,968 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
MOD - [2012.04.05 11:11:16 | 000,138,240 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
MOD - [2012.04.05 11:11:16 | 000,135,680 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\Logger.dll
MOD - [2011.09.30 19:23:28 | 000,040,960 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010.04.18 12:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.12.04 04:44:22 | 000,131,072 | ---- | M] () -- C:\Program Files\FANUC\Shared\Robot Server\FRRobotNeighborhoodps.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.06.21 11:29:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.17 11:22:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.12 08:44:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.12 08:44:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.25 19:46:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.24 14:50:20 | 000,265,120 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.01.14 16:55:57 | 002,250,616 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.12 08:44:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.12 08:44:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.24 14:50:10 | 000,836,496 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.16 21:00:30 | 000,088,960 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SteelBus.sys -- (busenum)
DRV - [2011.09.16 21:00:28 | 000,031,616 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SAlpham.sys -- (SAlphamHid)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.04.29 01:55:41 | 000,015,440 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.04.18 12:10:56 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.03.08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.09 15:14:04 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2010.03.04 18:26:56 | 000,296,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008.10.13 05:19:22 | 000,007,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Machnm32.sys -- (Machnm32)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 21 A2 ED BF 7E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.17 18:18:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011.01.11 18:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2011.01.11 18:43:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 11:22:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.17 18:18:48 | 000,000,000 | ---D | M]

[2012.07.02 07:14:11 | 000,001,056 | ---- | M] () -- \Users\fabian\AppData\Roaming\Mozilla\Firefox\Profiles\htfi5o1q.default\searchplugins\icqplugin.xml
[2012.06.02 19:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.17 11:00:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\{1018E4D6-728F-4B20-AD56-37578A4DE76B}
[2012.02.25 03:24:23 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012.05.18 21:32:08 | 000,000,000 | ---D | M] (WOT) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
[2012.06.29 15:07:11 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.16 07:57:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\FIREFOX@GHOSTERY.COM
[2012.05.23 07:14:28 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HTFI5O1Q.DEFAULT\EXTENSIONS\FOXYPROXY@ERIC.H.JUNG
[2012.06.17 11:22:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 14:46:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.11.01 12:29:34 | 000,438,334 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 15079 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19E20E43-3CD4-4E48-B380-E5F6BB27D477}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4983a734-716f-11e0-bb24-044b80808003}\Shell - "" = AutoRun
O33 - MountPoints2\{4983a734-716f-11e0-bb24-044b80808003}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.18 07:16:54 | 000,000,000 | ---D | C] -- C:\Users\fabian\My Workcells
[2012.06.18 01:06:35 | 000,041,600 | ---- | C] (Opteon) -- C:\Windows\System32\drivers\Paragon.sys
[2012.06.18 01:06:34 | 000,651,264 | ---- | C] (Opteon) -- C:\Windows\System32\depict.dll
[2012.06.18 01:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WinMain
[2012.06.18 01:04:10 | 000,057,344 | ---- | C] (FANUC Robotics North America, Inc.) -- C:\Windows\System32\pac.dll
[2012.06.17 23:45:02 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\ROBOEX32.DLL
[2012.06.17 23:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FANUC Robotics
[2012.06.17 23:40:24 | 000,142,848 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KEYLIB32.dll
[2012.06.17 23:40:24 | 000,060,416 | ---- | C] (Concept Software, Inc.) -- C:\Windows\System32\KeyLbI32.dll
[2012.06.17 23:39:42 | 000,057,344 | ---- | C] (FANUC Robotics North America, Inc.) -- C:\Windows\System32\frping.dll
[2012.06.17 23:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\FANUC
[2012.06.05 14:04:35 | 000,327,368 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avisfltr.sys
[2012.06.05 14:04:35 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.02 19:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.06.02 19:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.02 13:54:28 | 000,000,000 | ---- | M] () -- C:\Users\fabian\defogger_reenable
[2012.07.02 13:41:48 | 000,016,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 13:41:48 | 000,016,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 13:34:34 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.02 13:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 13:33:01 | 2414,780,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.01 23:54:59 | 000,611,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.01 23:54:59 | 000,104,246 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.18 07:15:38 | 003,800,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.18 01:07:41 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\ROBOGUIDE.lnk
[2012.06.18 01:06:24 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\HandlingPRO.lnk
[2012.06.18 01:06:19 | 000,003,120 | ---- | M] () -- C:\Windows\System32\INVDPB8V.ocx
[2012.06.18 01:06:15 | 000,003,120 | ---- | M] () -- C:\Windows\System32\ES2TPCPS.ocx
[2012.06.08 14:27:27 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012.06.05 14:04:42 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012.06.05 14:04:35 | 000,327,368 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avisfltr.sys
[2012.06.02 19:20:40 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.02 13:54:28 | 000,000,000 | ---- | C] () -- C:\Users\fabian\defogger_reenable
[2012.06.18 01:07:41 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\ROBOGUIDE.lnk
[2012.06.18 01:06:24 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\HandlingPRO.lnk
[2012.06.18 01:06:19 | 000,003,120 | ---- | C] () -- C:\Windows\System32\INVDPB8V.ocx
[2012.06.18 01:06:15 | 000,003,120 | ---- | C] () -- C:\Windows\System32\ES2TPCPS.ocx
[2012.06.18 01:04:12 | 000,010,760 | ---- | C] () -- C:\Windows\System32\Machnm64.sys
[2012.06.18 01:04:10 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2012.06.18 01:04:10 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2012.06.18 01:04:10 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2012.06.18 01:04:10 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG0.dll
[2012.06.18 01:04:10 | 000,065,613 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2012.06.18 01:04:10 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflSGI0.dll
[2012.06.18 01:04:10 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2012.06.18 01:04:10 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2012.06.18 01:04:10 | 000,016,384 | ---- | C] () -- C:\Windows\System32\iflXPM0.dll
[2012.06.18 01:04:10 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iflPPM0.dll
[2012.06.18 01:04:10 | 000,013,312 | ---- | C] () -- C:\Windows\System32\iflRaw0.dll
[2012.06.18 01:04:10 | 000,012,800 | ---- | C] () -- C:\Windows\System32\iflXBM0.dll
[2012.06.18 01:04:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\iflFIT0.dll
[2012.06.18 01:04:10 | 000,004,524 | ---- | C] () -- C:\Windows\System32\ifl_database0
[2012.06.17 23:40:24 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2012.06.17 23:40:24 | 000,007,432 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2012.04.08 21:56:10 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2012.04.08 21:56:10 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2012.04.01 18:32:26 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.02.16 16:04:07 | 008,007,680 | ---- | C] ( ) -- C:\Windows\System32\Microsoft.mshtml.dll
[2012.02.16 16:04:07 | 000,639,912 | ---- | C] () -- C:\Windows\System32\CommonModule.dll
[2012.02.16 16:04:07 | 000,507,816 | ---- | C] () -- C:\Windows\System32\FirmwareUpdateAgent.Common.dll
[2012.02.16 16:04:07 | 000,106,408 | ---- | C] () -- C:\Windows\System32\AgentInstaller.exe
[2012.02.16 16:04:07 | 000,101,288 | ---- | C] () -- C:\Windows\System32\AgentUpdate.exe
[2012.02.16 16:04:07 | 000,028,584 | ---- | C] () -- C:\Windows\System32\FirmwareUpdate.MVVM.dll
[2012.02.16 16:04:07 | 000,021,416 | ---- | C] () -- C:\Windows\System32\KiesPDLR.exe
[2012.02.16 16:04:07 | 000,018,944 | ---- | C] () -- C:\Windows\System32\FusCipherUtil.dll
[2012.02.16 16:04:07 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\Interop.CmdAgentLib.dll
[2012.02.16 16:04:07 | 000,007,168 | ---- | C] () -- C:\Windows\System32\IPCServer.dll
[2012.02.16 16:04:07 | 000,006,144 | ---- | C] () -- C:\Windows\System32\IPCClient.dll
[2012.02.16 16:04:07 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ISharedIPCInterface.dll
[2012.02.16 16:04:07 | 000,000,200 | ---- | C] () -- C:\Windows\System32\KiesPDLR.exe.config
[2012.02.16 16:04:07 | 000,000,200 | ---- | C] () -- C:\Windows\System32\AgentUpdate.exe.config
[2012.02.16 16:04:07 | 000,000,200 | ---- | C] () -- C:\Windows\System32\AgentInstaller.exe.config
[2012.01.04 01:25:50 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.12.28 01:28:31 | 003,166,124 | ---- | C] () -- C:\Users\fabian\as.wav
[2011.11.09 00:53:14 | 000,000,043 | ---- | C] () -- \END
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.03.08 14:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.02.23 17:22:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.10.30 13:57:02 | 000,095,232 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.10.25 18:56:03 | 000,016,568 | ---- | C] () -- \bootsqm.dat
[2010.10.10 01:36:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.26 21:04:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010.07.06 09:58:00 | 001,048,576 | ---- | C] () -- \1401.BIN
[2010.07.05 01:00:24 | 000,010,084 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.07.04 01:15:30 | 000,000,116 | ---- | C] () -- C:\Windows\System32\applet.ini
[2010.07.03 21:33:07 | 2414,780,416 | -HS- | C] () -- \hiberfil.sys
[2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== LOP Check ==========

[2010.10.25 19:33:12 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.07.02 13:34:34 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.05.04 07:31:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\附件

< End of report >
Extras.txt :

Zitat:
OTL Extras logfile created on: 02.07.2012 13:56:00 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\fabian\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,07% Memory free
6,00 Gb Paging File | 4,40 Gb Available in Paging File | 73,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 115,69 Gb Total Space | 13,22 Gb Free Space | 11,43% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 16,78 Gb Free Space | 14,32% Space Free | Partition Type: NTFS

Computer Name: FABIAN-PC | User Name: fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AD715F2-A69A-43F9-89AA-6B1A51E1FEDD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22FDA416-1E2B-4560-A6C8-947E3F5FFC40}" = lport=139 | protocol=6 | dir=in | app=system |
"{375380A1-65FB-4615-ACDC-069FBE4DD93B}" = lport=137 | protocol=17 | dir=in | app=system |
"{4068050F-80B2-4060-8E59-23EC45006D10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{441B112C-8B8A-48D6-B2C8-5DCA9D2EEABF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E701D01-0A8D-430C-B8A1-EDC3337C44DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{588D1352-B5B2-4C70-A364-197606184107}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5953383C-045E-46A5-ADA4-B7D83BC14B67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{68B8BF3B-2C17-4901-A523-3AE48771199F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CA4759B-208E-4500-8AAA-E4F82E7FDD8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{72E9A465-9B69-42E4-9C05-2771C953B5AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73140CE8-974A-4857-BB6D-8169D252713E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{808BC4D7-C1BF-4F0D-86C4-3F144642ED98}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A077606-0AFE-45FA-86E8-6369CA99285E}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F827625-FF08-41CB-BC86-EAA5D8AC3C97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BBC3641-E2AA-404B-BA9A-277EF060C956}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9F916979-C77E-4DEA-9C17-2CBF8ED12F3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCEFCEAD-1DB2-4C38-AEF8-1241D51A6204}" = rport=445 | protocol=6 | dir=out | app=system |
"{DE0B0CFA-09E7-47A1-B184-54A2D505233E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1C190AA-178B-4AD7-9D9E-DA629F7D553E}" = rport=139 | protocol=6 | dir=out | app=system |
"{E2CD1B9C-7549-4AD5-A578-1C474F51FBD5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E9E427B8-C2A8-464F-9543-E732C50C1E79}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03CB94E0-7D85-4CB5-9F93-2C133F60212A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{06D466C1-9F63-48DA-A1CF-63D3ADBA8E9E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{21A12A5D-84E6-4B92-9045-FA70ED63E830}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{24B94D50-4FC3-468E-AE6E-D8F2692C2582}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{26825888-25C2-4192-991F-C22CB31ED5D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28CF813F-F6E2-4724-820C-6D39FE708E82}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{292F353D-39DD-4345-91BE-209434AE43B9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38E92FED-B60B-455C-9FF9-24EFCCF462A1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe |
"{447593A1-3C30-48D8-8D41-BF5617FD8CDA}" = protocol=58 | dir=in | app=system |
"{4A8CB487-5A68-4B91-B8EB-310170C6AD5F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{53B3A0E4-1615-417D-B760-A7013DF67C81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F406902-4FDF-4203-9BA3-9B8576DFF84A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68E51E29-358C-4031-97AE-3AF1A8EA1D15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{789412E5-6333-415B-99E7-C3F2CC586B94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2783B5C-EC29-4F50-8962-EC4F4B10A2C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5A1BE73-F870-4088-82D5-D3484FC6A0CD}" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\qip.exe |
"{BE5856E8-39CF-433D-83B0-72CD665E893C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{BE5CF2EE-6156-4570-BD40-F64D797A58B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C77550DA-A5AF-426A-BE9A-BA325B1147E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0B449EC-DED6-48B3-9655-0FD99331365F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7BA193F-1BC1-44C2-B713-FAD0C18F9FF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D8E47D65-A15E-4CCF-8DD0-253D31448EEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe |
"{F8CD3045-0E75-4558-B560-42B08FC36CF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FAB05EC2-E4EB-418E-AF8A-8BAD73A466E0}" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\qip.exe |
"TCP Query User{789BD258-0426-4BE5-8539-C537788AB86E}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{8EBA75BC-57A6-4012-821A-AA4FEF642A3A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{913DA87E-6254-4422-A540-274F3E1A1DDC}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{B8708B7C-7F66-4BD9-8526-6281DB083375}C:\program files\jeak.de\qip infium\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip infium\qip.exe |
"TCP Query User{F6072C36-7C23-4B75-ACF5-E5E9F8BD33DC}C:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe |
"UDP Query User{4B9DAFE7-32DD-43FF-9D0A-4F5E9E5C97B0}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{73E55FB9-5D94-4DE1-AA15-DFFF246E9C87}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{74BBEDDD-51E5-4B90-B2DE-F255D5797FA1}C:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\derabsoluteoberhammer\counter-strike source\hl2.exe |
"UDP Query User{952B8AA8-2011-4D21-8527-336008EFF512}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DA4DF4A5-00A9-455C-8D42-D28E0E1E9C6A}C:\program files\jeak.de\qip infium\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip infium\qip.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02776970-E3B9-11E0-AC4E-005056C00008}" = MSVCRT Redists
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B5A25F-85A9-4149-895D-7307E22875BA}" = FANUC Robotics Robot Neighborhood
"{235B7B98-EAC3-4953-AE2C-EABCE1CD65C9}_is1" = GBoost
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{29DDB6F7-87D6-4DCE-A7D6-00CBD05C9A0D}" = FANUC Robotics Virtual Robot Controller V7.20
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40CF09F0-C329-46ED-BF94-D50838C67904}" = FANUC Robotics Virtual Robot Controller V6.40
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4297EC30-5413-11E1-981E-001676AB6D60}" = MSVCRT Redists
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{606C06A1-2FFF-4B48-8BB6-FF3E70373AB9}" = FANUC Robotics Virtual Robot Controller V6.30
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65507157-ACD3-4FFB-94FE-F3441F996F7A}" = FANUC Robotics Virtual Robot Controller V5.30
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{79C95B5C-E502-49CA-A245-9C541CC9C091}" = FANUC Robotics SimPRO
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85950D11-0FA2-4058-AB3F-48AEC62C1165}" = FANUC Robotics Robot Server
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEC7855-1706-4420-BD8B-96B373E6F670}" = QIP Infium 9036 Jeak-Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCEAADAE-9259-40CB-9456-D4E44C74AAB7}" = FANUC Robotics Virtual Robot Controller V7.30
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D20559F7-7755-4811-BCD5-7F344BEC2215}" = QIP Infium 9040 Jeak-Edition
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9CA2736-615A-4A3D-AFD2-005797DB1D74}" = FANUC Robotics Virtual Robot Controller V6.33
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F7D8E1-03A2-11E1-AA2E-F04DA23A5C58}" = MSVCRT Redists
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"ASIO4ALL" = ASIO4ALL
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Derive 6" = Derive 6
"DivX Setup.divx.com" = DivX-Setup
"ESL Wire_is1" = ESL Wire 1.11.1
"FileZilla Client" = FileZilla Client 3.3.3
"FL Studio 10" = FL Studio 10
"Glary Utilities_is1" = Glary Utilities Pro 2.33.0.1158
"IL Download Manager" = IL Download Manager
"IL Juice Pack" = IL Juice Pack
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"PoiZone" = PoiZone
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Steam App 240" = Counter-Strike: Source
"Steam App 400" = Portal
"SteelSeries Engine" = SteelSeries Engine
"Streamripper" = Streamripper (Remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever
"TrueCrypt" = TrueCrypt
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01.11.2011 07:43:33 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 01.11.2011 07:43:33 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 01.11.2011 07:46:27 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 01.11.2011 07:46:27 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 01.11.2011 11:47:30 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 01.11.2011 11:47:31 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 02.11.2011 03:42:25 | Computer Name = fabian-PC | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {6aa5dd27-fdaf-4fad-bd22-a49172ac4a3c}

Error - 02.11.2011 03:44:35 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 02.11.2011 03:45:27 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 02.11.2011 03:45:27 | Computer Name = fabian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

[ System Events ]
Error - 02.07.2012 07:36:48 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 02.07.2012 07:36:48 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1062

Error - 02.07.2012 07:36:48 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 02.07.2012 07:38:12 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 02.07.2012 07:38:12 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 02.07.2012 07:38:21 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 02.07.2012 07:38:21 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.

Error - 02.07.2012 07:45:50 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%0

Error - 02.07.2012 07:45:50 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1062

Error - 02.07.2012 07:45:50 | Computer Name = fabian-PC | Source = Service Control Manager | ID = 7024
Description = The Network Location Awareness service terminated with service-specific
error %%-1073741288.


< End of report >

Die Gmer.txt habe ich als Anhang hochgeladen.


Ich wäre echt sehr über eure Hilfe erfreut und dankbar!



Gruß Fabian

 

Themen zu TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe
ad-aware, adobe after effects, antivir, avira, avira guard, bho, desktop, device driver, error, failed, firefox, firefox 13.0.1, flash player, grand theft auto, helper, install.exe, jdownloader, langs, logfile, msvcrt, nexus, pixel, plug-in, prozess, realtek, registry, robot, rojaner gefunden, scan, searchscopes, security, server, software, svchost.exe, taskmanager, teamspeak, third party, trick, trojaner, trojaner gefunden, windows


« Letzte Schritte beim Entfernen eines GVU-Trojaners (RunDLL Fehlermeldung, glom0_og.exe) | Bundespolizei Trojaner nach Entfernung mit Malware hängt PC Immernoch und Windows Explorer kaputt »


Ähnliche Themen: TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe


  1. TR/Dropper/A.15627 in C:\Users\XXX\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  2. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  3. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  4. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  5. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  6. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  7. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  8. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  9. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  10. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  11. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  12. C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll
    Log-Analyse und Auswertung - 06.05.2011 (23)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe - Hallo, Vor 3 Tagen kam aufeinmal dieses Fake AV Fenster (dass Trojaner gefunden wurden etc.). Da dieser Trick ja schon relativ alt ist, hab ich diesen Prozess direkt per Taskmanager - TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe...
Archiv
Du betrachtest: TR/FakeAV.EB.7 in C:\Users\fabian\AppData\Local\ynrpffvb.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19