Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Variante des BKA-Trojaners

Variante des BKA-Trojaners


Plagegeister aller Art und deren Bekämpfung: Variante des BKA-Trojaners

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 21.07.2012, 05:04   #16
Tigger04
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Guten Morgen,

hier der CustomScan mit OTL:

Code:
ATTFilter
OTL logfile created on: 21.07.2012 05:43:42 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Martin_2\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 76,02% Memory free
6,10 Gb Paging File | 5,03 Gb Available in Paging File | 82,46% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 52,73 Gb Free Space | 18,50% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-LAPTOP | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
PRC - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\1&1\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Notepad++\NppShell_05.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ETService) -- C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\1&1\IGDCTRL.EXE (AVM Berlin)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (SASKUTIL) -- C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes,DefaultScope = {BEE3FB5F-FB25-4E4C-8A1A-CD42338804EF}
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes\{46846ED6-570C-40B4-A31A-46D30C1D32CC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE321&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=ZPJ6feOkCTkKP1nnxzhR8gmK2vY?q={searchTerms}
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\SearchScopes\{BEE3FB5F-FB25-4E4C-8A1A-CD42338804EF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE321
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0209&m=easynote_mh36
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes\{46846ED6-570C-40B4-A31A-46D30C1D32CC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE321&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=DyjTPcNONhE6tl2SePiLSDJrpYc?q={searchTerms}
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\SearchScopes\{BEE3FB5F-FB25-4E4C-8A1A-CD42338804EF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE321
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.03 00:03:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.17 20:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.15 18:57:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.17 20:58:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.15 18:57:07 | 000,000,000 | ---D | M]
 
[2009.05.29 06:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2009.05.29 06:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.07.17 02:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\4zvzb93p.default\extensions
[2012.07.15 20:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.07.15 20:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
[2012.07.15 20:17:11 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012.07.16 01:48:30 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZVZB93P.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.07.17 20:58:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.01 19:35:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.07.13 12:32:33 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Link\Core.exe -silent File not found
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [SUPERAntiSpyware] C:\Users\Martin\Desktop\Sicherheit\SAS\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: Alle &Videos mit BitComet herunterladen - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddVideo.htm File not found
O8 - Extra context menu item: Download all links using BitComet - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddAllLink.htm File not found
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddVideo.htm File not found
O8 - Extra context menu item: Download link using &BitComet - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddLink.htm File not found
O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Users\Martin_2\Desktop\Martin\Programme\BitComet\BitComet.exe/AddLink.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-847327128-1490993992-3260578781-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-847327128-1490993992-3260578781-1001\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFD5890-BED8-42B3-B0FF-66C2EA477E87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B3E534F-4C4D-4D45-BA00-66906FD77393}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASWINLO.DLL) - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2774b129-328a-11de-80eb-00238b714576}\Shell - "" = AutoRun
O33 - MountPoints2\{2774b129-328a-11de-80eb-00238b714576}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{fbad6f48-2279-11de-8dc6-00238b714576}\Shell - "" = AutoRun
O33 - MountPoints2\{fbad6f48-2279-11de-8dc6-00238b714576}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fcafdbae-38cd-11de-83b6-0017c46bc7c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fcafdbae-38cd-11de-83b6-0017c46bc7c8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkdator - (C:\Windows\cmdknfig.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: Eraser - hkey= - key= - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
MsConfig - StartUpReg: FG_Monitor - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Users\Martin_2\Desktop\Sicherheit\SAS\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Ligos Corporation)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\mcmjpg32.dll (MainConcept)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\iyvu9_32.dll ()
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 08:21:04 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrueCrypt
[2012.07.20 08:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.20 08:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.07.20 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.07.20 08:19:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Notepad++
[2012.07.20 08:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.20 08:08:01 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.07.20 08:07:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2012.07.20 08:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.07.20 08:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.20 07:37:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Secunia PSI
[2012.07.20 06:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012.07.20 06:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.07.18 22:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.18 22:14:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
[2012.07.17 20:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.17 20:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.16 20:09:08 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.07.15 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Logs
[2012.07.15 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Apple Computer
[2012.07.15 18:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.07.15 18:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.07.15 18:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.07.15 18:51:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.15 18:27:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2012.07.15 18:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.15 18:21:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.15 18:21:29 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.15 18:21:29 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.15 18:21:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.15 18:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.15 18:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.07.15 17:59:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012.07.15 17:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.15 14:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.15 14:34:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Macromedia
[2012.07.15 13:47:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Media Player Classic
[2012.07.15 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\DivX
[2012.06.27 19:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Domination
[2012.06.21 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\BMW M3 Challenge
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.21 03:58:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.21 03:58:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 20:06:19 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.20 20:06:19 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.20 20:06:19 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.20 20:06:19 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.20 19:58:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.07.20 19:58:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 19:58:05 | 3144,597,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 08:22:03 | 000,231,760 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012.07.20 08:13:38 | 000,001,397 | ---- | M] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2012.07.20 08:08:01 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.07.20 08:00:11 | 000,000,259 | ---- | M] () -- C:\Windows\wininit.ini
[2012.07.20 07:45:10 | 001,110,476 | ---- | M] () -- C:\Users\Martin\Desktop\7z920.exe
[2012.07.20 06:34:55 | 000,000,901 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.19 21:11:11 | 000,624,883 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2012.07.18 22:14:55 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
[2012.07.16 20:09:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.07.15 22:49:14 | 000,007,680 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.15 18:25:05 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.15 10:06:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.12 03:29:21 | 002,313,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.20 08:13:38 | 000,001,397 | ---- | C] () -- C:\Users\Martin\Desktop\DivX Movies.lnk
[2012.07.20 08:04:06 | 000,001,672 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012.07.20 08:00:10 | 000,000,259 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.20 07:43:06 | 001,110,476 | ---- | C] () -- C:\Users\Martin\Desktop\7z920.exe
[2012.07.20 06:34:55 | 000,000,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.07.20 06:34:55 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.07.19 21:11:03 | 000,624,883 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2012.07.15 17:52:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.15 13:47:30 | 000,007,680 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.15 13:40:04 | 3144,597,504 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.15 06:21:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.01.18 19:13:06 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.01.18 19:13:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.30 10:29:20 | 000,069,632 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011.12.26 19:43:19 | 000,000,568 | ---- | C] () -- C:\Windows\eReg.dat
[2011.12.25 08:47:30 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.10.22 10:06:07 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2011.10.22 09:17:41 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.28 10:34:02 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2009.09.22 05:18:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.05 06:50:53 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat
 
========== LOP Check ==========
 
[2012.07.20 08:07:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2009.06.21 11:06:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Folder Guard
[2009.06.02 19:54:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2009.05.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LimeWire
[2012.07.20 08:19:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Notepad++
[2009.04.04 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Packard Bell
[2009.09.21 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Red Alert 3
[2012.07.20 08:22:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrueCrypt
[2011.08.22 23:02:25 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\.minecraft
[2011.10.22 10:03:18 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Ashampoo
[2011.01.11 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\FreeFLVConverter
[2011.12.14 09:14:43 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\FRITZ!
[2010.05.15 02:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\LimeWire
[2011.02.28 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\mp3DirectCut
[2011.12.31 18:52:50 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Notepad++
[2009.04.05 08:32:01 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Packard Bell
[2009.04.05 09:37:45 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\PeerNetworking
[2010.08.27 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Petroglyph
[2009.09.22 10:59:56 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Red Alert 3
[2011.10.30 16:18:59 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\Sports Interactive
[2011.11.18 22:56:34 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\temp
[2011.12.30 13:21:07 | 000,000,000 | ---D | M] -- C:\Users\Martin_2\AppData\Roaming\TrueCrypt
[2010.03.07 11:14:55 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ICQ
[2012.07.20 13:46:39 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.18 09:33:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe
[2012.07.15 20:04:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Apple Computer
[2012.07.15 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avira
[2012.07.20 08:07:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2012.07.20 08:13:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DivX
[2009.06.21 11:06:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Folder Guard
[2009.04.04 21:06:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google
[2009.06.02 19:54:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2009.04.04 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities
[2009.05.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LimeWire
[2009.04.04 21:07:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia
[2010.02.07 18:36:03 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs
[2012.07.15 13:47:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Player Classic
[2012.07.17 07:47:00 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft
[2009.04.04 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla
[2012.07.20 08:19:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Notepad++
[2009.04.04 20:57:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Packard Bell
[2009.09.21 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Red Alert 3
[2012.07.20 08:20:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype
[2012.07.15 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.20 08:22:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrueCrypt
[2009.09.21 17:58:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.05.29 06:32:24 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009.05.29 06:32:24 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009.05.29 06:32:24 | 000,014,848 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009.05.29 06:32:24 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.05.29 06:32:24 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009.05.29 06:32:24 | 000,018,432 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.05.29 06:32:24 | 000,014,336 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009.05.29 06:32:25 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.05.29 06:32:25 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Martin\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2010.01.28 14:24:51 | 000,038,784 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.04.06 08:58:24 | 000,611,064 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
[2009.04.06 08:58:24 | 000,142,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptddrv1.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Alt 23.07.2012, 11:52   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Code:
ATTFilter
O1 - Hosts: 127.0.0.1 activate.adobe.com
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
Sieht aus als hättest du eine illegale Version von CS4 am Start.
Wenn du eine orignale Version hättest müsstest du diese aktivieren was aber durch den Eintrag in der Hosts-Datei nicht funktionieren wird.
__________________

__________________
Alt 23.07.2012, 17:05   #18
Tigger04
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Hallo Arne,

KEIN Pfui! Ich habe CS4 weder installiert, noch habe ich es irgendwann benutzt. Dieses ganze Adobe-Zeug war doch von Anfang an auf der Festplatte...

Viele Grüße

Martin
__________________
Alt 24.07.2012, 11:51   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Sicher, klar! Ein CS4 in Vollversion ist ja bei jedem Windows schon quasi mit an Bord!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.07.2012, 19:30   #20
Tigger04
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Das habe ich nicht behauptet. Ich habe lediglich gesagt, dass alles, was von Adobe kommt, so auf der Platte war, wie ich sie bekommen habe.

Ich kann dir nur versichern, dass ich keine Cracks, Keys oder sonst irgendetwas verwende , um irgendwelche Aktivierungen zu umgehen. Ich benutze kein CS4, werde es nicht benutzen und weiß nicht einmal, wo ich es öffnen kann, geschweige denn, wie es funktioniert.

Sagst du mir, wie es weitergeht?


Alt 24.07.2012, 21:18   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Dann würde ich gern von dir wissen, wie der Dreck denn da raufgekommen ist. Von allein passiert das nicht. Entweder warst du es oder jmd anders hat dir diese Nettigkeit angetan. Schon oft hier gelesen, dass irgendein Kumpel mal wieder den ultimativen Tipp an Software hat oder der den Rechner komplett installiert - gecrackte Software inklusive.
__________________
--> Variante des BKA-Trojaners

Alt 26.07.2012, 07:15   #22
Tigger04
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Arne,

ich kann dir nur das schreiben, was du schon gelesen hast. Eine Freundin hat vor zwei oder drei Jahren mal diese Creative Suite für Studenten oder so besorgt und das völlig legal - allerdings für den Mac. Sie hat dann hier etwas rumprobiert, was allerdings nicht geklappt hat...

Ich habe dieses Programm noch NIE angerührt, weil ich überhaupt keine Ahnung davon habe. Zu deiner Beruhigung: Ich habe es jetzt gelöscht. Allerdings sind jetzt auch andere Einträge nicht mehr da.

Viele Grüße

Martin

Alt 26.07.2012, 14:51   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Zitat:
für Studenten oder so besorgt und das völlig legal
"oder so" und "völlig legal" - also darin sehe ich einen ziemlich kräftigen Widerspruch bzw. eine ziemliche Unschärfe
Bei legalen Versionen sind solche Einträge in der Hosts weder nötig noch förderlich - ja sogar kontraproduktiv!
Eine legale Version will aktiviert werden und genau das wird unterbunden über die Einträge in der Hosts-Datei, denn der Rechner kann ja keinen Kontakt zu den Adobe-Servern aufnehmen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 12:12   #24
Tigger04
 
Variante des BKA-Trojaners - Standard

Variante des BKA-Trojaners


Das "oder so" sollte lediglich ausdrücken, dass es eine kostengünstigere Version gewesen ist, wobei ich mir nicht sicher bin, ob wirklich für Studenten. Sicher bin ich mir aber, dass sie diese Version bezahlt und legal erworben hat. Das ist KEIN Widerspruch!

Ist auch völlig egal. Ich fürchte, wir kommen nicht weiter. Jedenfalls möchte ich mich noch einmal bei dir bedanken, weil das Ding hier mit deiner Hilfe wieder super funktioniert. Ein Freund wird noch einmal checken, ob sich irgendwelche Reste auf der Platte verstecken und dann sollte es wieder laufen.

Also, herzlichen Dank und

viele Grüße

Martin

Antwort
Seite 2 von 2 1 2

Themen zu Variante des BKA-Trojaners
100 euro, administrator, antivirus, automatisch, autostart, bka-trojaner, ctfmon.lnk, dateien, desktop, diverse, explorer, fest0r_ot.exe, folge, free, gelöscht, gmx, heuristiks/extra, heuristiks/shuriken, illegal, install.exe, log-datei, malwarebytes, microsoft, nicht sicher, scan, seite, task-manager, temp, trojaner, updates, vista, windows, änderung


« TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe | 800000cb.@ Malware nicht löschbar »


Ähnliche Themen: Variante des BKA-Trojaners


  1. Neue DHL-Mail Variante?
    Diskussionsforum - 29.05.2015 (2)
  2. Bundestrojaner neue Variante?
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (28)
  3. Schweizer Variante des GVU-Trojaners auf Netbook
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (12)
  4. Verschlüsselungstrojaner - BKA-Variante
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (2)
  5. GVU Trojaner - Variante vom 10.07.2012
    Log-Analyse und Auswertung - 19.08.2012 (11)
  6. neue Variante des GVU-Trojaners eingefangen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  7. GVU Trojaner - Variante vom 16.05.2012
    Log-Analyse und Auswertung - 11.07.2012 (7)
  8. Verschlüsselungs-Trojaner Variante
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  9. BKA Trojaner variante
    Log-Analyse und Auswertung - 12.03.2012 (3)
  10. Neue Variante von Ukash
    Log-Analyse und Auswertung - 23.10.2011 (34)
  11. Malewarbytes Variante 1A
    Lob, Kritik und Wünsche - 21.07.2011 (3)
  12. myway.mywebsearch Variante
    Mülltonne - 06.01.2009 (0)
  13. about:blank Variante
    Log-Analyse und Auswertung - 15.05.2005 (5)
  14. neue Variante von W32.Netsky ?
    Plagegeister aller Art und deren Bekämpfung - 15.04.2005 (10)
  15. Neue Sober.D-Variante
    Plagegeister aller Art und deren Bekämpfung - 09.03.2004 (2)
  16. Neue KLEZ- Variante??
    Plagegeister aller Art und deren Bekämpfung - 23.06.2003 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Variante des BKA-Trojaners - Guten Morgen, hier der CustomScan mit OTL: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 21.07.2012 05:43:42 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Martin_2\Desktop - Variante des BKA-Trojaners...
Archiv
Du betrachtest: Variante des BKA-Trojaners auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131