| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner "LicenseValidator.exe"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 09:32
| #16 |
| /// Helfer-Team  |  Trojaner "LicenseValidator.exe" Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
22.07.2012, 15:32
| #17 |
 | Trojaner "LicenseValidator.exe" Hier das AdWare-Log:
__________________Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/22/2012 at 11:25:23
# Updated 20/07/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : HP - HP1-PC
# Running from : C:\Users\HP\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : vToolbarUpdater11.2.0
Stopped & Deleted : Web Assistant Updater
***** [Files / Folders] *****
Deleted on reboot : C:\Users\HP\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\HP\AppData\LocalLow\vShare
Deleted on reboot : C:\Users\Bettina\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\Bettina\AppData\LocalLow\pdfforge
Deleted on reboot : C:\Users\Bettina\AppData\LocalLow\Search Settings
Deleted on reboot : C:\Users\Bettina\AppData\LocalLow\vShare
Deleted on reboot : C:\ProgramData\AVG Secure Search
Deleted on reboot : C:\Program Files\Web Assistant
Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\Incredibar.com
Deleted on reboot : C:\Program Files (x86)\vShare
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\HP\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Key Deleted : HKCU\Software\vShare
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\Incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Orbit\OpenCandy
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [23088 octets] - [22/07/2012 04:52:53]
AdwCleaner[S1].txt - [13944 octets] - [22/07/2012 11:25:23]
########## EOF - C:\AdwCleaner[S1].txt - [14073 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 22.07.2012 11:43:36
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 22.07.2012 11:44:18
C:\Users\HP\AppData\Local\Temp\MyBabylonTB.exe gefunden: Riskware.Win32.Toolbar.Babylon.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.13 gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.9 gefunden: Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.6 gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.5 gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.8 gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.9 gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.7 gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\HP\BIN\EndProcess.exe gefunden: Riskware.Win32.KillApp!E1
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\vncviewer.exe gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\vncconfig.exe gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\winvnc4.exe gefunden: Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
Gescannt 758487
Gefunden 12
Scan Ende: 22.07.2012 16:19:40
Scan Zeit: 4:35:22
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\vncviewer.exe Quarantäne Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\vncconfig.exe Quarantäne Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
F:\Downloads\Ontrack EasyRecovery10 Enterprise\winvnc\winvnc4.exe Quarantäne Riskware.RemoteAdmin.Win32.WinVNC.AMN!E1
C:\HP\BIN\EndProcess.exe Quarantäne Riskware.Win32.KillApp!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.6 Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.5 Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.8 Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.9 Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.7 Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.13 Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.9 Quarantäne Riskware.Win32.Toolbar.Widgi.AMN!E1
C:\Users\HP\AppData\Local\Temp\MyBabylonTB.exe Quarantäne Riskware.Win32.Toolbar.Babylon.AMN!E1
Quarantäne 12
 |
|
22.07.2012, 18:34
| #18 |
| /// Helfer-Team | Trojaner "LicenseValidator.exe" Lasse die Funde loeschen, dann:
__________________Deinstalliere: Emsisoft Anti-Malware dann: ESET Online Scanner Vorbereitung
__________________ |
|
22.07.2012, 23:29
| #19 |
| | Trojaner "LicenseValidator.exe" Hallo t'john, hier das Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fb33b3bd24614246a41781a3d9c15a57
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-22 10:25:28
# local_time=2012-07-23 12:25:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 346243 346243 0 0
# compatibility_mode=5892 16776638 100 56 51582306 180505446 0 0
# compatibility_mode=8192 67108863 100 0 217 217 0 0
# scanned=367535
# found=9
# cleaned=9
# scan_time=14387
C:\Program Files (x86)\Common Files\Spigot(35)\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Common Files\Spigot(6)\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U5RC8IE8\VLCMediaPlayerSetup.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Gruß Max |
|
22.07.2012, 23:32
| #20 |
| /// Helfer-Team | Trojaner "LicenseValidator.exe" Warum hast du es Emsisoft nicht loeschen lassen? Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
23.07.2012, 17:51
| #21 |
| | Trojaner "LicenseValidator.exe" Hallo t'john, ich habs schon mit Emisoft löschen lassen! Hmmmm soll ich das mit dem Combofix wirklich machen? Irgendwie macht mich der letzt Satz ein bisschen nachdenklich... "kann den PC lahmlegen oder nachhaltig schädigen"... hmmmmm |
|
23.07.2012, 17:56
| #22 |
| /// Helfer-Team | Trojaner "LicenseValidator.exe" Ja, weil es immer wieder Leute gibt, die es auf eigene Faust benutzen. Das ist ein Spezialprogramm, keine Angst, es wird keine Probleme geben. |
|
23.07.2012, 18:00
| #23 |
| | Trojaner "LicenseValidator.exe" na gut ich vertrau dir mal....  Hallo t'john, hier die Combofix-Logdatei: Code:
ATTFilter ComboFix 12-07-21.01 - HP 23.07.2012 20:02:30.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4062.2101 [GMT 2:00]
ausgeführt von:: c:\users\HP\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bettina\Favorites\mxfilerelatedcache.mxc2
c:\users\HP\AppData\Roaming\Help\coredb\storage
c:\users\HP\AppData\Roaming\Local
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\0fadabfdf8e460d459d76817a5bc7eea.ddr
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\FILE4C620E5612CC3.plong.ddr
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\0fadabfdf8e460d459d76817a5bc7eea
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\e78d2205a792cf2a7ac368175117daac(2).ddp
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\e78d2205a792cf2a7ac368175117daac(3).ddp
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\e78d2205a792cf2a7ac368175117daac.ddp
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4C620E5612CC3.plong.ddp
c:\users\HP\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\HP\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-23 bis 2012-07-23 ))))))))))))))))))))))))))))))
.
.
2012-07-23 18:19 . 2012-07-23 18:19 -------- d-----w- c:\users\HP1\AppData\Local\temp
2012-07-23 18:19 . 2012-07-23 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 18:19 . 2012-07-23 18:19 -------- d-----w- c:\users\Bettina\AppData\Local\temp
2012-07-22 18:22 . 2012-07-22 18:22 -------- d-----w- c:\program files (x86)\ESET
2012-07-22 09:34 . 2012-07-22 18:14 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-07-21 21:12 . 2012-07-21 21:12 -------- d-----w- c:\program files (x86)\Oracle
2012-07-21 20:47 . 2012-07-21 20:47 -------- d-----w- c:\users\HP\AppData\Roaming\www.shadowexplorer.com
2012-07-21 20:47 . 2012-07-21 20:47 -------- d-----w- c:\program files (x86)\ShadowExplorer
2012-07-21 20:16 . 2012-07-21 20:16 -------- d-----w- c:\users\HP\AppData\Local\AAV
2012-07-21 16:12 . 2012-07-21 16:12 -------- d-----w- c:\users\Bettina\AppData\Roaming\Avira
2012-07-21 16:07 . 2012-07-21 16:07 -------- d-----w- c:\users\Bettina\AppData\Local\ATI
2012-07-21 16:06 . 2012-07-21 16:06 -------- d-----w- c:\users\Bettina\AppData\Local\VirtualStore
2012-07-20 19:48 . 2012-07-20 20:20 -------- d-----w- c:\program files\Recuva
2012-07-20 19:41 . 2012-07-20 19:41 -------- d-----w- c:\users\HP\AppData\Roaming\Windows SideBar
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\users\HP\licman
2012-07-20 18:50 . 2012-07-20 18:50 -------- d-----w- c:\users\HP\EREnt
2012-07-20 17:17 . 2012-07-20 17:17 -------- d-----w- c:\users\HP\AppData\Local\Adobe
2012-07-20 17:03 . 2012-07-20 17:03 -------- d-----w- c:\program files (x86)\Runtime Software
2012-07-19 22:33 . 2012-07-19 22:33 -------- d-----w- c:\programdata\Apple Computer
2012-07-19 22:28 . 2012-07-19 22:27 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-19 22:28 . 2012-07-19 22:27 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-19 22:28 . 2012-07-19 22:27 188912 ----a-w- c:\windows\system32\java.exe
2012-07-19 22:27 . 2012-07-19 22:27 -------- d-----w- c:\program files\Java
2012-07-19 22:18 . 2012-07-19 22:18 -------- d-----w- c:\users\HP\AppData\Local\Hewlett-Packard
2012-07-19 22:15 . 2012-07-19 22:15 -------- d-----w- c:\users\HP\AppData\Local\ATI
2012-07-19 22:09 . 2012-07-19 22:09 454 ----a-w- C:\user.js
2012-07-19 16:22 . 2012-07-19 16:22 -------- d-----w- C:\_OTL
2012-07-19 16:20 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-18 20:10 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 19:03 . 2012-07-18 19:04 -------- d-----w- c:\program files\CCleaner
2012-07-18 18:41 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-18 18:23 . 2012-07-18 18:23 -------- d-----w- c:\users\HP\AppData\Roaming\Avira
2012-07-18 18:17 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-18 18:17 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-18 18:17 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-18 18:17 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-18 18:17 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-18 18:17 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-18 18:17 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-18 18:17 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-18 18:17 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-18 18:17 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-18 18:17 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-18 18:17 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-18 18:14 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 18:14 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 18:14 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 18:14 . 2012-07-18 18:16 -------- d-----w- c:\programdata\Avira
2012-07-18 18:14 . 2012-07-18 18:14 -------- d-----w- c:\program files (x86)\Avira
2012-07-17 20:57 . 2012-07-17 22:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-17 20:57 . 2012-07-17 20:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-17 20:45 . 2012-07-18 16:48 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-17 19:25 . 2012-07-17 19:27 -------- d-----w- c:\program files (x86)\Google
2012-07-17 19:23 . 2012-07-17 19:23 -------- d-----w- c:\programdata\Lavasoft
2012-07-17 19:23 . 2012-07-17 21:00 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-17 19:17 . 2012-07-17 21:01 -------- d-----w- c:\users\HP\AppData\Roaming\Ad-Aware Antivirus
2012-07-17 18:37 . 2012-07-17 18:37 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2012-07-17 18:37 . 2012-07-17 18:37 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 18:37 . 2012-07-18 20:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 18:01 . 2012-07-16 18:02 -------- d-----w- c:\program files (x86)\PSFtp Free
2012-07-08 22:04 . 2012-07-21 21:09 772592 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-08 10:28 . 2012-07-08 10:28 -------- d-----w- c:\users\HP\AppData\Roaming\Windows Search
2012-07-07 10:03 . 2012-07-07 10:03 -------- d-----w- c:\users\HP\AppData\Roaming\Dropbox
2012-07-05 23:06 . 2012-07-08 17:36 -------- d-----w- c:\users\HP\AppData\Roaming\Google Inc
2012-07-05 22:50 . 2012-07-08 16:32 -------- d-----w- c:\users\HP\AppData\Roaming\Apple
2012-07-05 22:34 . 2012-07-05 22:34 -------- d-----w- c:\users\HP\AppData\Roaming\Windows Desktop Search
2012-07-03 22:30 . 2012-07-03 22:30 -------- d-----w- c:\program files (x86)\pdfforge Toolbar(88)
2012-07-03 22:30 . 2012-07-03 22:30 -------- d-----w- c:\program files (x86)\Common Files\Spigot(6)
2012-06-29 19:47 . 2012-07-17 13:09 -------- d-----w- c:\users\HP\AppData\Roaming\TeamViewer
2012-06-29 19:47 . 2012-07-05 19:11 -------- d-----w- c:\users\HP\AppData\Roaming\Microsoft Corporation
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 22:27 . 2011-12-17 15:46 955888 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-19 22:27 . 2011-12-17 15:46 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-19 22:22 . 2012-06-13 18:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-19 22:22 . 2011-06-24 22:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:44 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-08 22:03 . 2010-12-09 20:49 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 20:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 16:34 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 16:34 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 16:34 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:58 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 20:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 20:58 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-23 16:34 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 20:58 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-22 19:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-22 19:51 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 19:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-22 19:51 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-01 14:29 . 2012-06-13 18:43 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2006-05-03 09:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-02-09 206120]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrayServer"="c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe" [2007-03-29 90112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-11-15 3511296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_8aadd48d\AESTSr64.exe [2008-06-27 89088]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2009-02-05 c:\windows\Tasks\HPCeeScheduleForHP.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-21 10:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1560872]
"combofix"="c:\combofix\CF23284.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\pdye6swy.default\
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb174?a=6PQDYEemvs&i=26
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf674ad91-fb82-45e7-94b5-690fe9957c63%7D&mid=47f78d70e7b647d087bfd16acd1cbd02-bf34e9831e27ba877eb1e558135b2a1d1c1c30fd&ds=qw011&v=11.1.0.7&lang=en&pr=sa&d=2012-06-08%2022%3A54%3A49&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQDYEemvs&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 401f3b9b0000000000000022faf870b2
FF - user.js: extensions.incredibar_i.instlDay - 15540
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:09
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQDYEemvs
FF - user.js: extensions.incredibar_i.upn2n - 92543259393568070
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10671
FF - user.js: extensions.incredibar_i.ppd - 7777722
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-23 20:32:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-23 18:32
.
Vor Suchlauf: 13 Verzeichnis(se), 288.811.933.696 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 288.373.800.960 Bytes frei
.
- - End Of File - - 4A29DD55B51E2A89952AFD8231B17F0B
Code:
ATTFilter Update for Microsoft Office 2007 (KB2508958) AAVUpdateManager AC3Filter 1.63b Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X - Deutsch Any Video Converter 3.3.9 Areca Audacity 1.2.6 Audiograbber 1.83 SE Avira Free Antivirus AVS Cover Editor 2.0.1.3 AVS DVD Copy version 4.1.1 AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CloneCD CloneDVD2 Compatibility Pack für 2007 Office System CVP 8.3.0 CyberLink DVD Suite DerivatePricer2.0Test DivX-Setup DivX Web Player ESET Online Scanner v3 ESU for Microsoft Vista EVEREST Home Edition v2.20 FileZilla Client 3.4.0 Finanzplan in Excel Version 3.1.02 Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) FLV Player 2.0 (build 25) Free PDF to Word Doc Converter v1.1 GetDataBack for NTFS GIMP 2.6.11 Google Earth GPL Ghostscript Lite 8.70 Hardcopy (C:\Program Files (x86)\Hardcopy) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) HP Active Support Library HP Common Access Service Library HP Customer Experience Enhancements HP Help and Support HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart TV HP MediaSmart Webcam HP Quick Launch Buttons 6.40 L1 HP Total Care Advisor HP Total Care Setup HP Update HP User Guides 0134 HP Wireless Assistant HPAsset component for HP Active Support Library ICQ7.7 IDT Audio IrfanView (remove only) Java Auto Updater Java(TM) 6 Update 33 Java(TM) 6 Update 7 Java(TM) 7 Update 5 JavaFX 2.1.1 JMicron JMB38X Flash Media Controller Driver K-Lite Mega Codec Pack 6.8.0 LabelPrint LightScribe System Software 1.14.17.1 Logitech Harmony Remote Software Müller Foto MAGIX Foto Manager 2007 4.1.1.75 (D) MAGIX Goya burnR 2.3.1.3 (D) MAGIX Music Manager 2007 8.1.1.108 (D) MAGIX Online Druck Service 2.3.2.0 (D) MAGIX Video deluxe 2007 2008 7.0.0.26 (D) Malwarebytes Anti-Malware Version 1.62.0.1300 Media Go Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft XML Parser Mozilla Firefox 5.0 (x86 de) Mp3tag v2.47b MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games MyFreeCodec Nvu 1.0 Orbit Downloader PDFCreator Personal Backup 5.1 PL-2303 USB-to-Serial PlayStation(R)Network Downloader PlayStation(R)Store Power2Go PowerDirector ProtectDisc Driver, Version 11 QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Reuters Excel Link Schlag den Raab - Das 2. Spiel Security Task Manager 1.8d Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition ShadowExplorer 0.8 Skins SmartTools Publishing • Excel Finanzplan SopCast 3.3.2 Steuer-Spar-Erklärung 2010 Steuer-Spar-Erklärung 2011 Steuer-Spar-Erklärung 2012 SUPER © v2011.build.48 (April 23, 2011) Version v2011.build.48 TomTom HOME 2.8.3.2499 TomTom HOME Visual Studio Merge Modules TubeBox! TVUPlayer 2.5.3.1 UnderCoverXP 1.23 Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Outlook 2007 Help (KB963677) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 Veetle TV 0.9.18 Vista Icon Pack ST VLC media player 2.0.2 Winamp Winamp Erkennungs-Plug-in Windows Live Messenger Max |
|
23.07.2012, 22:30
| #24 |
| /// Helfer-Team | Trojaner "LicenseValidator.exe" Sehr gut! Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
23.07.2012, 23:38
| #25 |
| | Trojaner "LicenseValidator.exe" Alles klar! Hab alles gemacht. Und nu??? Sind wir schon fertig?  |
|
24.07.2012, 00:40
| #26 |
| /// Helfer-Team | Trojaner "LicenseValidator.exe" Sehr gut! damit bist Du sauber und entlassen!  Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
24.07.2012, 18:04
| #27 |
| | Trojaner "LicenseValidator.exe" Hallo t'john! vielen vielen Dank für Deine kompetente und schnelle Hilfe!!  Echt super Service hier!!! Viele Grüße Max |
|
| Themen zu Trojaner "LicenseValidator.exe" |
| administrator, anti-malware, antivir, anwendungen, autostart, avira, browser, dateien, diverse, ebay, explorer, folge, gehackt, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, malwarebytes, microsoft, passwort, pdfforge toolbar, software, system, system neu, systemwiederherstellung, trojaner, viren, virus, vista |
Linear-Darstellung
