Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.

Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.


Plagegeister aller Art und deren Bekämpfung: Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.08.2012, 22:21   #3
Lyppi
 
Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon. - Standard

Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.


Danke für die Antwort.

Nach dem ausführen des Scripts und des Neustarts, gabs leider keine Textdatei.
Auch der Ordner "Movedfiles" war leer. Im Logfile dazu stand:

Code:
ATTFilter
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator not found.
File C:\Users\Torialla\AppData\Roaming\Identities\{CEE9E8A4-8F86-46AE-9E7F-BFC723F05243}\LicenseValidator.exe not found.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.56.0 log created on 08052012_221753
Ich bin mir aber zu 100% sicher, dass diese Datei vor Ausführen des Scripts noch genau dort war.


Das Verzeichnis "c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache" gabs leider auch nicht mehr.

Aktuelle Malwarebyte und OTL Logs:

Malwarebyte:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Torialla :: TORIALLA-PC [Administrator]

Schutz: Aktiviert

05.08.2012 23:01:47
mbam-log-2012-08-05 (23-03-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 210533
Laufzeit: 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Torialla\AppData\Roaming\Identities\{48E46BD4-7422-468A-99BC-EE85A1FDE5E7}\LicenseValidator.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL:
Code:
ATTFilter
OTL logfile created on: 05.08.2012 23:04:04 - Run 3
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Torialla\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 72,26% Memory free
8,00 Gb Paging File | 6,69 Gb Available in Paging File | 83,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 83,01 Gb Total Space | 10,60 Gb Free Space | 12,77% Space Free | Partition Type: NTFS
Drive D: | 382,75 Gb Total Space | 33,48 Gb Free Space | 8,75% Space Free | Partition Type: NTFS
 
Computer Name: TORIALLA-PC | User Name: Torialla | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 14:59:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.29 10:55:26 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fssm32.exe
PRC - [2012.05.29 10:55:26 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\FSGK32.EXE
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.24 16:25:29 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsav32.exe
PRC - [2012.04.24 16:23:51 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\ORSP Client\fsorsp.exe
PRC - [2009.11.18 18:08:32 | 000,201,128 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSM32.EXE
PRC - [2009.11.18 18:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSMA32.EXE
PRC - [2009.11.18 18:08:32 | 000,090,536 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Common\FSHDLL32.EXE
PRC - [2009.11.18 18:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsgk32st.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.18 18:08:42 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSPC\fspcfsm.eng
MOD - [2009.11.18 18:07:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\strres.eng
MOD - [2009.11.18 18:07:02 | 000,553,384 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\gres.dll
MOD - [2009.11.18 18:06:54 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\fsavures.eng
MOD - [2009.11.18 18:06:52 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\flyerres.eng
MOD - [2009.11.18 18:06:40 | 000,090,536 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\aboutres.dll
MOD - [2009.11.18 18:06:36 | 000,442,792 | ---- | M] () -- C:\Program Files (x86)\Sicherheitspaket\FSGUI\about.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.18 18:25:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.25 18:07:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.04.24 19:56:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.24 16:23:51 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.01 21:20:00 | 003,931,352 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 18:08:32 | 000,188,840 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2009.11.18 18:07:30 | 000,846,248 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009.11.18 18:06:20 | 000,221,608 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.29 10:16:30 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.05.29 10:16:30 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.09 10:21:01 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.24 16:38:22 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.18 18:07:30 | 000,094,024 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2012.05.29 10:55:33 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012.04.24 17:42:20 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2009.11.18 18:08:18 | 000,059,784 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009.11.18 18:06:22 | 000,041,640 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - [2009.11.18 18:06:22 | 000,027,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - [2009.11.18 18:06:22 | 000,016,768 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.04 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5B 1C BF 46 0C CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Torialla\AppData\Roaming\Mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 15:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Torialla\AppData\Roaming\14001.008
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 18:25:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 22:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Torialla\AppData\Roaming\14001.008
 
[2012.04.24 16:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torialla\AppData\Roaming\mozilla\Extensions
[2012.08.03 08:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions
[2012.05.10 15:37:25 | 000,000,000 | ---D | M] () -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2012.04.26 18:16:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.03 08:57:13 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Torialla\AppData\Roaming\mozilla\Firefox\Profiles\2huyn2iq.default\extensions\DeviceDetection@logitech.com
[2012.04.24 16:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.18 18:25:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.08 07:36:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 07:36:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.08 07:36:56 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 07:36:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 07:36:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 07:36:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.05 14:52:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Torialla\AppData\Roaming\Identities\{48E46BD4-7422-468A-99BC-EE85A1FDE5E7}\LicenseValidator.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844AB4F1-428B-4477-9614-706C42FF8802}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.02.21 17:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 22:17:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.05 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Sun
[2012.08.05 21:01:23 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Dropbox
[2012.08.05 19:43:47 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\TeamViewer
[2012.08.05 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.08.05 17:55:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.08.05 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.05 14:59:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
[2012.08.05 14:41:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.08.05 14:41:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.08.05 14:41:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.08.05 14:40:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.05 14:40:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.05 14:26:11 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Malwarebytes
[2012.08.05 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 14:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 14:26:03 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.05 14:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 12:48:26 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\GlarySoft
[2012.08.04 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Skyrim NPC Editor
[2012.08.04 17:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skyrim NPC Editor
[2012.08.04 17:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012.08.03 12:39:45 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Help
[2012.08.03 12:21:32 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\kock
[2012.08.03 00:35:44 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.08.02 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
[2012.08.01 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\Nexus Mod Manager
[2012.08.01 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Black_Tree_Gaming
[2012.08.01 17:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2012.08.01 17:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[2012.07.31 19:23:12 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Local\Skyrim
[2012.07.31 18:46:13 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.07.31 18:46:13 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012.07.31 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012.07.20 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\DVDVideoSoft
[2012.07.18 17:07:08 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\Electronic Arts
[2012.07.18 17:06:17 | 000,000,000 | ---D | C] -- C:\Users\Torialla\AppData\Roaming\Electronic Arts
[2012.07.10 07:46:57 | 000,000,000 | ---D | C] -- C:\Users\Torialla\Documents\OpenTTD
[2012.07.07 09:37:36 | 000,000,000 | ---D | C] -- C:\Users\Torialla\riotsGamesLogs
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 22:56:12 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:56:12 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 22:48:58 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.08.05 22:48:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 22:48:41 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 22:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 19:16:49 | 000,000,910 | ---- | M] () -- C:\Users\Torialla\Desktop\Glary Utilities.lnk
[2012.08.05 18:15:36 | 000,000,658 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.08.05 15:00:09 | 000,000,000 | ---- | M] () -- C:\Users\Torialla\defogger_reenable
[2012.08.05 14:59:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Torialla\Desktop\OTL.exe
[2012.08.05 14:52:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.05 14:26:05 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.05 09:55:26 | 387,574,139 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.03 14:45:40 | 000,000,017 | ---- | M] () -- C:\Users\Torialla\AppData\Roaming\blckdom.res
[2012.08.03 00:35:44 | 000,000,216 | ---- | M] () -- C:\Users\Torialla\Desktop\Creation Kit.url
[2012.08.01 19:28:02 | 000,000,695 | ---- | M] () -- C:\Users\Torialla\Desktop\World of Warcraft.lnk
[2012.07.31 19:13:40 | 000,098,287 | ---- | M] () -- C:\Windows\War3Unin.dat
[2012.07.31 19:11:37 | 000,000,823 | ---- | M] () -- C:\Users\Torialla\Desktop\Frozen Throne.lnk
[2012.07.31 19:11:32 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012.07.31 19:11:32 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2012.07.31 19:05:48 | 000,000,818 | ---- | M] () -- C:\Users\Torialla\Desktop\Warcraft III.lnk
[2012.07.18 16:58:24 | 000,001,135 | ---- | M] () -- C:\Users\Torialla\Desktop\Dark Age of Camelot.lnk
[2012.07.11 12:23:18 | 002,198,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 19:16:51 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.08.05 19:16:49 | 000,000,910 | ---- | C] () -- C:\Users\Torialla\Desktop\Glary Utilities.lnk
[2012.08.05 15:00:09 | 000,000,000 | ---- | C] () -- C:\Users\Torialla\defogger_reenable
[2012.08.05 14:41:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.08.05 14:41:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.08.05 14:41:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.08.05 14:41:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.08.05 14:41:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.08.05 14:26:05 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.05 09:55:26 | 387,574,139 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.03 12:21:44 | 000,000,017 | ---- | C] () -- C:\Users\Torialla\AppData\Roaming\blckdom.res
[2012.08.03 00:35:44 | 000,000,216 | ---- | C] () -- C:\Users\Torialla\Desktop\Creation Kit.url
[2012.08.01 17:24:22 | 000,000,658 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2012.07.31 19:11:37 | 000,000,823 | ---- | C] () -- C:\Users\Torialla\Desktop\Frozen Throne.lnk
[2012.07.31 18:46:16 | 000,000,818 | ---- | C] () -- C:\Users\Torialla\Desktop\Warcraft III.lnk
[2012.07.31 18:46:13 | 000,098,287 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.07.31 18:46:13 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2012.07.18 16:58:24 | 000,001,135 | ---- | C] () -- C:\Users\Torialla\Desktop\Dark Age of Camelot.lnk
[2012.06.28 08:22:31 | 000,088,680 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.06.23 16:51:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.06.23 16:51:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.06.23 16:51:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.06.23 16:49:39 | 000,026,565 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.05.28 18:38:27 | 000,007,607 | ---- | C] () -- C:\Users\Torialla\AppData\Local\Resmon.ResmonCfg
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.24 16:20:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.04.24 16:20:16 | 001,516,002 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.08.05 22:48:58 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.06.26 07:21:19 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
Allerdings fällt mir auf das dieses "LicenseValidator.exe" im Ordner Roaming mehrmals unter anderem Namen drin ist. Jedes mal steht Saa©©Inc© dabei und das Icon ist auch das selbe.
Vielleicht sind sogar noch mehr drin, aber die hab ich so beim drüberschauen gefunden. Gelöscht hab ich sie allerdings noch nicht, da sie sich ja sofort wieder neu irgendwo reinschreiben und ich dann wieder suchen muss.

Code:
ATTFilter
Pfad: C:\Users\Torialla\AppData\Roaming\Dropbox\{85597B4B-1CE7-483A-B0A5-0C6E39382881}
Datei: Upgrade.exe

Pfad: C:\Users\Torialla\AppData\Roaming\Sun\{EF6A870B-847D-49C3-B0E0-886C67189ABE}
Datei: UpgradeChecker.exe

Pfad: C:\Users\Torialla\AppData\Roaming\TeamViewer\{D2ACD36D-5B72-4193-9D52-4E3A48A49390}
Datei: Validator.exe
Hoffe auf weitere Hilfe.
__________________
 

Themen zu Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.
acrobat update, adobe, bho, black, bonjour, combofix, defender, email, explorer, firefox, firewall, flash player, format, google, helper, home, internet, internet explorer, langs, logfile, mozilla, neustart, nexus, nodrives, nvidia update, plug-in, problem, realtek, registry, security, software, taskmanager, temporär


« GVU Trojaner 32 Bit Windows Vista | GVU Trojaner unter win 7 »


Ähnliche Themen: Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.


  1. Ein svchost.exe startet iexplore.exe-Instanzen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2015 (13)
  2. ich öffne einmal den internet Explorer - habe aber im Taskmanager 2 manchmal sogar 3 ieexplorer und einer davon arbeitet immer wie verrückt
    Log-Analyse und Auswertung - 29.10.2014 (9)
  3. ich öffne einmal den internet Explorer - habe aber im Taskmanager 2 manchmal sogar 3 ieexplorer und einer davon arbeitet immer wie verrückt
    Mülltonne - 24.10.2014 (3)
  4. Internet Explorer startet automatisch mehrere Prozesse, die sich nich schließen lassen.
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (20)
  5. mehrere Instanzen iexplore.exe / Swizzor Verdacht
    Plagegeister aller Art und deren Bekämpfung - 26.07.2011 (21)
  6. Virus: Internet Explorer öffnet sich von allein und zeigt Werbung.
    Log-Analyse und Auswertung - 19.07.2011 (3)
  7. WIN 7 , 3 Tage alter PC , Internet Explorer öffnet ständig Werbung von allein ?
    Log-Analyse und Auswertung - 07.01.2011 (6)
  8. Internet Explorer 2 x im Taskmanager und Internet-Explorer + System furchtbar langsam
    Log-Analyse und Auswertung - 24.09.2010 (7)
  9. Internet Explorer öffnet sich von allein----Msn Virus
    Log-Analyse und Auswertung - 06.09.2010 (1)
  10. Mehrere Instanzen von Internet Explorer
    Log-Analyse und Auswertung - 14.07.2010 (14)
  11. Ton (Wave) stellt sich von allein aus. Internet Explorer geht alleine auf und zeigt Werbung.
    Plagegeister aller Art und deren Bekämpfung - 13.07.2010 (7)
  12. Internet Explorer öffnet sich von allein, ebenso Fenster mit Werbung
    Log-Analyse und Auswertung - 04.05.2010 (4)
  13. mein internet explorer startet immer von allein und ich hab keine ahnung wieso
    Log-Analyse und Auswertung - 30.03.2010 (14)
  14. Internet Explorer startet von allein (Nur im Taskmanager zu sehen)
    Plagegeister aller Art und deren Bekämpfung - 24.01.2010 (23)
  15. Win startet explorer nich+Taskmanager geht nicht
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (0)
  16. internet explorer öffnet sich von allein
    Log-Analyse und Auswertung - 23.02.2007 (2)
  17. IE öffnet mehrere Instanzen (ca. 60)
    Log-Analyse und Auswertung - 23.01.2006 (15)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon. - Danke für die Antwort. Nach dem ausführen des Scripts und des Neustarts, gabs leider keine Textdatei. Auch der Ordner "Movedfiles" war leer. Im Logfile dazu stand: Code: Alles auswählen Aufklappen - Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon....
Archiv
Du betrachtest: Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131