| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Dropper.Generic_c.MMIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.08.2012, 14:56
| #1 |
| |  Trojaner: Dropper.Generic_c.MMI Hallo erstmal, ich bin ganz frisch hier im Forum und möchte somit auch erstmal Hallo sagen und schonmal im Vorfeld für Eure Hilfe mich bedanken. Seit einigen Tagen habe ich wie im Topic erwähnt, folgendes Problem "C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI" Mir ist also aufgefallen das er sehr widerspenstig gegen alle unternehmungen meiner seits gewesen ist. Habe auch sehr viel darüber gelesen und auch mehrere englische Seiten gesehen wo dort durch manuelles spezifisches Löschen gewisser Windows "registry"-Einträge das problem behoben wurde. An dieses Thema mit der "registry" traue ich mich aber seit dem erscheinen von Win Vista nicht mehr heran. Und nach weiteren recherchen bin ich immer wieder auf dieses Forum gestoßen. Nun gut nun mal zum eingemachten: Mein Betriebssystem ist Win7 64bit Version Hier die Logfile von AVG Free HTML-Code: "Scan ""Bestimmte Dateien/Ordner scannen"" wurde beendet." "Infektionen";"1";"0";"1" "Warnungen";"147";"58";"89" "Für den Scanvorgang ausgewählte Ordner:";"C:\;" "Start des Scans:";"Mittwoch, 29. August 2012, 15:01:34" "Scan beendet:";"Mittwoch, 29. August 2012, 15:20:18 (18 Minute(n) 43 Sekunde(n))" "Gesamtanzahl gescannter Objekte:";"252069" "Benutzer, der den Scan gestartet hat:";"eMJay" "Infektionen" "Datei";"Infektion";"Ergebnis" "C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI";"Objekt befindet sich auf der Whitelist (wichtige Systemdatei, die nicht entfernt werden darf)" "Warnungen" "Datei";"Infektion";"Ergebnis" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.3cbd1331";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt";"Tracking cookie.Adtiger gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt:\adtech.de.b82cc00f";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.d7291c6b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.f462b69f";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.dd15d628";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.cef1c7af";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.c1dd09f2";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.a5b6a132";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.88317d98";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.27f1639b";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\yadro.ru.c77afad5";"Tracking cookie.Yadro gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\weborama.fr.30104bcb";"Tracking cookie.Weborama gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.f4648305";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.adc507fa";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Tracking cookie.Webtrendslive gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.ec9679e4";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.bf8b766";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.af3b05a6";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.4cd8c2e9";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.83b89ffa";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.82a499d7";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.5a5e0633";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.dae801b8";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.c1cf4a2d";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.50e13b1b";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.46bdaf68";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.44927ec";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.3983b30a";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1ecc4d24";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1d1a4fbf";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\realmedia.com.855b46d";"Tracking cookie.Realmedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Tracking cookie.Questionmarket gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Tracking cookie.Pro-market gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.f2d5a6f6";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.72c0abc9";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.ab37cbaa";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.323e9a10";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\fastclick.net.8a6435e9";"Tracking cookie.Fastclick gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.80ad4799";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.1e1e0e23";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.46763078";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.c0476bb7";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.39ec90c";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.525a5fb9";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.1dfa2206";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.db31947b";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.d5e309c2";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.cd21573";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.71beeff9";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.557c9f74";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.44f92a69";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.215df2f3";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.e61f82a7";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.b6b4dd3e";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.f85519c9";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.87f47d84";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.834e8c33";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.55e0f57c";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.2810c5c0";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt";"Tracking cookie.Smartadserver gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt";"Tracking cookie.Mediaplex gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt";"Tracking cookie.Ivwbox gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.74c5668";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt" logfile von OLT HTML-Code: OTL logfile created on: 29.08.2012 14:35:47 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\eMJay\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,16% Memory free 7,99 Gb Paging File | 5,58 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 87,74 Gb Free Space | 58,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 83,70 Gb Free Space | 19,57% Space Free | Partition Type: NTFS Drive E: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive N: | 15,00 Gb Total Space | 14,97 Gb Free Space | 99,79% Space Free | Partition Type: FAT Computer Name: LUCY | User Name: eMJay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe PRC - [2012.07.20 10:48:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.11.21 12:55:52 | 000,989,264 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.09.24 00:00:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.06.09 18:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.02.05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.02.04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.07.20 10:48:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.16 01:36:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.01.19 16:28:27 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll MOD - [2011.01.18 21:37:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll MOD - [2011.01.18 21:37:13 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll MOD - [2011.01.18 21:36:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2011.01.18 21:36:42 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2011.01.18 21:36:37 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll MOD - [2011.01.18 21:36:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll MOD - [2011.01.18 21:36:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2011.01.18 21:36:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2011.01.18 21:36:07 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2011.01.18 21:35:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.02.24 00:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.02.24 00:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.24 00:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.24 00:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.24 00:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:[b]64bit:[/b] - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:[b]64bit:[/b] - [2010.03.30 16:12:23 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV - [2012.07.20 10:48:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011.11.21 12:52:50 | 000,199,752 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ui11rdr.SYS -- (ui11rdr) DRV:[b]64bit:[/b] - [2011.09.13 09:57:09 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011.05.06 08:27:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:[b]64bit:[/b] - [2011.04.09 18:23:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:[b]64bit:[/b] - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:[b]64bit:[/b] - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:[b]64bit:[/b] - [2011.01.24 00:12:59 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011.01.05 21:48:49 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:[b]64bit:[/b] - [2010.07.21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2010.04.08 10:11:59 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2010.03.30 16:46:01 | 006,657,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010.03.30 15:23:33 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:[b]64bit:[/b] - [2009.12.22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:[b]64bit:[/b] - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:[b]64bit:[/b] - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=13170&l=dis IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=D5F45CB4-FE12-465C-B6F2-F1D18005CBC4&apn_sauid=F295B89A-D9FE-42A5-87F8-79ACEB4DD797 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\eMJay\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.28 01:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.28 01:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011.12.28 01:28:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M] [2011.01.20 09:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Extensions [2012.08.23 11:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions [2012.08.23 11:11:19 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012.03.15 21:39:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.28 01:29:40 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\DTToolbar@toolbarnet.com [2012.06.11 09:35:19 | 000,002,397 | ---- | M] () -- C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\searchplugins\askcom.xml [2012.07.26 17:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.01 22:55:58 | 000,031,289 | ---- | M] () (No name found) -- C:\USERS\EMJAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TBHQBC2G.DEFAULT\EXTENSIONS\AUTOFORMER2@MOZILLA.ORG.XPI [2012.07.20 10:48:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 15:07:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.12 03:29:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 03:29:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.12 03:29:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.12 03:29:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.12 03:29:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.12 03:29:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DivX HiQ = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll (IE Toolbar) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKCU..\Run: [Facebook Update] C:\Users\eMJay\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB771FF-0609-4518-B578-B03B8BAEA8D0}: DhcpNameServer = 192.168.178.1 O18:[b]64bit:[/b] - Protocol\Handler\cdo - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment) O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell\AutoRun\command - "" = G:\NPSAI.exe O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = K:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.08.29 14:14:00 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe [2012.08.26 00:10:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.08.06 11:19:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.01 01:34:07 | 000,000,000 | ---D | C] -- C:\Users\eMJay\Desktop\Musik [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.08.29 14:35:39 | 000,000,168 | ---- | M] () -- C:\Users\eMJay\defogger_reenable [2012.08.29 14:34:51 | 000,050,477 | ---- | M] () -- C:\Users\eMJay\Desktop\Defogger.exe [2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe [2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 13:48:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 13:47:17 | 105,215,959 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2012.08.29 13:41:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.08.29 13:41:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 13:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 13:41:09 | 3219,505,152 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job [2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job [2012.08.12 23:18:40 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.12 23:18:40 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.12 23:18:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.12 23:18:40 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.12 23:18:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.08.29 14:35:39 | 000,000,168 | ---- | C] () -- C:\Users\eMJay\defogger_reenable [2012.08.29 14:34:50 | 000,050,477 | ---- | C] () -- C:\Users\eMJay\Desktop\Defogger.exe [2012.08.25 23:39:11 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000064.@ [2012.08.25 23:39:11 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\L\00000004.@ [2012.08.25 23:39:10 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000008.@ [2012.08.25 23:39:09 | 000,093,184 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000032.@ [2012.08.25 23:39:08 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\000000cb.@ [2012.08.25 23:39:06 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000000.@ [2012.08.25 23:39:05 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000004.@ [2011.04.17 10:54:43 | 000,000,000 | ---- | C] () -- C:\Users\eMJay\AppData\Local\prvlcl.dat [2011.03.15 19:42:18 | 000,007,602 | ---- | C] () -- C:\Users\eMJay\AppData\Local\Resmon.ResmonCfg [2011.02.06 21:34:09 | 000,185,199 | ---- | C] () -- C:\Windows\hpoins44.dat [2011.01.30 13:06:41 | 000,007,168 | ---- | C] () -- C:\Users\eMJay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.23 18:07:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.01.23 18:07:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.01.12 10:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 20:42:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@ [2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Users\eMJay\AppData\Local\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@ [2010.09.23 23:54:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.23 23:50:51 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.23 23:40:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [color=#E56717]========== LOP Check ==========[/color] [2012.01.18 13:33:31 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\1&1 [2011.12.28 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Asus WebStorage [2011.01.20 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.24 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DAEMON Tools Lite [2012.03.15 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DVDVideoSoft [2011.06.24 01:00:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\EeeStorageUploader [2012.03.11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\GetRightToGo [2011.05.18 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\InterTrust [2011.01.22 06:01:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Local [2012.05.20 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\TS3Client [2012.05.19 10:45:17 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\ts3overlay [2011.07.21 00:04:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Verbindungsassistent [2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job [2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job [2011.03.15 20:37:55 | 000,024,306 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > GMER.exe hat nichts gefunden jetzt bin ich natürlich ein wenig ratlos wie es weiter gehen soll. Ich hoffe das ihr jetzt alle Informationen habt die Ihr brauchen werdet um mir zu helfen Mit freundlichem Gruß eMJay |
|
31.08.2012, 15:29
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner: Dropper.Generic_c.MMI Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
04.09.2012, 09:13
| #3 |
| | Trojaner: Dropper.Generic_c.MMI Also, hier ist schonmal das Log von malware
__________________interessant zu wissen, das dies nicht der einzige Trojaner ist auf meinem Laptop. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.03.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 eMJay :: LUCY [Administrator] Schutz: Aktiviert 03.09.2012 17:57:12 mbam-log-2012-09-03 (22-03-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397844 Laufzeit: 1 Stunde(n), 13 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Keine Aktion durchgeführt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\000000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000000.@ (Rootkit.0Access.64) -> Keine Aktion durchgeführt. C:\Program Files (x86)\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Keine Aktion durchgeführt. (Ende) und hier das Log zu ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fdfee06336c1e43b8792439a75ffbe3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-03 10:44:24
# local_time=2012-09-04 12:44:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 44349319 44349319 0 0
# compatibility_mode=5893 16776574 33 85 51940969 98334294 0 0
# compatibility_mode=8192 67108863 100 0 679 679 0 0
# scanned=213461
# found=6
# cleaned=0
# scan_time=7820
C:\Users\eMJay\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2462f56e-18403cbc a variant of Java/Exploit.CVE-2012-1723.BG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000000.@ Win64/Sirefef.AP trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
gruß markus |
|
04.09.2012, 16:01
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMIZitat:
NICHTS voreilig aus der Quarantäne löschen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.09.2012, 22:59
| #5 |
| | Trojaner: Dropper.Generic_c.MMI Hallo, aufgrund eines allgemeinen Software Problems was ich mit meinem Laptop hatte (Blue-Screen) nach dem ich die dateien alle entfernt bzw. in die Quarantäne verschoben hatte, war ich gewungen meinen Laptop zu Recovern. habe direkt danach Malwarebytes durchlaufen lassen und hier die log dazu, es scheint nun wieder alles save zu sein, trotzdem dane und ich werde hier weiterhin mal reinschnüffeln, da es hier immer interessante beiträge rund um den schutz von pc's und Laptops gibt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.04.10 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 eMJay :: HILDEGARD [Administrator] Schutz: Aktiviert 04.09.2012 23:44:14 mbam-log-2012-09-04 (23-44-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 195415 Laufzeit: 2 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) nochmals danke an die hilfe die ich hier erhalten habe und auch noch weiter bekommen werde gruß Markus |
|
05.09.2012, 14:10
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMI adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Trojaner: Dropper.Generic_c.MMI |
|
05.09.2012, 23:31
| #7 |
| | Trojaner: Dropper.Generic_c.MMI also hier ist die log von adwcleaner, weiss nicht ob dass safe aussieht!?!? Log: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/06/2012 um 00:29:22 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : eMJay - HILDEGARD
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\eMJay\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\v1yw7e82.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1872 octets] - [06/09/2012 00:29:22]
########## EOF - C:\AdwCleaner[R1].txt - [1932 octets] ##########
|
|
06.09.2012, 14:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMI adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2012, 09:31
| #9 |
| | Trojaner: Dropper.Generic_c.MMI das ists nach dem löschvorgang Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/06/2012 um 00:29:22 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : eMJay - HILDEGARD
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\eMJay\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\v1yw7e82.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1872 octets] - [06/09/2012 00:29:22]
########## EOF - C:\AdwCleaner[R1].txt - [1932 octets] ##########
|
|
07.09.2012, 13:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMI Entweder falsches Log oder du hast wieder auf Suchen geklickt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2012, 23:11
| #11 |
| | Trojaner: Dropper.Generic_c.MMI ich glaube es sollte jetzt aussehen wie es jetzt aussieht, oder? nach gefühlten 3std wartezeit der konfiguration ist das heraus gekommen Log: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/08/2012 um 00:09:54 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : eMJay - HILDEGARD
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\eMJay\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\v1yw7e82.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1997 octets] - [06/09/2012 00:29:22]
AdwCleaner[R2].txt - [2070 octets] - [06/09/2012 00:30:35]
AdwCleaner[R3].txt - [2117 octets] - [07/09/2012 10:27:16]
AdwCleaner[S2].txt - [2547 octets] - [07/09/2012 10:27:30]
AdwCleaner[S3].txt - [1106 octets] - [07/09/2012 23:30:52]
AdwCleaner[R4].txt - [1036 octets] - [08/09/2012 00:09:54]
########## EOF - C:\AdwCleaner[R4].txt - [1096 octets] ##########
|
|
10.09.2012, 14:34
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMI ja so ist ok Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2012, 11:02
| #13 |
| | Trojaner: Dropper.Generic_c.MMI Also jetzt geht wieder alles uneingeschränkt, und leere ordner habe ich bis dato noch nicht gesehen, habe aber auch aufgrund meines Umzugs in eine andere Stadt auch noch nicht wirklich die möglichkeit gehabt da jetzt näher nach zu schauen. |
|
19.09.2012, 11:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: Dropper.Generic_c.MMI Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner: Dropper.Generic_c.MMI |
| ad.yieldmanager, avg, bho, converter, document, dropper.generic_c.mm, explorer, firefox, google earth, limited.com/facebook, mozilla, object, pdf, plug-in, registry, rootkit.0access, rootkit.0access.64, security, seiten, services.exe, software, system, trojan.bho, trojan.dropper.bcminer, trojaner, trojaner-system32-services.exe-dropper.generic_c.mmi, virenquarantäne, vista, win7 64bit, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
