| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen2 in Skype.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2013, 11:18
| #11 |
 |  TR/Crypt.ZPACK.Gen2 in Skype.exe hallo, na dann bin ich froh dass wir noch einen check gemacht haben. weiß man was das die infizierte datei für ein zeug war? das norton removal tool habe ich ausgeführt, die beiden ordner (von 2009) sind aber immernoch da. in dem ordner "norton" gibt es nur die datei "symdata" (xml-dokument), im ordner "nortoninstaller" nur den unterordner "logs" mit solchen dateien "9-20-2009-01h19m22s". ich weiß nicht ob man das einfach löschen kann. der rechner läuft momentan wie immer (also normal aus meiner sicht). besondere sachen bzgl malware fallen mir nicht auf. hier ist noch das otl log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.01.2013 10:50:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobi\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,44% Memory free 6,00 Gb Paging File | 4,65 Gb Available in Paging File | 77,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 10,15 Gb Free Space | 4,36% Space Free | Partition Type: NTFS Drive D: | 221,16 Gb Total Space | 27,02 Gb Free Space | 12,22% Space Free | Partition Type: NTFS Computer Name: PC-TOBI | User Name: Tobi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Programme\P4G\BatteryLife.exe (ATK) PRC - C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Programme\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Programme\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe (SRS Labs, Inc.) PRC - C:\Programme\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Programme\ASUS\ASUS CopyProtect\ASPG.exe (ASUS) PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Programme\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Programme\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\P4G\OvrClk.dll () MOD - C:\Programme\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Programme\P4G\DevMng.dll () MOD - C:\Programme\ASUS\Splendid\GLCDdll.dll () MOD - C:\Programme\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Programme\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll () MOD - C:\Programme\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll () MOD - C:\Programme\ATKGFNEX\AGFNEX.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (catchme) -- C:\Users\Tobi\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ASUS) DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.2.1/ IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS IE - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tobi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.11 21:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 09:15:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 09:15:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.19 09:15:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.19 09:15:30 | 000,000,000 | ---D | M] [2011.12.12 21:44:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions [2012.11.24 09:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\8c1cp6mx.default\extensions [2012.11.24 09:39:44 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\8c1cp6mx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.22 11:20:51 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\8c1cp6mx.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.01.19 09:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 09:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.19 09:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.19 09:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.19 09:15:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.19 09:15:32 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.02 18:29:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 11:37:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.02 18:29:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.02 18:29:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.02 18:29:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.02 18:29:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.23 19:05:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [ADSMTray] C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-926043760-3848155677-2089075538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F6D8DC7-3477-4038-BAF7-8A15BC169DFD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.25 10:47:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2013.01.24 23:49:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.01.23 19:16:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.23 19:10:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.23 19:05:13 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\temp [2013.01.23 18:53:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.23 18:53:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.23 18:53:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.23 18:53:22 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.23 18:51:14 | 005,026,296 | R--- | C] (Swearware) -- C:\Users\Tobi\Desktop\ComboFix.exe [2013.01.19 09:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.16 17:25:23 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Programs [2013.01.06 12:03:47 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Documents\OneNote-Notizbücher [2012.12.29 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\.freeciv [2012.12.28 14:57:26 | 000,000,000 | ---D | C] -- C:\Users\Tobi\Desktop\Weihnachten 2012 [2008.08.12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2013.01.25 10:47:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe [2013.01.25 08:59:32 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.25 08:59:32 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.25 08:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.25 08:51:53 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 23:19:41 | 000,684,000 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2013.01.23 23:19:41 | 000,681,356 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2013.01.23 23:19:41 | 000,680,010 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2013.01.23 23:19:41 | 000,679,642 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013.01.23 23:19:41 | 000,670,084 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2013.01.23 23:19:41 | 000,666,732 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2013.01.23 23:19:41 | 000,654,470 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2013.01.23 23:19:41 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.23 23:19:41 | 000,623,220 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2013.01.23 23:19:41 | 000,614,512 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2013.01.23 23:19:41 | 000,609,266 | ---- | M] () -- C:\Windows\System32\perfh01D.dat [2013.01.23 23:19:41 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.23 23:19:41 | 000,601,758 | ---- | M] () -- C:\Windows\System32\perfh01F.dat [2013.01.23 23:19:41 | 000,440,052 | ---- | M] () -- C:\Windows\System32\perfh014.dat [2013.01.23 23:19:41 | 000,394,978 | ---- | M] () -- C:\Windows\System32\perfh012.dat [2013.01.23 23:19:41 | 000,383,546 | ---- | M] () -- C:\Windows\System32\perfh011.dat [2013.01.23 23:19:41 | 000,346,674 | ---- | M] () -- C:\Windows\System32\perfh00D.dat [2013.01.23 23:19:41 | 000,144,282 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2013.01.23 23:19:41 | 000,133,704 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2013.01.23 23:19:41 | 000,131,232 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013.01.23 23:19:41 | 000,130,586 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2013.01.23 23:19:41 | 000,129,608 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2013.01.23 23:19:41 | 000,128,892 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2013.01.23 23:19:41 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.23 23:19:41 | 000,124,922 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2013.01.23 23:19:41 | 000,124,006 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2013.01.23 23:19:41 | 000,120,648 | ---- | M] () -- C:\Windows\System32\perfc01D.dat [2013.01.23 23:19:41 | 000,118,684 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2013.01.23 23:19:41 | 000,118,200 | ---- | M] () -- C:\Windows\System32\perfc01F.dat [2013.01.23 23:19:41 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc011.dat [2013.01.23 23:19:41 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.23 23:19:41 | 000,101,856 | ---- | M] () -- C:\Windows\System32\perfc012.dat [2013.01.23 23:19:41 | 000,074,002 | ---- | M] () -- C:\Windows\System32\perfc014.dat [2013.01.23 23:19:41 | 000,066,274 | ---- | M] () -- C:\Windows\System32\perfc00D.dat [2013.01.23 19:05:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.01.23 18:51:31 | 005,026,296 | R--- | M] (Swearware) -- C:\Users\Tobi\Desktop\ComboFix.exe [2013.01.22 07:17:41 | 000,365,568 | ---- | M] () -- C:\Users\Tobi\Desktop\61n62fcw.exe [2013.01.21 17:46:53 | 000,000,020 | ---- | M] () -- C:\Users\Tobi\defogger_reenable [2013.01.21 14:41:13 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe [2013.01.21 11:41:03 | 000,036,352 | ---- | M] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.16 17:25:46 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 17:28:30 | 000,217,152 | ---- | M] () -- C:\Users\Tobi\Documents\Recording.mp3 [2012.12.29 18:02:52 | 000,007,626 | ---- | M] () -- C:\Users\Tobi\AppData\Roaming\.freeciv-client-rc-2.3 ========== Files Created - No Company Name ========== [2013.01.23 18:53:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.23 18:53:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.23 18:53:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.23 18:53:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.23 18:53:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.22 07:17:39 | 000,365,568 | ---- | C] () -- C:\Users\Tobi\Desktop\61n62fcw.exe [2013.01.21 17:46:36 | 000,000,020 | ---- | C] () -- C:\Users\Tobi\defogger_reenable [2013.01.21 14:41:12 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe [2012.12.29 18:02:52 | 000,007,626 | ---- | C] () -- C:\Users\Tobi\AppData\Roaming\.freeciv-client-rc-2.3 [2012.06.26 12:33:06 | 000,007,606 | ---- | C] () -- C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg [2012.05.15 09:27:11 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012.03.13 19:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll [2012.03.10 14:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll [2012.03.10 14:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll [2012.03.10 14:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll [2012.03.10 14:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll [2012.03.10 14:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll [2012.03.10 14:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll [2012.02.26 17:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.02.26 17:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2012.02.26 17:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2012.02.26 17:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2012.02.26 17:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2012.02.26 17:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2012.02.26 17:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2012.02.26 17:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2012.02.26 17:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2012.02.26 17:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll [2011.09.08 15:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll [2011.09.08 15:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll [2011.09.08 15:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll [2011.09.08 15:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll [2011.09.08 15:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2011.09.08 15:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll [2011.09.08 15:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2011.09.08 15:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2011.09.08 14:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2011.09.08 14:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2011.05.30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.05.23 08:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.05.17 14:35:11 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.05.17 14:35:11 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll [2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll [2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll [2010.02.18 11:43:36 | 000,036,352 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.12.29 17:59:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\.freeciv [2011.11.16 23:03:14 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\AnvSoft [2010.01.20 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\BITS [2012.12.11 16:33:48 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\DAEMON Tools Lite [2009.12.06 19:03:31 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EDuke32 Settings [2011.12.12 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\IrfanView [2010.04.22 12:36:50 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech [2010.12.09 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Meltdown [2012.09.14 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Unity [2010.12.09 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\yang ========== Purity Check ========== < End of report > gruß bumbesberti |
| Themen zu TR/Crypt.ZPACK.Gen2 in Skype.exe |
| administrator, anti-malware, antivirus, aufsetzen, autostart, avira, code, datei, dateien, downloader, escan, explorer, fehlalarm, frage, free, gelöscht, google, malwarebytes, neu, neu aufsetzen, nicht möglich, online, profi, programm, scan, system, system neu, trojan |
Baum-Darstellung