![]() |
|
Log-Analyse und Auswertung: Virus EXP/CVE 2012-1723FOWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Virus EXP/CVE 2012-1723FO Hallo ich habe folgendes Problem: Kann den Computer nur noch im abgesicherten Modus starten. Habe Virenscanner von Avira genutzt und dieser hat 4 Viren erkannt. Leider habe ich diese sofort löschen lassen. Habe schon die rescue cd (rescue-system common-en) von Avira benutzt und das System zurückgesetzt auf einen Zeitpunkt vor der Virenerkennung. Habe auch schon CC Cleaner eingesetzt. Alles hat nicht zu einer Verbesserung geführt. Habe jetzt OTL Analyseprogramm gestartet. Bring nur die OTLtxt als Auswertung. Die Extras.txt habe ich nicht angezeigt bekommen. Bin jetzt kurz davor in meiner Verzweiflung Combofix einzusetzen und wollte nochmal rückfragen. Ist das der richtige Weg? (dies wird auf eurem Seiteneintrag mit der Virusangabe empfohlen 27.8.2012) Herzliche Grüße Karl1K Hier die OTL Datei [OTL logfile created on: 23.02.2013 09:09:27 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,67% Memory free 4,23 Gb Paging File | 3,84 Gb Available in Paging File | 90,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 105,93 Gb Free Space | 49,76% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,43 Gb Free Space | 52,16% Space Free | Partition Type: FAT32 Drive G: | 1,86 Gb Total Space | 1,57 Gb Free Space | 84,29% Space Free | Partition Type: FAT Computer Name: SABINEKRAUß-PC | User Name: Karl1k | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org) PRC - C:\Windows\HelpPane.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\OpenOffice.org 2.4\program\nsldap32v50.dll () MOD - C:\Programme\OpenOffice.org 2.4\program\libxslt.dll () MOD - C:\Programme\OpenOffice.org 2.4\program\libxml2.dll () ========== Services (SafeList) ========== SRV - (Nero BackItUp Scheduler 3) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe File not found SRV - (BsMailProxy) -- C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll File not found SRV - (BsFileScan) -- C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll File not found SRV - (BgMainSvc) -- C:\Program Files\BullGuard Software\BullGuard\BsMain.dll File not found SRV - (BGLiveSvc) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (RealNetworks Downloader Resolver Service) -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (Reconn) -- C:\Program Files\BullGuard Software\BullGuard\reconn.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mannheim.de/ IE - HKCU\..\SearchScopes,DefaultScope = {5624F8E7-B524-4488-ABAB-AE802DF33EA3} IE - HKCU\..\SearchScopes\{5624F8E7-B524-4488-ABAB-AE802DF33EA3}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.23 20:26:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.23 20:25:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.23 20:25:47 | 000,000,000 | ---D | M] [2010.03.14 17:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl1k\AppData\Roaming\mozilla\Extensions [2012.10.26 21:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karl1k\AppData\Roaming\mozilla\Firefox\Profiles\pgrujmdh.default\extensions [2012.08.14 20:57:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Karl1k\AppData\Roaming\mozilla\Firefox\Profiles\pgrujmdh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.02 06:29:48 | 000,005,325 | ---- | M] () -- C:\Users\Karl1k\AppData\Roaming\mozilla\firefox\profiles\pgrujmdh.default\searchplugins\t-online.xml [2010.10.02 06:29:35 | 000,005,426 | ---- | M] () -- C:\Users\Karl1k\AppData\Roaming\mozilla\firefox\profiles\pgrujmdh.default\searchplugins\yahoo.xml [2011.07.28 18:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.28 18:57:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.28 18:57:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT File not found (No name found) -- C:\USERS\SABINE KRAUß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PGRUJMDH.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.12.23 20:25:05 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google ![]() CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealDownloader = C:\Users\Karl1k\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DataLayer] C:\Programme\Common Files\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKCU..\Run: [NWB_steuerXpert] C:\Program Files\NWB\SteuerXpert\IPview.exe (SHI Elektronische Medien GmbH) O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Karl1k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Karl1k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: friadent-gmbh.de ([hermes] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 08:00:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.22 11:33:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.22 11:33:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.22 11:33:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.22 11:33:15 | 000,000,000 | --SD | C] -- C:\ComboFix [2013.02.22 11:16:56 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.22 11:16:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2011.04.11 19:23:59 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305_1409.exe [2008.08.03 20:28:03 | 003,167,496 | ---- | C] (DataDesign AG) -- C:\Users\Karl1k\DDBAC.EXE ========== Files - Modified Within 30 Days ========== [2013.02.23 08:33:12 | 000,680,454 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.23 08:33:12 | 000,639,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.23 08:33:12 | 000,148,200 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.23 08:33:12 | 000,121,830 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.23 07:56:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.23 07:55:56 | 000,381,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.18 20:58:00 | 000,000,680 | ---- | M] () -- C:\Users\Karl1k\AppData\Local\d3d9caps.dat [2013.02.17 18:48:58 | 000,028,504 | ---- | M] () -- C:\Users\Karl1k\AppData\Roaming\nvModes.001 [2013.02.17 18:47:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.17 18:47:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 18:47:37 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.16 22:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.16 22:29:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 06:56:38 | 000,028,504 | ---- | M] () -- C:\Users\Karl1k\AppData\Roaming\nvModes.dat [2013.01.27 23:14:29 | 000,001,266 | ---- | M] () -- C:\Windows\WISO.INI [2013.01.25 08:07:34 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job ========== Files Created - No Company Name ========== [2013.02.22 11:33:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.22 11:33:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.22 11:33:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.22 11:33:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.22 11:33:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.18 20:58:00 | 000,000,680 | ---- | C] () -- C:\Users\Karl1k\AppData\Local\d3d9caps.dat [2012.11.10 12:31:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.11.10 12:29:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.10.22 20:10:15 | 000,170,413 | ---- | C] () -- C:\Users\Karl1k\productEditor.jsf.htm [2011.09.18 11:45:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.08.10 18:22:35 | 000,000,000 | ---- | C] () -- C:\Windows\buhl.ini [2011.08.10 18:21:38 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI [2011.08.10 18:21:26 | 000,182,304 | ---- | C] () -- C:\Windows\System32\BpShellEx.dll [2010.09.19 21:58:07 | 000,044,253 | ---- | C] () -- C:\Users\Karl1k\part.mcf [2010.09.17 22:39:28 | 000,044,978 | ---- | C] () -- C:\Users\Karl1k\Mein Kalender 2011.mcf [2010.09.17 22:39:28 | 000,044,973 | ---- | C] () -- C:\Users\Karl1k\Mein Kalender 2011.mcf~ [2009.11.30 21:27:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.08 21:36:13 | 000,000,268 | R--- | C] () -- C:\ProgramData\Sci-Fi [2009.03.08 21:36:13 | 000,000,268 | R--- | C] () -- C:\Users\Karl1k\AppData\Roaming\Sample Delay [2009.03.08 21:36:13 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.03.08 21:36:13 | 000,000,012 | R--- | C] () -- C:\ProgramData\Smooth Strings [2008.09.20 15:10:48 | 000,028,504 | ---- | C] () -- C:\Users\Karl1k\AppData\Roaming\nvModes.001 [2008.09.20 15:10:47 | 000,028,504 | ---- | C] () -- C:\Users\Karl1k\AppData\Roaming\nvModes.dat [2008.04.08 20:18:34 | 000,000,052 | ---- | C] () -- C:\Users\Karl1k\AppData\Roaming\Default.PLS [2008.01.23 21:34:17 | 000,032,256 | ---- | C] () -- C:\Users\Karl1k\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.23 20:51:10 | 000,000,100 | ---- | C] () -- C:\Users\Karl1k\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.01.16 17:54:24 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Buhl [2008.04.24 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Buhl Data Service [2011.09.18 11:26:06 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Buhl Data Service GmbH [2012.01.31 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\ChessBase [2008.08.03 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\DataDesign [2012.05.07 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\DataLayer [2008.04.14 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\eurowin [2008.09.20 15:10:38 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\KIDDINX [2011.12.04 19:33:38 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\LetsTrade [2008.04.12 17:41:02 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\MAGIX [2010.04.06 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Nikon [2012.05.07 21:22:57 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Nokia [2012.05.07 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Nokia Multimedia Player [2011.07.24 12:24:55 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\NWB [2011.09.18 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\OpenCandy [2009.08.12 20:51:17 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\PC Suite [2013.01.20 18:18:51 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\redsn0w [2008.04.24 20:53:43 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Sonavis [2010.01.09 19:24:29 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Sony [2010.01.09 19:15:40 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\Sony Setup [2012.09.14 22:11:33 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\TuneUp Software [2008.09.07 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\TVcentral-Core [2009.07.02 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\Karl1k\AppData\Roaming\VMedia ========== Purity Check ========== < End of report > ] |
Themen zu Virus EXP/CVE 2012-1723FO |
abgesicherter modus, autorun, avira, bho, bonjour, cc cleaner, ccsetup, combofix, computer, defender, desktop, downloader, error, firefox, flash player, format, home, homepage, logfile, object, plug-in, problem, realtek, registry, scan, senden, software, virus, virus exp/cve, vista |