|
Mülltonne: 2x | Trojaner ihavent.comWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
27.08.2013, 18:21 | #1 |
| 2x | Trojaner ihavent.com Hallo, seit kurzem habe ich den Trojaner ihavent.com auf meinem Rechner. Ich werde bei Google immer auf ihavent.com umgeleitet. Ich habe OLT runter geladen und scann durchlaufen lassen mit dem Ergebnis:OTL logfile created on: 27.08.2013 17:34:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\m\Fotos+Üstra+Bücher\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 58,91% Memory free 3,35 Gb Paging File | 2,69 Gb Available in Paging File | 80,28% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 68,36 Gb Total Space | 52,39 Gb Free Space | 76,63% Space Free | Partition Type: NTFS Drive D: | 29,30 Gb Total Space | 20,85 Gb Free Space | 71,16% Space Free | Partition Type: NTFS Drive E: | 88,65 Gb Total Space | 53,73 Gb Free Space | 60,61% Space Free | Partition Type: NTFS Computer Name: MILES | User Name: m | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\m\Fotos+Üstra+Bücher\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) PRC - C:\Programme\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Hardcopy\hardcopy.exe (sw4you) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.) PRC - C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe () PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Hardcopy\HcDllS.dll () MOD - C:\Programme\Hardcopy\HcDLL2_38_Win32.dll () MOD - C:\Programme\Hardcopy\hardcopy_05.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe (SiSoftware) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (hpdj) -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Temp\hpdj.exe (HP) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation) DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys () DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys (SiSoftware) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.) DRV - (GMFilter) -- C:\WINDOWS\system32\drivers\GMFilter.sys () DRV - (skbusenum) -- C:\WINDOWS\system32\drivers\SKBusEnum.sys (Windows (R) 2000 DDK provider) DRV - (VirtualK) -- C:\WINDOWS\system32\drivers\VirtualK.sys (Windows (R) 2000 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Programme\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "eBay" FF - prefs.js..browser.search.order.1: "Ask Search" FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar_AVIRA-V7%40apn.ask.com:20.53263 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.08.17 19:45:44 | 000,000,000 | ---D | M] [2011.03.12 22:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Extensions [2013.08.07 20:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Firefox\Profiles\ge2akdbi.default\extensions [2013.08.07 20:46:58 | 000,710,726 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Firefox\Profiles\ge2akdbi.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013.08.17 19:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.08.17 19:45:37 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.08.17 19:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.08.17 19:46:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.02.20 17:47:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Standardprofil (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: Click to call with Skype = C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnTBMon] C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\m\Startmenü\Programme\Autostart\GM_DevUpdate.lnk = C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe () O4 - Startup: C:\Dokumente und Einstellungen\m\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BFE4CA-9D87-493D-B2CA-9D2BBDADE008}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.03.12 22:28:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.08.17 19:45:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.08.15 12:04:11 | 000,000,000 | ---D | C] -- C:\946075a2a3eb8ef8a5c225211e [2013.08.07 20:18:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\AskPartnerNetwork [2013.08.07 20:17:05 | 000,000,000 | ---D | C] -- C:\Programme\AskPartnerNetwork [2013.08.07 20:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AskPartnerNetwork [2013.08.07 20:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN [2013.08.07 20:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2013.08.07 20:14:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.08.07 20:14:08 | 000,136,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.08.07 20:14:08 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.08.07 20:14:07 | 000,088,840 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.08.07 20:14:06 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS [2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES [2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED [2013.08.07 18:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Avira [2013.08.03 11:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2012.05.28 15:24:46 | 000,167,784 | ---- | C] (Avira GmbH) -- C:\Programme\webcat.dll [2012.05.28 15:24:46 | 000,119,144 | ---- | C] (Avira GmbH) -- C:\Programme\wksstats.dll [2012.05.28 15:24:46 | 000,080,728 | ---- | C] (Avira GmbH) -- C:\Programme\wsctool.exe [2012.05.28 15:24:35 | 000,581,288 | ---- | C] (Avira GmbH) -- C:\Programme\update.exe [2012.05.28 15:24:35 | 000,415,080 | ---- | C] (Avira GmbH) -- C:\Programme\update.dll [2012.05.28 15:24:35 | 000,191,336 | ---- | C] (Avira GmbH) -- C:\Programme\updext.dll [2012.05.28 15:24:35 | 000,151,400 | ---- | C] (Avira GmbH) -- C:\Programme\updgui.dll [2012.05.28 15:24:35 | 000,077,569 | ---- | C] (ACE Compression Software) -- C:\Programme\unacev2.dll [2012.05.28 15:24:35 | 000,056,680 | ---- | C] (Avira GmbH) -- C:\Programme\updaterc.dll [2012.05.28 15:24:35 | 000,033,025 | ---- | C] (Avira GmbH) -- C:\Programme\updfix.exe [2012.05.28 15:24:35 | 000,011,112 | ---- | C] (Avira GmbH) -- C:\Programme\updguirc.dll [2012.05.28 15:24:34 | 000,679,592 | ---- | C] (Avira GmbH) -- C:\Programme\setup.exe [2012.05.28 15:24:34 | 000,136,360 | ---- | C] (Avira GmbH) -- C:\Programme\sched.exe [2012.05.28 15:24:34 | 000,098,664 | ---- | C] (Avira GmbH) -- C:\Programme\rctext.dll [2012.05.28 15:24:34 | 000,086,376 | ---- | C] (Avira GmbH) -- C:\Programme\shlext.dll [2012.05.28 15:24:34 | 000,077,160 | ---- | C] (Avira GmbH) -- C:\Programme\setup.dll [2012.05.28 15:24:34 | 000,028,417 | ---- | C] (Avira GmbH) -- C:\Programme\smtplib.dll [2012.05.28 15:24:34 | 000,020,328 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_pt.dll [2012.05.28 15:24:34 | 000,019,816 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_it.dll [2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_ru.dll [2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_es.dll [2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_en.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_zhtw.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_zhcn.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_ko.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_jp.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_fr.dll [2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_de.dll [2012.05.28 15:24:34 | 000,013,672 | ---- | C] (Avira GmbH) -- C:\Programme\redist.dll [2012.05.28 15:24:34 | 000,008,552 | ---- | C] (Avira GmbH) -- C:\Programme\schedr.dll [2012.05.28 15:24:34 | 000,006,504 | ---- | C] (Avira GmbH) -- C:\Programme\restartrc.dll [2012.05.28 15:24:33 | 002,589,544 | ---- | C] (Avira GmbH) -- C:\Programme\rcimage.dll [2012.05.28 15:24:33 | 000,767,488 | ---- | C] (Sleepycat Software) -- C:\Programme\libdb44.dll [2012.05.28 15:24:33 | 000,511,336 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrd.dll [2012.05.28 15:24:33 | 000,370,024 | ---- | C] (Avira GmbH) -- C:\Programme\cctpc.dll [2012.05.28 15:24:33 | 000,353,960 | ---- | C] (Avira GmbH) -- C:\Programme\fact.exe [2012.05.28 15:24:33 | 000,290,664 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdate.dll [2012.05.28 15:24:33 | 000,288,616 | ---- | C] (Avira GmbH) -- C:\Programme\ccwkrlib.dll [2012.05.28 15:24:33 | 000,244,072 | ---- | C] (Avira GmbH) -- C:\Programme\extdlgfw.dll [2012.05.28 15:24:33 | 000,132,456 | ---- | C] (Avira GmbH) -- C:\Programme\licmgr.exe [2012.05.28 15:24:33 | 000,121,704 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdw.dll [2012.05.28 15:24:33 | 000,104,296 | ---- | C] (Avira GmbH) -- C:\Programme\msgclient.dll [2012.05.28 15:24:33 | 000,103,272 | ---- | C] (Avira GmbH) -- C:\Programme\mgrs.dll [2012.05.28 15:24:33 | 000,077,160 | ---- | C] (Avira GmbH) -- C:\Programme\ccschedw.dll [2012.05.28 15:24:33 | 000,075,112 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrdw.dll [2012.05.28 15:24:33 | 000,072,552 | ---- | C] (Avira GmbH) -- C:\Programme\rchelp.dll [2012.05.28 15:24:33 | 000,071,848 | ---- | C] (Avira GmbH) -- C:\Programme\guardgui.exe [2012.05.28 15:24:33 | 000,054,120 | ---- | C] (Avira GmbH) -- C:\Programme\cfglib.dll [2012.05.28 15:24:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\Programme\luke.dll [2012.05.28 15:24:33 | 000,037,224 | ---- | C] (Avira GmbH) -- C:\Programme\guardmsg.dll [2012.05.28 15:24:33 | 000,027,496 | ---- | C] (Avira GmbH) -- C:\Programme\factrc.dll [2012.05.28 15:24:33 | 000,025,448 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdrc.dll [2012.05.28 15:24:33 | 000,021,352 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrdrc.dll [2012.05.28 15:24:33 | 000,021,352 | ---- | C] (Avira GmbH) -- C:\Programme\ccscherc.dll [2012.05.28 15:24:33 | 000,017,064 | ---- | C] (Avira GmbH) -- C:\Programme\guardhlp.exe [2012.05.28 15:24:33 | 000,016,744 | ---- | C] (Avira GmbH) -- C:\Programme\onlcfg.dll [2012.05.28 15:24:33 | 000,013,672 | ---- | C] (Avira GmbH) -- C:\Programme\lukeres.dll [2012.05.28 15:24:33 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\netnt.dll [2012.05.28 15:24:33 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\licmgr.dll [2012.05.28 15:24:32 | 000,659,304 | ---- | C] (Avira GmbH) -- C:\Programme\ccprofil.dll [2012.05.28 15:24:32 | 000,511,336 | ---- | C] (Avira GmbH) -- C:\Programme\ccquamgr.dll [2012.05.28 15:24:32 | 000,446,312 | ---- | C] (Avira GmbH) -- C:\Programme\ccguard.dll [2012.05.28 15:24:32 | 000,439,144 | ---- | C] (Avira GmbH) -- C:\Programme\ccsched.dll [2012.05.28 15:24:32 | 000,435,560 | ---- | C] (Avira GmbH) -- C:\Programme\ccreport.dll [2012.05.28 15:24:32 | 000,322,920 | ---- | C] (Avira GmbH) -- C:\Programme\cchips.dll [2012.05.28 15:24:32 | 000,304,488 | ---- | C] (Avira GmbH) -- C:\Programme\ccmsg.dll [2012.05.28 15:24:32 | 000,211,713 | ---- | C] (Avira GmbH) -- C:\Programme\cclib.dll [2012.05.28 15:24:32 | 000,174,440 | ---- | C] (Avira GmbH) -- C:\Programme\cclic.dll [2012.05.28 15:24:32 | 000,114,536 | ---- | C] (Avira GmbH) -- C:\Programme\ccquaw.dll [2012.05.28 15:24:32 | 000,094,568 | ---- | C] (Avira GmbH) -- C:\Programme\ccscanw.dll [2012.05.28 15:24:32 | 000,092,520 | ---- | C] (Avira GmbH) -- C:\Programme\ccgrdw.dll [2012.05.28 15:24:32 | 000,082,280 | ---- | C] (Avira GmbH) -- C:\Programme\ccgenw.dll [2012.05.28 15:24:32 | 000,060,264 | ---- | C] (Avira GmbH) -- C:\Programme\ccrepow.dll [2012.05.28 15:24:32 | 000,039,784 | ---- | C] (Avira GmbH) -- C:\Programme\ccgenrc.dll [2012.05.28 15:24:32 | 000,035,688 | ---- | C] (Avira GmbH) -- C:\Programme\ccscanrc.dll [2012.05.28 15:24:32 | 000,025,448 | ---- | C] (Avira GmbH) -- C:\Programme\ccgrdrc.dll [2012.05.28 15:24:32 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\ccquarc.dll [2012.05.28 15:24:32 | 000,017,768 | ---- | C] (Avira GmbH) -- C:\Programme\cclicw.dll [2012.05.28 15:24:32 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\ccreporc.dll [2012.05.28 15:24:32 | 000,009,576 | ---- | C] (Avira GmbH) -- C:\Programme\cchipsrc.dll [2012.05.28 15:24:32 | 000,008,552 | ---- | C] (Avira GmbH) -- C:\Programme\ccmainrc.dll [2012.05.28 15:24:32 | 000,005,480 | ---- | C] (Avira GmbH) -- C:\Programme\ccmsgrc.dll [2012.05.28 15:24:32 | 000,005,480 | ---- | C] (Avira GmbH) -- C:\Programme\cclicrc.dll [2012.05.28 15:24:31 | 000,873,832 | ---- | C] (Avira GmbH) -- C:\Programme\ccgen.dll [2012.05.28 15:24:31 | 000,452,456 | ---- | C] (Avira GmbH) -- C:\Programme\ccev.dll [2012.05.28 15:24:31 | 000,452,456 | ---- | C] (Avira GmbH) -- C:\Programme\ccavscanex.dll [2012.05.28 15:24:31 | 000,428,200 | ---- | C] (Avira GmbH) -- C:\Programme\avwebgrd.exe [2012.05.28 15:24:31 | 000,280,232 | ---- | C] (Avira GmbH) -- C:\Programme\avsda.dll [2012.05.28 15:24:31 | 000,239,976 | ---- | C] (Avira GmbH) -- C:\Programme\avwmi.dll [2012.05.28 15:24:31 | 000,214,184 | ---- | C] (Avira GmbH) -- C:\Programme\avwebloader.exe [2012.05.28 15:24:31 | 000,119,656 | ---- | C] (Avira GmbH) -- C:\Programme\avscplr.dll [2012.05.28 15:24:31 | 000,098,480 | ---- | C] (Avira GmbH) -- C:\Programme\avwsc.exe [2012.05.28 15:24:31 | 000,093,032 | ---- | C] (Avira GmbH) -- C:\Programme\ccevw.dll [2012.05.28 15:24:31 | 000,076,968 | ---- | C] (Avira GmbH) -- C:\Programme\avshadow.exe [2012.05.28 15:24:31 | 000,063,848 | ---- | C] (Avira GmbH) -- C:\Programme\avsmtp.dll [2012.05.28 15:24:31 | 000,060,072 | ---- | C] (Avira GmbH) -- C:\Programme\avupgsvc.exe [2012.05.28 15:24:31 | 000,057,192 | ---- | C] (Avira GmbH) -- C:\Programme\avscan.dll [2012.05.28 15:24:31 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\avwinll.dll [2012.05.28 15:24:31 | 000,016,744 | ---- | C] (Avira GmbH) -- C:\Programme\avwebgrc.dll [2012.05.28 15:24:31 | 000,015,208 | ---- | C] (Avira GmbH) -- C:\Programme\ccavscanexrc.dll [2012.05.28 15:24:31 | 000,012,136 | ---- | C] (Avira GmbH) -- C:\Programme\ccevrc.dll [2012.05.28 15:24:30 | 000,495,464 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.dll [2012.05.28 15:24:30 | 000,484,008 | ---- | C] (Avira GmbH) -- C:\Programme\avscan.exe [2012.05.28 15:24:30 | 000,435,560 | ---- | C] (Avira GmbH) -- C:\Programme\avghook.dll [2012.05.28 15:24:30 | 000,370,856 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.exe [2012.05.28 15:24:30 | 000,343,400 | ---- | C] (Avira GmbH) -- C:\Programme\avnetworkloadergui.dll [2012.05.28 15:24:30 | 000,281,768 | ---- | C] (Avira GmbH) -- C:\Programme\avgnt.exe [2012.05.28 15:24:30 | 000,269,480 | ---- | C] (Avira GmbH) -- C:\Programme\avguard.exe [2012.05.28 15:24:30 | 000,223,912 | ---- | C] (Avira GmbH) -- C:\Programme\avnotify.exe [2012.05.28 15:24:30 | 000,203,112 | ---- | C] (Avira GmbH) -- C:\Programme\avevtlog.dll [2012.05.28 15:24:30 | 000,195,240 | ---- | C] (Avira GmbH) -- C:\Programme\avrestart.exe [2012.05.28 15:24:30 | 000,174,120 | ---- | C] (Avira GmbH) -- C:\Programme\avrep.dll [2012.05.28 15:24:30 | 000,128,257 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig64.cpl [2012.05.28 15:24:30 | 000,122,216 | ---- | C] (Avira GmbH) -- C:\Programme\avesvc.dll [2012.05.28 15:24:30 | 000,117,608 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.cpl [2012.05.28 15:24:30 | 000,089,960 | ---- | C] (Avira GmbH) -- C:\Programme\avgio.dll [2012.05.28 15:24:30 | 000,088,833 | ---- | C] (Avira GmbH) -- C:\Programme\avreg.dll [2012.05.28 15:24:30 | 000,068,776 | ---- | C] (Avira GmbH) -- C:\Programme\avhlp.exe [2012.05.28 15:24:30 | 000,062,312 | ---- | C] (Avira GmbH) -- C:\Programme\avipc.dll [2012.05.28 15:24:30 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Programme\avgntflt.sys [2012.05.28 15:24:30 | 000,044,904 | ---- | C] (Avira GmbH) -- C:\Programme\avpref.dll [2012.05.28 15:24:30 | 000,034,664 | ---- | C] (Avira GmbH) -- C:\Programme\avnetworkloader.dll [2012.05.28 15:24:30 | 000,014,184 | ---- | C] (Avira GmbH) -- C:\Programme\avinet.dll [2012.05.28 15:24:30 | 000,012,648 | ---- | C] (Avira GmbH) -- C:\Programme\avevtrc.dll [2012.05.28 15:24:30 | 000,012,136 | ---- | C] (Avira GmbH) -- C:\Programme\avconfigrc.dll [2012.05.28 15:24:30 | 000,011,608 | ---- | C] (Avira GmbH) -- C:\Programme\avgio.sys [2012.05.28 15:24:30 | 000,010,088 | ---- | C] (Avira GmbH) -- C:\Programme\avesvcr.dll [2012.05.28 15:24:30 | 000,008,040 | ---- | C] (Avira GmbH) -- C:\Programme\avnotify.dll [2012.05.28 15:24:29 | 003,351,432 | ---- | C] (Ask) -- C:\Programme\ApnToolbarInstaller.exe [2012.05.28 15:24:29 | 000,556,392 | ---- | C] (Avira GmbH) -- C:\Programme\avbb.dll [2012.05.28 15:24:29 | 000,400,040 | ---- | C] (Avira GmbH) -- C:\Programme\avcenter.exe [2012.05.28 15:24:29 | 000,255,336 | ---- | C] (Avira GmbH) -- C:\Programme\avarkt.dll [2012.05.28 15:24:29 | 000,118,616 | ---- | C] (Avira GmbH) -- C:\Programme\avadmin.exe [2012.05.28 15:24:29 | 000,108,424 | ---- | C] (Ask.com) -- C:\Programme\ApnStub.exe [2012.05.28 15:24:28 | 000,178,568 | ---- | C] (Ask.com) -- C:\Programme\ApnIC.dll [2012.05.28 15:24:23 | 000,106,868 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aevdf.dll [2012.05.28 15:24:22 | 000,807,287 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aepack.dll [2012.05.28 15:24:22 | 000,639,348 | ---- | C] (Avira GmbH) -- C:\Programme\aerdl.dll [2012.05.28 15:24:22 | 000,606,579 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aesbx.dll [2012.05.28 15:24:22 | 000,455,034 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aescript.dll [2012.05.28 15:24:22 | 000,201,082 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeoffice.dll [2012.05.28 15:24:22 | 000,131,444 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aescn.dll [2012.05.28 15:24:20 | 004,800,886 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeheur.dll [2012.05.28 15:24:20 | 000,422,260 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aegen.dll [2012.05.28 15:24:20 | 000,393,589 | ---- | C] (Avira GmbH) -- C:\Programme\aeemu.dll [2012.05.28 15:24:20 | 000,254,326 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aehelp.dll [2012.05.28 15:24:20 | 000,201,078 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aecore.dll [2012.05.28 15:24:20 | 000,082,292 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeexp.dll [2012.05.28 15:24:20 | 000,053,618 | ---- | C] (Avira GmbH) -- C:\Programme\aebb.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.08.27 17:58:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.08.27 17:43:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.08.27 17:04:28 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.08.27 17:04:25 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PZNRVOR.job [2013.08.27 17:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.08.26 20:19:47 | 000,064,512 | ---- | M] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.08.26 18:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.08.21 14:25:43 | 000,099,814 | ---- | M] () -- C:\WINDOWS\tresckowstr.bmp [2013.08.20 10:45:51 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.08.20 10:45:51 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.08.15 18:48:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.08.15 18:43:29 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.08.15 18:43:29 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.08.15 18:43:29 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.08.15 18:43:29 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.08.07 20:14:25 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.08.06 15:53:51 | 000,541,696 | RHS- | M] () -- C:\WINDOWS\System32\dbgengu.dll [2013.08.03 11:40:50 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.08.01 14:49:07 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.21 14:25:43 | 000,099,814 | ---- | C] () -- C:\WINDOWS\tresckowstr.bmp [2013.08.07 20:14:25 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2013.08.06 15:53:51 | 000,541,696 | RHS- | C] () -- C:\WINDOWS\System32\dbgengu.dll [2013.08.06 15:53:51 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\PZNRVOR.job [2013.08.03 11:40:50 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.04.12 21:54:46 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013.04.12 21:54:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013.04.12 21:54:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.03.16 21:33:15 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\.backup.dm [2013.03.04 19:05:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.05.28 15:24:46 | 000,110,004 | ---- | C] () -- C:\Programme\webcat2.dat [2012.05.28 15:24:46 | 000,066,396 | ---- | C] () -- C:\Programme\webcat3.dat [2012.05.28 15:24:46 | 000,007,624 | ---- | C] () -- C:\Programme\webcat4.dat [2012.05.28 15:24:46 | 000,000,074 | ---- | C] () -- C:\Programme\weblink.url [2012.05.28 15:24:45 | 002,128,998 | ---- | C] () -- C:\Programme\webcat0.dat [2012.05.28 15:24:45 | 000,852,973 | ---- | C] () -- C:\Programme\webcat1.dat [2012.05.28 15:24:45 | 000,287,744 | ---- | C] () -- C:\Programme\vbase017.vdf [2012.05.28 15:24:45 | 000,223,744 | ---- | C] () -- C:\Programme\vbase016.vdf [2012.05.28 15:24:45 | 000,198,144 | ---- | C] () -- C:\Programme\vbase014.vdf [2012.05.28 15:24:45 | 000,186,368 | ---- | C] () -- C:\Programme\vbase015.vdf [2012.05.28 15:24:45 | 000,111,616 | ---- | C] () -- C:\Programme\vbase031.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase030.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase029.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase028.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase027.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase026.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase025.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase024.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase023.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase022.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase021.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase020.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase019.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase018.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase013.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase012.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase011.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase010.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase009.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase008.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase007.vdf [2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase006.vdf [2012.05.28 15:24:44 | 004,329,472 | ---- | C] () -- C:\Programme\vbase004.vdf [2012.05.28 15:24:44 | 002,166,272 | ---- | C] () -- C:\Programme\vbase005.vdf [2012.05.28 15:24:43 | 004,472,832 | ---- | C] () -- C:\Programme\vbase003.vdf [2012.05.28 15:24:41 | 014,374,912 | ---- | C] () -- C:\Programme\vbase002.vdf [2012.05.28 15:24:38 | 013,342,208 | ---- | C] () -- C:\Programme\vbase001.vdf [2012.05.28 15:24:35 | 019,875,328 | ---- | C] () -- C:\Programme\vbase000.vdf [2012.05.28 15:24:35 | 000,001,642 | ---- | C] () -- C:\Programme\sysscan.avp [2012.05.28 15:24:35 | 000,001,148 | ---- | C] () -- C:\Programme\sysdir.avp [2012.05.28 15:24:34 | 000,355,688 | ---- | C] () -- C:\Programme\sqlite3.dll [2012.05.28 15:24:34 | 000,127,152 | ---- | C] () -- C:\Programme\sweb.zip [2012.05.28 15:24:34 | 000,126,824 | ---- | C] () -- C:\Programme\scewxmlw.dll [2012.05.28 15:24:34 | 000,001,158 | ---- | C] () -- C:\Programme\rmdiscs.avp [2012.05.28 15:24:34 | 000,001,030 | ---- | C] () -- C:\Programme\ssmdrv.inf [2012.05.28 15:24:34 | 000,000,804 | ---- | C] () -- C:\Programme\setupprf.dat [2012.05.28 15:24:33 | 000,042,836 | ---- | C] () -- C:\Programme\oembleft.bmp [2012.05.28 15:24:33 | 000,034,796 | ---- | C] () -- C:\Programme\default.wav [2012.05.28 15:24:33 | 000,010,236 | ---- | C] () -- C:\Programme\defaults.ini [2012.05.28 15:24:33 | 000,005,456 | ---- | C] () -- C:\Programme\prodinfo.dat [2012.05.28 15:24:33 | 000,002,950 | ---- | C] () -- C:\Programme\prefix_msg.avr [2012.05.28 15:24:33 | 000,002,530 | ---- | C] () -- C:\Programme\gavid.xsl [2012.05.28 15:24:33 | 000,002,360 | ---- | C] () -- C:\Programme\inetset.bin [2012.05.28 15:24:33 | 000,001,448 | ---- | C] () -- C:\Programme\quicksysscan.avp [2012.05.28 15:24:33 | 000,001,078 | ---- | C] () -- C:\Programme\mydocs.avp [2012.05.28 15:24:33 | 000,001,000 | ---- | C] () -- C:\Programme\process.avp [2012.05.28 15:24:32 | 000,014,887 | ---- | C] () -- C:\Programme\ccplg.xml [2012.05.28 15:24:31 | 000,975,398 | ---- | C] () -- C:\Programme\avwin.chm [2012.05.28 15:24:31 | 000,036,070 | ---- | C] () -- C:\Programme\build.dat [2012.05.28 15:24:30 | 000,002,374 | ---- | C] () -- C:\Programme\avgntflt.inf [2012.05.28 15:24:30 | 000,001,642 | ---- | C] () -- C:\Programme\avipbb.inf [2012.05.28 15:24:30 | 000,001,216 | ---- | C] () -- C:\Programme\avscan.dat [2012.05.28 15:24:28 | 000,292,352 | ---- | C] () -- C:\Programme\antivir3.vdf [2012.05.28 15:24:28 | 000,000,256 | ---- | C] () -- C:\Programme\antivir.oem [2012.05.28 15:24:27 | 005,998,592 | ---- | C] () -- C:\Programme\antivir2.vdf [2012.05.28 15:24:26 | 005,707,264 | ---- | C] () -- C:\Programme\antivir1.vdf [2012.05.28 15:24:23 | 015,603,712 | ---- | C] () -- C:\Programme\antivir0.vdf [2012.05.28 15:24:23 | 000,078,013 | ---- | C] () -- C:\Programme\antivir0.rdf [2012.05.28 15:24:23 | 000,003,513 | ---- | C] () -- C:\Programme\alertcat.htm [2012.05.28 15:24:23 | 000,003,289 | ---- | C] () -- C:\Programme\alertpcc.htm [2012.05.28 15:24:23 | 000,003,233 | ---- | C] () -- C:\Programme\alertvir.htm [2012.05.28 15:24:23 | 000,003,196 | ---- | C] () -- C:\Programme\alerttyp.htm [2012.05.28 15:24:23 | 000,003,172 | ---- | C] () -- C:\Programme\alertpcu.htm [2012.05.28 15:24:23 | 000,002,367 | ---- | C] () -- C:\Programme\aeset.dat [2012.05.28 15:24:23 | 000,001,226 | ---- | C] () -- C:\Programme\aevdf.dat [2012.05.28 15:24:23 | 000,001,190 | ---- | C] () -- C:\Programme\alldrives.avp [2012.05.28 15:24:23 | 000,001,076 | ---- | C] () -- C:\Programme\alldiscs.avp [2012.05.28 15:24:22 | 000,088,150 | ---- | C] () -- C:\Programme\aelidb.dat [2012.05.28 15:24:19 | 000,002,266 | ---- | C] () -- C:\Programme\about.htm [2012.02.15 10:16:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.20 13:28:17 | 000,311,376 | ---- | C] () -- C:\WINDOWS\System32\GM2500F.dll [2011.12.20 13:28:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\GM2500.dll [2011.12.20 13:28:13 | 000,021,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\GMFilter.sys [2011.09.18 20:11:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2011.03.15 18:12:53 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.14 20:11:57 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.03.13 17:35:26 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.03.13 17:46:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 18:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2013.08.27 17:07:45 | 100,448,122 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\昉뢬唤6 [2013.08.27 17:07:45 | 100,448,122 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\昉뢬唤6 [2013.08.23 17:14:05 | 099,966,287 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\唯댛唤6 [2013.08.23 17:14:05 | 099,966,287 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\唯댛唤6 < End of report > |
27.08.2013, 18:46 | #2 |
/// TB-Ausbilder | 2x | Trojaner ihavent.com Hier geht's weiter: http://www.trojaner-board.de/140554-...avent-com.html
__________________
__________________ |
Themen zu 2x | Trojaner ihavent.com |
.com, adobe flash player, antivir, askbar, avira, avira searchfree toolbar, bho, desktop, ebay, einstellungen, error, explorer, firefox, firefox 23.0.1, flash player, format, google, helper, home, logfile, microsoft, mozilla, opera, plug-in, preferences, registry, scan, software, temp, trojaner |