Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TrojanDownloader:win32/Renos.MG wie entfernen?

TrojanDownloader:win32/Renos.MG wie entfernen?


Plagegeister aller Art und deren Bekämpfung: TrojanDownloader:win32/Renos.MG wie entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 05.08.2010, 14:22   #1
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Hallo,

als erstes mal, ich bin neu hier und hoffe wirklich das mir hier geholfen werden kann.

Ich habe nicht so die dolle Ahnung von Computern, also bitte entschuldigt das ich alles genau erklärt haben muss :-)

Ich habe seit 2 Tagen den TrojanDownloader:win32/Renos.MQ auf dem Rechner und ca jede Std zeigt Avira bzw WinDefender das auch an.
Jedes mal klicke ich auf entfernen, anfangs dachte ich, es sei damit auch erledigt.

Nach einigen Recherchen hab ich dann rausgefunden, dass dieser Trojaner wohl nicht so harmlos ist.

Jetzt meine Frage: Was kann ich tun?

Alt 05.08.2010, 14:38   #2
Larusso
/// Selecta Jahrusso
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________

__________________
Alt 05.08.2010, 15:54   #3
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Bei GMER ist mein System 3x abgestürzt. Konnte also nicht zuende scannen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4392

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

05.08.2010 16:10:31
mbam-log-2010-08-05 (16-10-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129702
Laufzeit: 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Casino Tropez (Adware.Casino) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.




OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2010 16:42:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 70,98 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
PRC - [2010.05.07 16:40:06 | 000,719,688 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.04.20 14:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.12.08 14:51:52 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.07.24 05:20:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.21 09:53:06 | 007,420,448 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.19 06:18:10 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
MOD - [2008.08.28 05:40:11 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2008.05.27 07:18:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008.01.21 04:25:29 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008.01.21 04:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 04:25:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2008.01.21 04:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.09 21:57:21 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.05.07 16:38:14 | 001,051,976 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.05.07 16:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007.02.10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.02.25 11:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.12.11 01:40:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.21 09:37:38 | 002,361,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.28 04:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
 
[2009.12.12 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Extensions
[2010.08.04 16:56:50 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions
[2010.07.15 14:12:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.01.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\firefox@tvunetworks.com
[2010.07.15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxfilter@inspiredeffect.net
[2010.07.15 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxyproxy@eric.h.jung
[2010.02.16 19:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\Derya\AppData\Local\Temp\Ex0.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\AutoRun\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\menu1\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.05 16:39:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.05 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\Malwarebytes
[2010.08.05 15:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 15:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 15:53:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derya\Desktop\MFTools
[2010.08.03 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010.08.03 21:23:13 | 000,000,000 | -HSD | C] -- C:\Users\Derya\AppData\Roaming\.#
[2010.07.21 22:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2010.06.20 14:25:53 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2010.06.20 14:25:30 | 000,000,000 | ---D | C] -- C:\Netgear
[2010.06.04 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\Hagemann DEW
[2010.05.30 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Local\Sony Ericsson
[2010.05.30 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010.05.30 14:55:21 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.30 14:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010.05.29 19:30:54 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.05.29 19:30:54 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.05.29 19:30:54 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.05.29 19:30:54 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.05.29 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2010.05.18 10:56:02 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2010.05.18 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010.05.09 21:57:21 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.05.09 21:57:21 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.05.09 21:57:21 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.05.09 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.05.09 21:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010.05.09 21:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.09 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.08 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 16:42:46 | 001,835,008 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT
[2010.08.05 16:42:07 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
[2010.08.05 16:39:41 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 16:39:41 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 16:39:31 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 16:39:24 | 253,544,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:39:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 16:38:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 16:38:53 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 16:10:57 | 000,524,288 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.05 16:10:57 | 000,065,536 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.05 16:10:56 | 002,064,013 | -H-- | M] () -- C:\Users\Derya\AppData\Local\IconCache.db
[2010.08.05 16:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.05 16:01:51 | 000,000,733 | ---- | M] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | M] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:53:15 | 000,284,915 | ---- | M] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 21:07:54 | 000,097,280 | ---- | M] () -- C:\Users\Derya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 20:46:05 | 000,386,621 | ---- | M] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 15:23:04 | 001,592,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.04 15:23:04 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.04 15:23:04 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.04 15:23:04 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.04 15:23:04 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.04 14:01:41 | 000,309,640 | ---- | M] () -- C:\Users\Derya\Desktop\Bewerbung aktuell.pdf
[2010.08.04 13:23:57 | 000,019,456 | ---- | M] () -- C:\Users\Derya\Documents\ausgabenbeni.xls
[2010.07.30 20:02:08 | 000,112,681 | ---- | M] () -- C:\Users\Derya\Desktop\Austritt Tippgemeinschaft B.Aumüller.jpg
[2010.07.30 19:46:06 | 000,028,672 | ---- | M] () -- C:\Users\Derya\Desktop\Urlaubsantrag.doc
[2010.07.29 14:55:01 | 000,026,624 | ---- | M] () -- C:\Users\Derya\Desktop\LOTTO.doc
[2010.07.21 22:18:03 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2010.07.21 22:18:01 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Die Wiege Olympias 2.lnk
[2010.06.11 09:43:45 | 000,371,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.30 15:08:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.29 19:30:57 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.05.08 22:47:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.08.05 16:38:57 | 253,544,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Derya\Desktop\gmer.exe
[2010.08.05 16:01:51 | 000,000,733 | ---- | C] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | C] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:51:07 | 000,284,915 | ---- | C] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 20:46:05 | 000,386,621 | ---- | C] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 14:01:35 | 000,309,640 | ---- | C] () -- C:\Users\Derya\Desktop\Bewerbung aktuell.pdf
[2010.07.30 20:02:08 | 000,112,681 | ---- | C] () -- C:\Users\Derya\Desktop\Austritt Tippgemeinschaft B.Aumüller.jpg
[2010.07.30 19:36:30 | 000,028,672 | ---- | C] () -- C:\Users\Derya\Desktop\Urlaubsantrag.doc
[2010.07.21 22:18:03 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2010.07.21 22:18:01 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Die Wiege Olympias 2.lnk
[2010.05.30 15:08:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.29 19:30:57 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2010.05.18 10:56:02 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.08 22:47:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009.12.28 11:50:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.28 11:50:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.09 15:10:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.24 05:19:37 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:35:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.08.05 08:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.08.03 21:25:14 | 000,000,000 | -HSD | M] -- C:\Users\Derya\AppData\Roaming\.#
[2009.12.20 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\PDF reDirect
[2010.05.09 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.08.05 16:10:58 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.05 16:42:07 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008.02.08 11:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.08.05 16:38:53 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 16:38:52 | 3464,368,128 | -HS- | M] () -- C:\pagefile.sys
[2009.07.24 05:16:47 | 000,001,799 | ---- | M] () -- C:\RHDSetup.log
[2009.12.09 18:43:05 | 000,000,169 | ---- | M] () -- C:\setup.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2004.03.22 13:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2007.02.26 09:49:10 | 001,744,896 | ---- | M] (TopThinks, INC.) -- C:\Windows\imagine digital freedom.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-04 04:50:53
< End of report >
--- --- ---
__________________
Alt 05.08.2010, 16:27   #4
Larusso
/// Selecta Jahrusso
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Tu dir selber einen gefallen und deinstalliere TuneUp. Das hat bis jetzt mehr Rechner kaput getuned als sonstwas. Deine Entscheidung.

Mir fehlt noch die Extras.txt. Bitte nachreichen.

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\Derya\AppData\Local\Temp\Ex0.exe File not found
:services
:files
dir /s /b C:\Users\Derya\AppData\Roaming\.# /c
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
  • Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
    • Schließe alle laufenden Programme.
    • Trenne dich von Internet.
    • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
    Dieses bitte einfach schließen.
  • Nun auf Report klicken.
  • Bitte poste mir den Inhalt hier in deinen Thread.
    (auch zu finden unter C:\TDSSKiller<time_date>.txt)


Schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
OTL Fix Log
TDSSKiller Log
OTL.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 05.08.2010, 16:29   #5
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


tune up hab ich gerad eben runtergeschmissen. war eh nur ne testversion.
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.08.2010 16:42:49 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 70,98 Gb Free Space | 30,07% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | 
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | 
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22B4D4BC-F397-40C7-9174-D0EA5C3C502D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{654745A0-0069-4F55-9E7C-21427E827FC2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{65A32000-6AA6-4098-9C96-E0BECF98BB91}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{6F60A275-9EC3-41A8-A3A8-A93E2274200D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC9462F6-B41E-4DF5-9D89-53412414E8EF}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{F5F3BCCF-A29F-4EEA-A1D6-136E32AEAF4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{0E0E9C79-F7E4-45B3-B00A-486F255AE8B3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{F01651CB-E27F-416C-8D2A-566A61575173}E:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=e:\bin\ia\core\mdm_util.exe | 
"UDP Query User{02EB20C5-49AD-4E76-A31A-71960A6F70F5}E:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=e:\bin\ia\core\mdm_util.exe | 
"UDP Query User{85D44772-5EB8-4B35-AD27-6BF7932806B8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Die Wiege Olympias 2" = Die Wiege Olympias 2
"DSGPlayer" = RTL GAME CENTER
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PDF reDirect" = PDF reDirect (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2010 13:44:45 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 573397
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 574443
 
Error - 01.08.2010 13:44:46 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 574443
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 575519
 
Error - 01.08.2010 13:44:47 | Computer Name = Derya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 575519
 
Error - 02.08.2010 02:06:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.08.2010 02:06:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.08.2010 02:07:23 | Computer Name = Derya-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.08.2010 10:01:54 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.08.2010 10:02:39 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.08.2010 10:11:42 | Computer Name = Derya-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.08.2010 10:13:06 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.08.2010 10:13:21 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.08.2010 10:17:06 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 05.08.2010 10:38:57 | Computer Name = Derya-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.08.2010 um 16:37:32 unerwartet heruntergefahren.
 
Error - 05.08.2010 10:39:25 | Computer Name = Derya-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.08.2010 10:40:39 | Computer Name = Derya-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.08.2010 10:41:38 | Computer Name = Derya-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
--- --- ---
Alt 05.08.2010, 16:34   #6
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JRMX9X1GML deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< dir /s /b C:\Users\Derya\AppData\Roaming\.# /c >
C:\Users\Derya\Desktop\MFTools\cmd.bat deleted successfully.
C:\Users\Derya\Desktop\MFTools\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Derya
->Temp folder emptied: 249780 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27380655 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 155748 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08052010_173132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 05.08.2010, 16:38   #7
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


2010/08/05 17:36:39.0067 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/05 17:36:39.0067 ================================================================================
2010/08/05 17:36:39.0067 SystemInfo:
2010/08/05 17:36:39.0067
2010/08/05 17:36:39.0067 OS Version: 6.0.6001 ServicePack: 1.0
2010/08/05 17:36:39.0067 Product type: Workstation
2010/08/05 17:36:39.0067 ComputerName: DERYA-PC
2010/08/05 17:36:39.0067 UserName: Derya
2010/08/05 17:36:39.0067 Windows directory: C:\Windows
2010/08/05 17:36:39.0067 System windows directory: C:\Windows
2010/08/05 17:36:39.0067 Processor architecture: Intel x86
2010/08/05 17:36:39.0067 Number of processors: 2
2010/08/05 17:36:39.0067 Page size: 0x1000
2010/08/05 17:36:39.0067 Boot type: Normal boot
2010/08/05 17:36:39.0067 ================================================================================
2010/08/05 17:37:00.0018 Initialize success
2010/08/05 17:37:03.0621 ================================================================================
2010/08/05 17:37:03.0621 Scan started
2010/08/05 17:37:03.0621 Mode: Manual;
2010/08/05 17:37:03.0621 ================================================================================
2010/08/05 17:37:04.0230 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2010/08/05 17:37:04.0277 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/08/05 17:37:04.0448 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/08/05 17:37:04.0495 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/08/05 17:37:04.0526 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/08/05 17:37:04.0667 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2010/08/05 17:37:04.0776 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/08/05 17:37:04.0916 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/08/05 17:37:04.0963 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/08/05 17:37:05.0010 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/08/05 17:37:05.0119 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/08/05 17:37:05.0135 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/08/05 17:37:05.0181 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/08/05 17:37:05.0213 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/08/05 17:37:05.0369 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/08/05 17:37:05.0400 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/08/05 17:37:05.0509 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/08/05 17:37:05.0540 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2010/08/05 17:37:05.0618 athr (09a644da1f4c144df1c9fe3cd75e22ed) C:\Windows\system32\DRIVERS\athr.sys
2010/08/05 17:37:05.0712 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/05 17:37:05.0805 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/08/05 17:37:05.0868 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/08/05 17:37:05.0961 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/08/05 17:37:06.0039 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/08/05 17:37:06.0164 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/08/05 17:37:06.0258 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/08/05 17:37:06.0336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/08/05 17:37:06.0367 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/08/05 17:37:06.0461 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/08/05 17:37:06.0492 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/08/05 17:37:06.0523 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/08/05 17:37:06.0539 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/08/05 17:37:06.0632 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/08/05 17:37:06.0679 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
2010/08/05 17:37:06.0788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/08/05 17:37:06.0819 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2010/08/05 17:37:06.0929 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/08/05 17:37:06.0975 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2010/08/05 17:37:07.0116 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/08/05 17:37:07.0147 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/08/05 17:37:07.0178 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/08/05 17:37:07.0397 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/08/05 17:37:07.0553 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/08/05 17:37:07.0693 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2010/08/05 17:37:07.0724 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2010/08/05 17:37:07.0849 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/08/05 17:37:07.0896 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2010/08/05 17:37:08.0005 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/08/05 17:37:08.0145 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2010/08/05 17:37:08.0208 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/08/05 17:37:08.0317 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/08/05 17:37:08.0379 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2010/08/05 17:37:08.0411 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2010/08/05 17:37:08.0489 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/08/05 17:37:08.0582 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/08/05 17:37:08.0598 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/08/05 17:37:08.0660 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/08/05 17:37:08.0691 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2010/08/05 17:37:08.0707 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/08/05 17:37:08.0738 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/08/05 17:37:08.0847 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/08/05 17:37:08.0910 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
2010/08/05 17:37:08.0941 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
2010/08/05 17:37:09.0113 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/08/05 17:37:09.0175 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/08/05 17:37:09.0237 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/08/05 17:37:09.0269 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/08/05 17:37:09.0315 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/08/05 17:37:09.0393 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/08/05 17:37:09.0471 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2010/08/05 17:37:09.0612 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2010/08/05 17:37:09.0643 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
2010/08/05 17:37:09.0721 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/08/05 17:37:09.0799 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/08/05 17:37:10.0127 ialm (10bd226a38ded89e85d008995ddf4675) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/05 17:37:10.0376 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2010/08/05 17:37:10.0595 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/08/05 17:37:10.0891 igfx (10bd226a38ded89e85d008995ddf4675) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/08/05 17:37:11.0000 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/08/05 17:37:11.0156 IntcAzAudAddService (64f2ef1749a977917c40f546e72182b3) C:\Windows\system32\drivers\RTKVHDA.sys
2010/08/05 17:37:11.0312 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/08/05 17:37:11.0343 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/08/05 17:37:11.0453 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/08/05 17:37:11.0499 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/08/05 17:37:11.0515 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/08/05 17:37:11.0546 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/08/05 17:37:11.0624 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/08/05 17:37:11.0655 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/08/05 17:37:11.0687 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/08/05 17:37:11.0702 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/08/05 17:37:11.0765 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/08/05 17:37:11.0796 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/08/05 17:37:11.0843 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2010/08/05 17:37:11.0936 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2010/08/05 17:37:12.0030 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/08/05 17:37:12.0092 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/08/05 17:37:12.0108 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/08/05 17:37:12.0139 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/08/05 17:37:12.0170 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/08/05 17:37:12.0248 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/08/05 17:37:12.0295 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/08/05 17:37:12.0389 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/08/05 17:37:12.0404 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/08/05 17:37:12.0451 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/08/05 17:37:12.0482 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/08/05 17:37:12.0545 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/08/05 17:37:12.0591 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/08/05 17:37:12.0607 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/08/05 17:37:12.0685 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/08/05 17:37:12.0716 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2010/08/05 17:37:12.0763 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/08/05 17:37:12.0794 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/08/05 17:37:12.0810 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/08/05 17:37:12.0888 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/08/05 17:37:12.0919 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/08/05 17:37:12.0950 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/08/05 17:37:12.0981 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/08/05 17:37:13.0059 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/08/05 17:37:13.0106 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/08/05 17:37:13.0137 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/08/05 17:37:13.0231 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2010/08/05 17:37:13.0293 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/08/05 17:37:13.0387 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/08/05 17:37:13.0434 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2010/08/05 17:37:13.0543 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2010/08/05 17:37:13.0637 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2010/08/05 17:37:13.0730 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/08/05 17:37:13.0746 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/08/05 17:37:13.0793 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/08/05 17:37:13.0871 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/08/05 17:37:13.0902 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/08/05 17:37:13.0933 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2010/08/05 17:37:14.0245 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/08/05 17:37:14.0448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/08/05 17:37:14.0463 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2010/08/05 17:37:14.0479 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/08/05 17:37:14.0541 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2010/08/05 17:37:14.0635 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/08/05 17:37:14.0666 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/08/05 17:37:14.0697 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/08/05 17:37:14.0744 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/08/05 17:37:14.0885 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/08/05 17:37:15.0072 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/08/05 17:37:15.0165 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/08/05 17:37:15.0181 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2010/08/05 17:37:15.0212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/08/05 17:37:15.0259 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2010/08/05 17:37:15.0290 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/08/05 17:37:15.0399 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/08/05 17:37:15.0477 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/08/05 17:37:15.0618 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/08/05 17:37:15.0633 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/08/05 17:37:15.0665 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2010/08/05 17:37:15.0727 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/08/05 17:37:15.0852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/08/05 17:37:15.0883 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/08/05 17:37:15.0930 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/08/05 17:37:15.0945 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/08/05 17:37:16.0008 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/08/05 17:37:16.0055 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2010/08/05 17:37:16.0070 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2010/08/05 17:37:16.0086 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/08/05 17:37:16.0195 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/08/05 17:37:16.0226 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/08/05 17:37:16.0273 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2010/08/05 17:37:16.0335 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/08/05 17:37:16.0429 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/08/05 17:37:16.0491 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/08/05 17:37:16.0569 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/08/05 17:37:16.0601 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/08/05 17:37:16.0647 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2010/08/05 17:37:16.0710 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/08/05 17:37:16.0772 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/08/05 17:37:16.0803 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/08/05 17:37:16.0850 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/08/05 17:37:16.0913 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/08/05 17:37:16.0944 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/08/05 17:37:16.0975 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/08/05 17:37:17.0006 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/08/05 17:37:17.0069 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/08/05 17:37:17.0131 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/08/05 17:37:17.0162 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2010/08/05 17:37:17.0193 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/08/05 17:37:17.0271 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2010/08/05 17:37:17.0318 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2010/08/05 17:37:17.0412 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2010/08/05 17:37:17.0459 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/08/05 17:37:17.0505 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/08/05 17:37:17.0677 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/08/05 17:37:17.0786 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/08/05 17:37:17.0833 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/08/05 17:37:17.0927 SynTP (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
2010/08/05 17:37:18.0192 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2010/08/05 17:37:18.0348 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2010/08/05 17:37:18.0582 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2010/08/05 17:37:18.0691 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/08/05 17:37:18.0722 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/08/05 17:37:18.0753 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2010/08/05 17:37:18.0785 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2010/08/05 17:37:18.0909 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/08/05 17:37:18.0941 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/08/05 17:37:18.0987 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2010/08/05 17:37:19.0019 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/08/05 17:37:19.0097 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2010/08/05 17:37:19.0143 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/08/05 17:37:19.0175 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/08/05 17:37:19.0299 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/08/05 17:37:19.0346 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/08/05 17:37:19.0377 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/08/05 17:37:19.0424 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2010/08/05 17:37:19.0518 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/08/05 17:37:19.0549 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/08/05 17:37:19.0596 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/08/05 17:37:19.0689 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
2010/08/05 17:37:19.0736 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/08/05 17:37:19.0783 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/08/05 17:37:19.0923 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/08/05 17:37:19.0986 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/08/05 17:37:20.0079 usbuhci (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/08/05 17:37:20.0126 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/08/05 17:37:20.0251 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/08/05 17:37:20.0282 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/08/05 17:37:20.0298 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/08/05 17:37:20.0329 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/08/05 17:37:20.0423 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/08/05 17:37:20.0454 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/08/05 17:37:20.0469 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2010/08/05 17:37:20.0485 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2010/08/05 17:37:20.0594 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/08/05 17:37:20.0657 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/08/05 17:37:20.0688 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/05 17:37:20.0688 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/08/05 17:37:20.0781 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/08/05 17:37:20.0859 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/08/05 17:37:21.0062 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/08/05 17:37:21.0218 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/08/05 17:37:21.0249 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/08/05 17:37:21.0296 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/08/05 17:37:21.0359 ================================================================================
2010/08/05 17:37:21.0359 Scan finished
2010/08/05 17:37:21.0359 ================================================================================

Alt 05.08.2010, 16:40   #8
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2010 17:38:45 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Derya\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,09 Gb Total Space | 71,98 Gb Free Space | 30,49% Space Free | Partition Type: NTFS
Drive D: | 49,00 Gb Total Space | 48,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DERYA-PC
Current User Name: Derya
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
PRC - [2010.08.04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
PRC - [2010.07.25 10:12:50 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.12.11 01:40:53 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\program files\avira\antivir desktop\avcenter.exe
PRC - [2009.07.24 05:20:56 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.21 09:53:06 | 007,420,448 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.26 10:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.08.19 06:18:10 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.05 15:53:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Derya\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.02.10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007.02.10 06:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007.02.10 06:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.12.11 01:40:54 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.21 09:37:38 | 002,361,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.08.28 04:52:52 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.11.14 02:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 10:12:52 | 000,000,000 | ---D | M]
 
[2009.12.12 21:57:10 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Extensions
[2010.08.05 17:01:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions
[2010.07.15 14:12:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.01.17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\firefox@tvunetworks.com
[2010.07.15 14:10:29 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxfilter@inspiredeffect.net
[2010.07.15 14:12:38 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\mozilla\Firefox\Profiles\4v7lny76.default\extensions\foxyproxy@eric.h.jung
[2010.02.16 19:56:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Derya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{18d1de37-78a5-11df-8ec8-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3303191f-9e2a-11df-ad6d-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{3fc20fb4-6b48-11df-b4d3-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\AutoRun\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{8a39a0ba-6bcd-11df-b892-002454206ce7}\Shell\menu1\command - "" = H:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{924efc25-6b47-11df-89fa-002454206ce7}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{a2f42cee-9dc9-11de-b09a-002454206ce7}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c4faba8d-845b-11df-a0e6-002454206ce7}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell - "" = AutoRun
O33 - MountPoints2\{ea815c4c-59ec-11df-bc07-002454206ce7}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.05 17:35:48 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.05 17:31:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.05 16:39:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.05 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.05 16:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.05 15:53:54 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\Malwarebytes
[2010.08.05 15:53:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.05 15:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.05 15:53:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.05 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.05 15:51:02 | 000,000,000 | ---D | C] -- C:\Users\Derya\Desktop\MFTools
[2010.08.03 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2010.08.03 21:23:13 | 000,000,000 | -HSD | C] -- C:\Users\Derya\AppData\Roaming\.#
[2010.07.21 22:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2010.06.20 14:25:53 | 000,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2010.06.20 14:25:30 | 000,000,000 | ---D | C] -- C:\Netgear
[2010.06.04 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\Hagemann DEW
[2010.05.30 15:02:51 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Local\Sony Ericsson
[2010.05.30 15:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010.05.30 14:55:21 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.30 14:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2010.05.29 19:30:54 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2010.05.29 19:30:54 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2010.05.29 19:30:54 | 000,100,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2010.05.29 19:30:54 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2010.05.29 19:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner
[2010.05.18 10:56:02 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2010.05.18 10:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010.05.09 21:56:37 | 000,000,000 | ---D | C] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.05.09 21:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.05.09 21:55:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.05.08 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\Derya\Documents\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.05.08 22:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 17:39:00 | 001,835,008 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT
[2010.08.05 17:35:27 | 001,130,629 | ---- | M] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 17:32:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 17:32:29 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 17:32:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 17:32:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 17:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 17:32:17 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 17:31:39 | 000,524,288 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.05 17:31:39 | 000,065,536 | -HS- | M] () -- C:\Users\Derya\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.05 17:07:37 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
[2010.08.05 17:05:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.05 16:39:24 | 253,544,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:10:56 | 002,064,013 | -H-- | M] () -- C:\Users\Derya\AppData\Local\IconCache.db
[2010.08.05 16:01:51 | 000,000,733 | ---- | M] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | M] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:53:15 | 000,284,915 | ---- | M] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 21:07:54 | 000,097,280 | ---- | M] () -- C:\Users\Derya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 20:46:05 | 000,386,621 | ---- | M] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.08.04 15:23:04 | 001,592,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.04 15:23:04 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.04 15:23:04 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.04 15:23:04 | 000,149,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.04 15:23:04 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Derya\Desktop\TDSSKiller.exe
[2010.08.04 13:23:57 | 000,019,456 | ---- | M] () -- C:\Users\Derya\Documents\ausgabenbeni.xls
[2010.06.11 09:43:45 | 000,371,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.30 15:08:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.30 14:55:21 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys
[2010.05.30 14:54:48 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys
[2010.05.30 14:54:48 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys
[2010.05.08 22:47:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010.08.05 17:35:23 | 001,130,629 | ---- | C] () -- C:\Users\Derya\Desktop\tdsskiller.zip
[2010.08.05 16:38:57 | 253,544,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.05 16:13:10 | 000,293,376 | ---- | C] () -- C:\Users\Derya\Desktop\gmer.exe
[2010.08.05 16:01:51 | 000,000,733 | ---- | C] () -- C:\Users\Derya\Desktop\NTREGOPT.lnk
[2010.08.05 16:01:51 | 000,000,714 | ---- | C] () -- C:\Users\Derya\Desktop\ERUNT.lnk
[2010.08.05 15:53:49 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.05 15:51:07 | 000,284,915 | ---- | C] () -- C:\Users\Derya\Desktop\Gmer.zip
[2010.08.04 20:46:05 | 000,386,621 | ---- | C] () -- C:\Users\Derya\Documents\baby04.08.wma
[2010.05.30 15:08:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010.05.30 15:08:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010.05.18 10:56:02 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.08 22:47:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009.12.28 11:50:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.28 11:50:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.09 15:10:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.24 05:19:37 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:35:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.08.05 08:07:20 | 000,065,216 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 15:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.08.03 21:25:14 | 000,000,000 | -HSD | M] -- C:\Users\Derya\AppData\Roaming\.#
[2009.12.20 22:20:42 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\PDF reDirect
[2010.05.09 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Derya\AppData\Roaming\TuneUp Software
[2010.08.05 17:31:40 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.05 17:07:37 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A00B85EE-6817-47C8-A478-A6C3C398D410}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---
Alt 05.08.2010, 16:41   #9
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Der Rechner läuft wie immer.

Alt 05.08.2010, 16:54   #10
Larusso
/// Selecta Jahrusso
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.

    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.

  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 3

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 05.08.2010, 17:34   #11
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9 - Deutsch
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Alt 05.08.2010, 17:35   #12
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9 - Deutsch
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Windows Defender MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Alt 05.08.2010, 17:53   #13
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


rest scannt noch

Alt 05.08.2010, 18:37   #14
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1a1737915c898c498cd082351b587812
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-05 05:21:44
# local_time=2010-08-05 07:21:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 0 56539517 8631 0
# compatibility_mode=5892 16776573 100 100 197227 118556938 0 0
# compatibility_mode=8192 67108863 100 0 68 68 0 0
# scanned=132086
# found=0
# cleaned=0
# scan_time=4695

Alt 05.08.2010, 18:37   #15
Zickchen
 
TrojanDownloader:win32/Renos.MG wie entfernen? - Standard

TrojanDownloader:win32/Renos.MG wie entfernen?


und nun?...........

Antwort
Seite 1 von 3 1 23

Themen zu TrojanDownloader:win32/Renos.MG wie entfernen?
ahnung, avira, compu, computer, computern, defender, downloader, entferne, entfernen, erklärt, frage, geholfen, hoffe, klicke, loader, neu, rechner, tagen, troja, trojandownloader, trojaner, wie entfernen, wie entfernen?, win, windefender, wirklich


« MSN verschickt automatisch Links | Banking Trojaner Sparkasse/ Trojaner Delfsnif.DX.81 »


Ähnliche Themen: TrojanDownloader:win32/Renos.MG wie entfernen?


  1. TrojanDownloader:Win32/Renos.lx
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (3)
  2. TrojanDownloader:Win32/Renos.lx
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (3)
  3. Trojandownloader:Win32/Renos.MQ
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (18)
  4. TrojanDownloader:Win32/Renos.MQ
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (3)
  5. TrojanDownloader:Win32/Renos.JW unlöschbar?
    Plagegeister aller Art und deren Bekämpfung - 22.07.2010 (1)
  6. TrojanDownloader: Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (15)
  7. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 04.02.2010 (2)
  8. TrojanDownloader: Win32/Renos.JM
    Log-Analyse und Auswertung - 01.02.2010 (3)
  9. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 26.01.2010 (1)
  10. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 29.12.2009 (4)
  11. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 26.12.2009 (2)
  12. TrojanDownloader:Win32/Renos.JM
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (4)
  13. Habe Problem mit Trojandownloader win32 renos.jm
    Plagegeister aller Art und deren Bekämpfung - 23.11.2009 (3)
  14. Trojandownloader: Win32/renos.jm
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (1)
  15. TrojanDownloader:Win32/Renos.JS (36 Infizierte Dateien gefunden)
    Log-Analyse und Auswertung - 21.10.2009 (1)
  16. trojandownloader:win32/renos.gen!af
    Plagegeister aller Art und deren Bekämpfung - 19.10.2008 (10)
  17. trojandownloader:win32/renos.gen!af
    Mülltonne - 19.10.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TrojanDownloader:win32/Renos.MG wie entfernen? - Hallo, als erstes mal, ich bin neu hier und hoffe wirklich das mir hier geholfen werden kann. Ich habe nicht so die dolle Ahnung von Computern, also bitte entschuldigt das - TrojanDownloader:win32/Renos.MG wie entfernen?...
Archiv
Du betrachtest: TrojanDownloader:win32/Renos.MG wie entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55