Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Log-Analyse und Auswertung: Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 3 1 23
Alt 13.09.2010, 21:34   #1
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Hallo,

ich habe mir irgendwie einen Trojaner geholt. Am Anfang war es so, dass Links zu irgendwelchen Werbesites führten, heute hab ich auch nich einen Phishing Trojaner entdeckt. Früher hatte ich schon mal sowas und habe es mit Combofix gereinigt bekommen. Auch diesmal ließ ich combofix laufen und er findet auch was, aber die Trojaner gehen nicht weg.

Hier mein Combofix log:

Code:
ATTFilter
ComboFix 10-09-12.04 - vvjj 13.09.2010  22:10:39.8.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.953.669 [GMT 2:00]
ausgeführt von:: c:\documents and settings\vvjj\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . ist infiziert!!

c:\windows\system32\winlogon.exe . . . ist infiziert!!

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-13 bis 2010-09-13  ))))))))))))))))))))))))))))))
.

2010-09-12 19:15 . 2010-09-12 19:15	46592	---ha-w-	c:\windows\system32\attrdsvr.dll
2010-09-05 19:19 . 2010-09-05 19:19	--------	d-----w-	c:\program files\Flip Video
2010-09-05 19:04 . 2010-09-05 19:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\Flip Video
2010-09-03 18:00 . 2010-09-04 08:21	--------	d-----w-	c:\documents and settings\vvjj\Application Data\vlc
2010-09-03 17:59 . 2010-09-03 17:59	--------	d-----w-	c:\program files\VideoLAN
2010-08-30 19:52 . 2010-08-30 19:52	--------	d-----w-	c:\program files\Common Files\rplsp
2010-08-30 18:47 . 2010-08-30 19:03	--------	d-----w-	c:\program files\eMule
2010-08-29 07:14 . 2010-08-29 07:13	389120	----a-w-	c:\windows\system32\CF7975.exe
2010-08-29 07:10 . 2010-08-29 07:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 16:10 . 2009-06-11 08:59	--------	d-----w-	c:\documents and settings\vvjj\Application Data\uTorrent
2010-09-03 17:48 . 2009-08-04 20:43	--------	d-----w-	c:\documents and settings\vvjj\Application Data\DivX
2010-09-02 11:31 . 2009-12-01 21:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Storm
2010-08-27 22:55 . 2009-05-25 16:57	--------	d-----w-	c:\documents and settings\vvjj\Application Data\SogouPY
2010-07-29 21:48 . 2010-07-29 21:48	--------	d-----w-	c:\program files\QMI
2010-07-29 21:48 . 2009-05-20 22:36	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-25 10:12 . 2009-07-25 08:48	--------	d-----w-	c:\program files\DOSBox-0.73
2010-07-18 08:15 . 2010-06-30 16:49	--------	d-----w-	c:\documents and settings\vvjj\Application Data\SGPPLog
2010-07-08 18:48 . 2010-07-08 18:48	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-06-30 12:31 . 2008-04-14 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2008-04-14 12:00	667136	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 18:32 . 2010-06-23 16:53	66936	--sha-w-	c:\windows\dlinfo_1.drv
2010-06-23 13:44 . 2008-04-14 12:00	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 18:40 . 2010-06-20 20:37	66936	--sha-w-	c:\windows\dlinfo_0.drv
2010-06-21 15:27 . 2008-04-14 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-20 19:54 . 2010-06-20 19:54	86528	----a-w-	c:\windows\bnetunin.exe
2010-06-20 19:54 . 2010-06-20 19:54	61440	----a-w-	c:\windows\diabunin.exe
2010-06-17 14:03 . 2008-04-14 12:00	80384	----a-w-	c:\windows\system32\iccvid.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 2A39241E5FBED9C12BE29850232B8D89 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . DE4AA5D5375FFEFB183C103F3E50B3D3 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot_2010-08-29_07.23.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-13 16:00 . 2010-09-13 16:00	16384              c:\windows\temp\Perflib_Perfdata_26c.dat
+ 2009-05-06 01:31 . 2009-05-06 01:31	43261952              c:\windows\Installer\732c479.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Stormtray"="c:\program files\StormII\Stormtray.exe" [BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"c:\\Program Files\\PokerStrategy\\PokerStrategy Equilator\\Equilator.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\vvjj\\My Documents\\Downloads\\qq2009sp6_installer.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\auclt.exe"=
"c:\\spiele\\Qianhong\\Qianhong.exe"=
"e:\\Diablo\\diablo.exe"=
"c:\\Program Files\\SogouInput\\5.0.1.4185\\PinyinUp.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\FunshionService.exe"=
"c:\\Program Files\\Funshion Online\\Funshion\\FunshionUpgrade.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.05.2009 19:33 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01.02.2008 04:02 65536]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.05.2009 19:02 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [21.05.2009 00:59 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [21.05.2009 00:37 43608]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11.06.2009 11:00 234888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [21.08.2009 23:39 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [21.08.2009 23:39 3072]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.06.2010 20:04 691696]
.
Inhalt des "geplante Tasks" Ordners

2010-09-05 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\501~1.418\SGTool.exe [2010-06-25 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com/?o=13928&l=dis
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: ???QQ?? - c:\program files\Tencent\QQ\Bin\AddEmotion.htm
DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab
FF - ProfilePath - c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-13 22:13
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2025429265-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(768)
c:\program files\Citrix\ICA Client\pnsson.dll

- - - - - - - > 'lsass.exe'(828)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Zeit der Fertigstellung: 2010-09-13  22:15:32
ComboFix-quarantined-files.txt  2010-09-13 20:15
ComboFix2.txt  2010-09-04 09:25
ComboFix3.txt  2010-09-03 16:07
ComboFix4.txt  2010-08-29 07:54
ComboFix5.txt  2010-09-13 20:08

Vor Suchlauf: 1.220.657.152 bytes free
Nach Suchlauf: 1.388.494.848 bytes free

- - End Of File - - 77842FAB7AFBDFF318FC7C3EDA1A4D96
Folgendes kommt immer, wenn ich Combofix laufen lasse:
c:\windows\explorer.exe . . . ist infiziert!!
c:\windows\system32\winlogon.exe . . . ist infiziert!!

Hier der HijackThis log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:50, on 13.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\vvjj\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Stormtray] C:\Program Files\StormII\Stormtray.exe /Start
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - hxxp://game-web.qq.com/client/QQGame2.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6544 bytes
Danke und viele Grüße
Wurstbrod

Alt 13.09.2010, 21:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Hallo und

Wer hat Dich aufgefordert CF auszuführen! Nochmal zum Mitschreiben: CF soll nur auf explizite Anweisung hin ausgeführt werden!

Hast Du schon Malwarebytes ausgeführt?
__________________

__________________
Alt 13.09.2010, 22:10   #3
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Hi cosinus,

ich hab mal Malwarebytes ausgeführt und er bietet mir an sogou und funshion zu löschen. Diese beiden Programme können aber nicht die Wurzel der Trojaner sein.

Falls du jedoch sicher gehen willst bin ich aber bereit die zu löschen.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13.09.2010 23:05:39
mbam-log-2010-09-13 (23-05-39).txt

Scan type: Quick scan
Objects scanned: 154905
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 38
Files Infected: 284

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> No action taken.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> No action taken.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> No action taken.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer (Adware.Sogou) -> No action taken.
C:\Program Files\Funshion Online (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> Files: 473 -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\subflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\historyTorrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Media (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-001(100302) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-002(100302) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\seed (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashStamp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\historyTorrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\media (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\???? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\??? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\?????? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\????? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\????(090518) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update (Adware.Funshion) -> No action taken.

Files Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\se_setup.ini (Adware.Sogou) -> No action taken.
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\sogou_explorer_silent_2.0.0.898_2180.exe (Adware.Sogou) -> No action taken.
C:\Program Files\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\coreavc.ax (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\detector.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Dump.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\fpsrv.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\fptassrv.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshop2.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\nicdescr.dat (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Box.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Check.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarSplidRgn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRightSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumbSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMuteSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNextSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPauseSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlaySmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPreSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolumeSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayFlickerBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBeforeSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgndSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownloadSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHeadSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumbSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrailSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnBox.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnPt.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TextBtnBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCaption.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconFail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconInit.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconSuc.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\FunPromo Shop Corpora.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Pop Game.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Update History.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\fsdxdiag.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\fstracert.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flash\FunshionAD20091027.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\00C759D9_1662_7AB4_A641_7537C39DF390.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0AA17966_50E5_2DF6_B0FE_C023879D67A9.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0D05AFA7_5DD7_F5B2_47AE_3B908F3D1938.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\1B8A2215_F102_DB0F_EF19_0D7BF3B6FB2A.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\28DCBEBA_2348_A0F3_6659_36EC2441A59F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\354B5DD3_F7DD_1B34_E03B_D95725D652AE.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\5E25FA28_40FB_90E1_7122_072F36C8746F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\9A948496_AB75_59AF_F6B8_4A3E03C1AB6A.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\AD9A6BC6_DACD_0E98_A20B_56F85B1256FD.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\BB6DD6A7_1DD5_901B_7905_9746F5FECA1E.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\C58D19A6_4C0D_7971_2451_D3FA4B146FD9.flv (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\D30D5D77_97D0_A369_004D_31EEA289C7AE.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-001(100302).fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-002(100302).fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini\httpfile.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini\temp_config.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\ad_define.fai (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\ad_material.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\flashParam.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\flash-1.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\fsdxdiag.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\fstracert.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\install.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\JINGE-KONSTANZ_info.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\blankFs.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\donghuanew_18.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flash\FunshionAD20100531.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\0F78EAFE_E0B6_3A5F_88C3_8F09D2F32E07.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\136FBFEE_570B_2B48_3E9C_7C8597F43FDB.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\338E3300_675D_E0D7_3FDB_7FBDEFCE3AF2.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\40931B43_81A1_D499_AF89_8AED9251DE70.date1283881489.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\411A37FA_AF50_0B5C_C95F_EA44F508C7BB.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\4261ECEC_54E6_E46D_3642_1156EDB81796.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\53A562F2_FB4E_C3A7_AB7F_193C5DA34970.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\666D662A_830F_D2CE_94AD_6D4EE0261CE6.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\6EDDBF99_2AFF_DFB6_18FC_97D682A089E3.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\7411FADC_ABBB_EAB7_FAAC_6A0E125B151D.date1282560456.flv (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\806FD83C_FD3D_C821_E901_4573CB4AC56C.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\87B0D1D6_95D4_3E78_6BD5_A2FE29753A3A.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\8F692FFE_255D_50BF_6EAA_CEBEAED415EC.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\95FE6CF0_D4FA_A82F_408A_1B6D7B6EA36F.date1283460064.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\9695251C_846F_628E_F7B2_9913BE1C982F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B7215BB9_AB64_8F99_7F3C_FCD6D83FB755.date1283460064.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B980DFA5_9056_35DE_367B_F8DBE737729E.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\CCE75FFB_60CD_90E2_D0E3_4B9575DB1BD8.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\FA1E2857_5133_3DF0_2143_9FB20529DBF8.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????????-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???2-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???3-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????3-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini\httpfile.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini\temp_config.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\12771583_1235712901_130.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\1451101_1242537830_767.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\17218048_1263967110_66.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\18524595_1273559130_737.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\2111662_1253939104_721.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\4629932_1198809482_969.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\ad_define.fai (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\ad_material.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\flashParam.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.0.0.29Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.26Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.27Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.28.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.fc! (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\localad.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> No action taken.
__________________
Alt 13.09.2010, 22:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Zitat:
Scan type: Quick scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.09.2010, 20:20   #5
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


hi,

hier nochmal der volle scan und OTL:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14.09.2010 21:11:23
mbam-log-2010-09-14 (21-11-23).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 221116
Time elapsed: 54 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 38
Files Infected: 284

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> No action taken.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> No action taken.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> No action taken.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer (Adware.Sogou) -> No action taken.
C:\Program Files\Funshion Online (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> Files: 473 -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\subflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\historyTorrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Media (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-001(100302) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-002(100302) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\seed (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flash (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashStamp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\historyTorrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\media (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\???? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\??? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\?????? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\????? (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\media\????(090518) (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update (Adware.Funshion) -> No action taken.

Files Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\sogou_explorer_silent_2.0.0.898_2180.exe (Adware.Sogou) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\se_setup.ini (Adware.Sogou) -> No action taken.
C:\Program Files\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\coreavc.ax (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\detector.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Dump.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\fpsrv.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\fptassrv.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\Funshop2.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\nicdescr.dat (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Box.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Check.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarSplidRgn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRightSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumbSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMuteSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNextSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPauseSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlaySmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPreSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolumeSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayFlickerBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBeforeSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgndSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownloadSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHeadSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumbSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrailSmall.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnBox.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnPt.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailHover.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarPlay.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TextBtnBk.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCaption.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconFail.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconInit.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconSuc.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp (Adware.Funshion) -> No action taken.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\FunPromo Shop Corpora.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Pop Game.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Update History.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\fsdxdiag.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\fstracert.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flash\FunshionAD20091027.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\00C759D9_1662_7AB4_A641_7537C39DF390.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0AA17966_50E5_2DF6_B0FE_C023879D67A9.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0D05AFA7_5DD7_F5B2_47AE_3B908F3D1938.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\1B8A2215_F102_DB0F_EF19_0D7BF3B6FB2A.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\28DCBEBA_2348_A0F3_6659_36EC2441A59F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\354B5DD3_F7DD_1B34_E03B_D95725D652AE.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\5E25FA28_40FB_90E1_7122_072F36C8746F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\9A948496_AB75_59AF_F6B8_4A3E03C1AB6A.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\AD9A6BC6_DACD_0E98_A20B_56F85B1256FD.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\BB6DD6A7_1DD5_901B_7905_9746F5FECA1E.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\C58D19A6_4C0D_7971_2451_D3FA4B146FD9.flv (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\flashNew\D30D5D77_97D0_A369_004D_31EEA289C7AE.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-001(100302).fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-002(100302).fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini\httpfile.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\ini\temp_config.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\ad_define.fai (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\ad_material.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\flashParam.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\Superjinchi\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\flash-1.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\fsdxdiag.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\fstracert.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\install.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\JINGE-KONSTANZ_info.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\blankFs.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\donghuanew_18.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flash\FunshionAD20100531.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\0F78EAFE_E0B6_3A5F_88C3_8F09D2F32E07.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\136FBFEE_570B_2B48_3E9C_7C8597F43FDB.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\338E3300_675D_E0D7_3FDB_7FBDEFCE3AF2.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\40931B43_81A1_D499_AF89_8AED9251DE70.date1283881489.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\411A37FA_AF50_0B5C_C95F_EA44F508C7BB.date1283460065.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\4261ECEC_54E6_E46D_3642_1156EDB81796.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\53A562F2_FB4E_C3A7_AB7F_193C5DA34970.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\666D662A_830F_D2CE_94AD_6D4EE0261CE6.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\6EDDBF99_2AFF_DFB6_18FC_97D682A089E3.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\7411FADC_ABBB_EAB7_FAAC_6A0E125B151D.date1282560456.flv (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\806FD83C_FD3D_C821_E901_4573CB4AC56C.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\87B0D1D6_95D4_3E78_6BD5_A2FE29753A3A.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\8F692FFE_255D_50BF_6EAA_CEBEAED415EC.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\95FE6CF0_D4FA_A82F_408A_1B6D7B6EA36F.date1283460064.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\9695251C_846F_628E_F7B2_9913BE1C982F.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B7215BB9_AB64_8F99_7F3C_FCD6D83FB755.date1283460064.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B980DFA5_9056_35DE_367B_F8DBE737729E.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\CCE75FFB_60CD_90E2_D0E3_4B9575DB1BD8.date1282560456.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\FA1E2857_5133_3DF0_2143_9FB20529DBF8.swf (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????????-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???2-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???3-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????3-MP4.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini\httpfile.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\ini\temp_config.ini (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\12771583_1235712901_130.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\1451101_1242537830_767.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\17218048_1263967110_66.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\18524595_1273559130_737.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\2111662_1253939104_721.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\Seed\4629932_1198809482_969.fsp (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\ad_define.fai (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\ad_material.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\flashParam.txt (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.0.0.29Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.26Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.27Beta.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.28.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.fc! (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.torrent (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\funshion\update\localad.fax (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Funshion.lnk (Adware.Funshion) -> No action taken.
C:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> No action taken.
OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.09.2010 21:14:06 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\vvjj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 296,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 1,42 Gb Free Space | 7,27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 129,51 Gb Total Space | 28,50 Gb Free Space | 22,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXXXKONSTANZ
Current User Name: vvjj
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\vvjj\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "128.151.65.101"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "128.151.65.101"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "128.151.65.101"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.ssl_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
 
[2009.06.11 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.09.13 22:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions
[2009.09.02 13:59:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.26 08:10:58 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.09.13 22:30:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.29 09:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.29 09:08:05 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.29 09:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.29 09:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.29 09:08:06 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.03 18:03:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Stormtray] C:\Program Files\StormII\Stormtray.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} hxxp://game-web.qq.com/client/QQGame2.cab (WebActivater Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.19 18:54:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.14 21:13:31 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 21:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\15
[2010.09.13 22:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\Malwarebytes
[2010.09.13 22:52:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.13 22:52:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.13 22:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.13 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 22:44:56 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.05 21:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010.09.05 21:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010.09.05 20:49:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.09.03 20:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\vlc
[2010.09.03 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp
[2010.08.30 21:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\mplayerc_20100214
[2010.08.30 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.29 09:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.14 21:13:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 18:58:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.14 18:58:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.14 18:57:23 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\vvjj\NTUSER.DAT
[2010.09.14 18:57:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vvjj\ntuser.ini
[2010.09.14 08:24:14 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.13 22:52:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.13 22:44:56 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.13 22:14:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.13 18:31:06 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.11 21:47:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 20:46:13 | 000,003,748 | ---- | M] () -- C:\Documents and Settings\vvjj\funshion.ini
[2010.09.05 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2010.09.03 20:00:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.03 18:03:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.30 21:49:14 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô.lnk
[2010.08.30 21:49:14 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓ°Òô.lnk
[2010.08.30 20:46:45 | 003,389,035 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:24 | 004,973,610 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.29 09:13:55 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.13 22:52:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 21:15:03 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.03 20:00:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.01 22:21:41 | 000,011,946 | ---- | C] () -- C:\Documents and Settings\vvjj\hs_err_pid3116.log
[2010.08.30 21:49:14 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 20:46:44 | 003,389,035 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:15 | 004,973,610 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.28 22:24:58 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[2010.07.11 14:41:43 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\vvjj\Application Data\coreavc.ini
[2010.07.08 20:45:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010.06.26 23:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.06.23 18:53:57 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_1.drv
[2010.06.20 22:37:25 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2010.05.06 21:35:30 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.01.20 21:59:28 | 000,001,275 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2010.01.20 21:59:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.01.06 23:27:52 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.08.21 23:39:43 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009.08.21 23:39:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.08.21 23:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009.07.23 21:43:38 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.11 23:42:14 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.11 23:42:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.01 22:56:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2009.06.01 22:54:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.06.01 22:54:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.06.01 22:54:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.05.25 20:04:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\funshionplugin2.INI
[2009.05.25 18:54:04 | 000,344,958 | R--- | C] () -- C:\WINDOWS\System32\imjp81k.dll
[2009.05.19 19:46:18 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\postgresinstall.bat
[2009.05.19 19:01:59 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009.04.09 04:34:40 | 000,001,164 | ---- | C] () -- C:\WINDOWS\System32\funshion.ini
 
========== Files - Unicode (All) ==========
[2009.12.01 23:52:42 | 000,000,632 | ---- | M] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,632 | ---- | C] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | M] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | C] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk
< End of report >
--- --- ---
Alt 14.09.2010, 21:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Zitat:
und er bietet mir an sogou und funshion zu löschen.
Was genau ist das? Wenn Malwarebytes das als bösartig erkennt, kann das nicht ganz i.O. sein!
__________________
--> Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!

Alt 14.09.2010, 21:19   #7
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


eingabetool für chinesische schriftzeichen. hab mal alles gelöscht was er verlangt. Das Problem mit den "bösen" googlelinks besteht aber weiterhin.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4610

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

14.09.2010 22:17:57
mbam-log-2010-09-14 (22-17-57).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 221116
Time elapsed: 54 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 38
Files Infected: 284

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\control (Adware.Funshion) -> Files: 473 -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\Media (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-001(100302) (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\Funshion\Media\??-002(100302) (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\seed (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashStamp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\media (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\media\??? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\media\?????? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\media\????? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\media\????(090518) (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\sogou_explorer_silent_2.0.0.898_2180.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Application Data\SogouExplorer\se_setup.ini (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\coreavc.ax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\detector.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Dump.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\fpsrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\fptassrv.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\Funshop2.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\nicdescr.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Box.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\CheckBox_Check.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarSplidRgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRightSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBarVolumeBarThumbSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnMuteSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNextSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPauseSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPlaySmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnPreSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarBtnVolumeSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayFlickerBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBeforeSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarBkgndSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarDownloadSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarHeadSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarThumbSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\PlaySplidBarTrailSmall.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnBox.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RadioBtnPt.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndHover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadHover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidHover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailHover.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TextBtnBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCapCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateCaption.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconFail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconInit.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\UpdateIconSuc.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Program Files\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\FunPromo Shop Corpora.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Pop Game.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Funshion\Update History.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\fsdxdiag.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\fstracert.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flash\FunshionAD20091027.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\00C759D9_1662_7AB4_A641_7537C39DF390.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0AA17966_50E5_2DF6_B0FE_C023879D67A9.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\0D05AFA7_5DD7_F5B2_47AE_3B908F3D1938.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\1B8A2215_F102_DB0F_EF19_0D7BF3B6FB2A.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\28DCBEBA_2348_A0F3_6659_36EC2441A59F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\354B5DD3_F7DD_1B34_E03B_D95725D652AE.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\5E25FA28_40FB_90E1_7122_072F36C8746F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\9A948496_AB75_59AF_F6B8_4A3E03C1AB6A.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\AD9A6BC6_DACD_0E98_A20B_56F85B1256FD.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\BB6DD6A7_1DD5_901B_7905_9746F5FECA1E.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\C58D19A6_4C0D_7971_2451_D3FA4B146FD9.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\flashNew\D30D5D77_97D0_A369_004D_31EEA289C7AE.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-001(100302).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\Funshion\historyTorrent\??-002(100302).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update\flashParam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\Superjinchi\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\flash-1.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\fsdxdiag.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\fstracert.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\JINGE-KONSTANZ_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\Cacheflash\donghuanew_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flash\FunshionAD20100531.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\0F78EAFE_E0B6_3A5F_88C3_8F09D2F32E07.date1283460065.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\136FBFEE_570B_2B48_3E9C_7C8597F43FDB.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\338E3300_675D_E0D7_3FDB_7FBDEFCE3AF2.date1283460065.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\40931B43_81A1_D499_AF89_8AED9251DE70.date1283881489.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\411A37FA_AF50_0B5C_C95F_EA44F508C7BB.date1283460065.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\4261ECEC_54E6_E46D_3642_1156EDB81796.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\53A562F2_FB4E_C3A7_AB7F_193C5DA34970.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\666D662A_830F_D2CE_94AD_6D4EE0261CE6.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\6EDDBF99_2AFF_DFB6_18FC_97D682A089E3.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\7411FADC_ABBB_EAB7_FAAC_6A0E125B151D.date1282560456.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\806FD83C_FD3D_C821_E901_4573CB4AC56C.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\87B0D1D6_95D4_3E78_6BD5_A2FE29753A3A.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\8F692FFE_255D_50BF_6EAA_CEBEAED415EC.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\95FE6CF0_D4FA_A82F_408A_1B6D7B6EA36F.date1283460064.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\9695251C_846F_628E_F7B2_9913BE1C982F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B7215BB9_AB64_8F99_7F3C_FCD6D83FB755.date1283460064.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\B980DFA5_9056_35DE_367B_F8DBE737729E.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\CCE75FFB_60CD_90E2_D0E3_4B9575DB1BD8.date1282560456.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\cache\flashNew\FA1E2857_5133_3DF0_2143_9FB20529DBF8.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????????-MP4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???2-MP4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\???3-MP4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Funshion\historyTorrent\????3-MP4.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\12771583_1235712901_130.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\1451101_1242537830_767.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\17218048_1263967110_66.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\18524595_1273559130_737.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\2111662_1253939104_721.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\Seed\4629932_1198809482_969.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\flashParam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.0.0.29Beta.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.20Beta.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.26Beta.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.27Beta.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.1.0.28.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.fc! (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\FunshionInstall2.2.0.17.exe.torrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Desktop\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.

Alt 14.09.2010, 21:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "128.151.65.101"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "128.151.65.101"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "128.151.65.101"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.ssl_port: 3128
[2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp
[2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.09.2010, 17:16   #9
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


was neu ist: mittlerweile meldet sich antivir ab und zu und findet den einen oder anderen schädling. z.b. TR/PSW.Papras.C in c:\windows\system32\attrdsvr.dll

hier extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.09.2010 18:04:40 - Run 3
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\vvjj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 512,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,41 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 129,51 Gb Total Space | 28,50 Gb Free Space | 22,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXXXKONSTANZ
Current User Name: vvjj
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Funshion Online\Funshion\Funshion.exe" = C:\Program Files\Funshion Online\Funshion\Funshion.exe:*:Enabled:Funshion -- File not found
"C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe" = C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator -- (PokerStrategy)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"E:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\Launcher.exe" = E:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"E:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = E:\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\vvjj\My Documents\Downloads\qq2009sp6_installer.exe" = C:\Documents and Settings\vvjj\My Documents\Downloads\qq2009sp6_installer.exe:*:Enabled:QQ2009 -- (Tencent)
"C:\Program Files\Tencent\QQ\Bin\QQ.exe" = C:\Program Files\Tencent\QQ\Bin\QQ.exe:*:Enabled:??QQ2009 -- (Tencent)
"C:\Program Files\Tencent\QQ\Bin\auclt.exe" = C:\Program Files\Tencent\QQ\Bin\auclt.exe:*:Enabled:QQ2010 -- (Tencent)
"C:\spiele\Qianhong\Qianhong.exe" = C:\spiele\Qianhong\Qianhong.exe:*:Enabled:Qianhong Application -- (jcraner.com)
"E:\Diablo\diablo.exe" = E:\Diablo\diablo.exe:*:Enabled:Diablo -- (Blizzard Entertainment)
"C:\Program Files\SogouInput\5.0.1.4185\PinyinUp.exe" = C:\Program Files\SogouInput\5.0.1.4185\PinyinUp.exe:*:Enabled:Sogou Pinyin Service -- (Sogou.com Inc.)
"C:\Program Files\Funshion Online\Funshion\FunshionService.exe" = C:\Program Files\Funshion Online\Funshion\FunshionService.exe:*:Enabled:FunshionService -- File not found
"C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe" = C:\Program Files\Funshion Online\Funshion\FunshionUpgrade.exe:*:Enabled:FunshionUpgrade -- File not found
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2009
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}" = Citrix XenApp Plugin for Hosted Apps
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Atheros Wireless LAN Client Adapter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61B9BC1E-F0E6-4A4F-98CB-A0D2EB2D7731}" = O2Micro Flash Memory Card Reader Driver (x86)
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A27CAF84-656A-4D4D-9D95-D5B1368074C7}" = PokerStrategy Elephant
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.865
"CCleaner" = CCleaner (remove only)
"Diablo" = Diablo
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Fallout2" = Fallout2
"GhostMouse 2.0" = GhostMouse 2.0
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maniac Mansion Deluxe" = Maniac Mansion Deluxe
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Pacific Poker" = Pacific Poker
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Qianhong" = Qianhong 3.5.1
"QQÓÎÏ·" = QQÓÎÏ·
"Sogou Input" = 搜狗拼音输入法 5.0正式版
"ST6UNST #1" = Recorder
"storm2" = ±©·çÓ°Òô
"Titan Poker" = Titan Poker
"TVEpaDrv" = Renkforce DVD MAKER II
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CGoban 3" = CGoban 3
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 13.09.2010 16:13:37 | Computer Name = JINGE-KONSTANZ | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
[ System Events ]
Error - 29.08.2010 03:50:05 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
 
Error - 30.08.2010 17:29:28 | Computer Name = JINGE-KONSTANZ | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
 PC-200904252256  that believes that it is the master browser for the domain on transport
 NwlnkNb.  The master browser is stopping or an election is being forced.
 
Error - 03.09.2010 11:53:10 | Computer Name = JINGE-KONSTANZ | Source = System Error | ID = 1003
Description = Error code 40000080, parameter1 855e4130, parameter2 85642f30, parameter3
 84a46f44, parameter4 00000001.
 
Error - 03.09.2010 11:56:43 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
 
Error - 03.09.2010 12:07:11 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
 
Error - 04.09.2010 05:21:17 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
 
Error - 13.09.2010 16:10:48 | Computer Name = JINGE-KONSTANZ | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.
 
Error - 14.09.2010 02:16:37 | Computer Name = JINGE-KONSTANZ | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
 address 0017C446EB6D has been  denied by the DHCP server 192.168.0.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 14.09.2010 02:24:23 | Computer Name = JINGE-KONSTANZ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring
 the volume.
 
Error - 15.09.2010 12:02:16 | Computer Name = JINGE-KONSTANZ | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
 while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring
 the volume.
 
 
< End of report >
--- --- ---


otl:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.09.2010 18:04:40 - Run 3
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Documents and Settings\vvjj\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
953,00 Mb Total Physical Memory | 512,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1428 2856 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 5,41 Gb Free Space | 27,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 129,51 Gb Total Space | 28,50 Gb Free Space | 22,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: XXXXXKONSTANZ
Current User Name: vvjj
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\vvjj\Local Settings\temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\vvjj\My Documents\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ASKUpgrade) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (o2flash) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "128.151.65.101"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "128.151.65.101"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "128.151.65.101"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "128.151.65.101"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "128.151.65.101"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "128.151.65.101"
FF - prefs.js..network.proxy.ssl_port: 3128
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.09 19:34:04 | 000,000,000 | ---D | M]
 
[2009.06.11 11:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions
[2009.06.11 11:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.09.15 08:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions
[2009.09.02 13:59:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.26 08:10:58 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.09.14 22:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.29 09:08:05 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.29 09:08:05 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.29 09:08:05 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.29 09:08:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.29 09:08:06 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.03 18:03:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Stormtray] C:\Program Files\StormII\Stormtray.exe File not found
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\Bin\AddEmotion.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} hxxp://game-web.qq.com/client/QQGame2.cab (WebActivater Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vvjj\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.19 18:54:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.15 18:04:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.09.14 21:13:31 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 21:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\15
[2010.09.13 22:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\Malwarebytes
[2010.09.13 22:52:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.13 22:52:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.13 22:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010.09.13 22:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 22:44:56 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.05 21:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010.09.05 21:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010.09.05 20:49:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.09.03 20:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Application Data\vlc
[2010.09.03 19:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp
[2010.08.30 21:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vvjj\Desktop\mplayerc_20100214
[2010.08.30 20:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.29 09:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.15 18:02:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.15 18:02:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.15 08:15:47 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\vvjj\NTUSER.DAT
[2010.09.15 08:15:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vvjj\ntuser.ini
[2010.09.14 21:13:32 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vvjj\My Documents\OTL.exe
[2010.09.14 08:24:14 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.13 22:52:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.13 22:44:56 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\vvjj\My Documents\mbam-setup.exe
[2010.09.13 22:14:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.13 18:31:06 | 000,050,176 | ---- | M] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.11 21:47:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.07 20:46:13 | 000,003,748 | ---- | M] () -- C:\Documents and Settings\vvjj\funshion.ini
[2010.09.05 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\SogouImeMgr.job
[2010.09.03 20:00:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.03 18:03:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.30 21:49:14 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓÎÏ·.lnk
[2010.08.30 21:49:14 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\±©·çÓ°Òô.lnk
[2010.08.30 21:49:14 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓ°Òô.lnk
[2010.08.30 20:46:45 | 003,389,035 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:24 | 004,973,610 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.29 09:13:55 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe
[2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\vvjj\My Documents\*.tmp files -> C:\Documents and Settings\vvjj\My Documents\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.13 22:52:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.12 21:15:03 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\attrdsvr.dll
[2010.09.03 20:00:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.09.01 22:21:41 | 000,011,946 | ---- | C] () -- C:\Documents and Settings\vvjj\hs_err_pid3116.log
[2010.08.30 21:49:14 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\Ãâ·ÑÓ°ÊÓ.lnk
[2010.08.30 21:49:14 | 000,001,090 | ---- | C] () -- C:\Documents and Settings\vvjj\Desktop\±©·çÓÎÏ·.lnk
[2010.08.30 20:46:44 | 003,389,035 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\eMule0.50a-Installer.exe
[2010.08.30 20:44:15 | 004,973,610 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\emule050a.exe
[2010.08.28 22:24:58 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010.08.23 09:14:59 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\vvjj\My Documents\launch.ica
[2010.07.11 14:41:43 | 000,000,915 | ---- | C] () -- C:\Documents and Settings\vvjj\Application Data\coreavc.ini
[2010.07.08 20:45:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010.06.26 23:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010.06.23 18:53:57 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_1.drv
[2010.06.20 22:37:25 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2010.05.06 21:35:30 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.01.20 21:59:28 | 000,001,275 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2010.01.20 21:59:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.01.06 23:27:52 | 000,000,110 | ---- | C] () -- C:\WINDOWS\GMouse.ini
[2009.08.21 23:39:43 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009.08.21 23:39:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.08.21 23:39:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009.07.23 21:43:38 | 000,050,176 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.11 23:42:14 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.11 23:42:14 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.01 22:56:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2009.06.01 22:54:46 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009.06.01 22:54:45 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.06.01 22:54:45 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.05.25 20:04:54 | 000,000,028 | ---- | C] () -- C:\WINDOWS\funshionplugin2.INI
[2009.05.25 18:54:04 | 000,344,958 | R--- | C] () -- C:\WINDOWS\System32\imjp81k.dll
[2009.05.19 19:46:18 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\vvjj\Local Settings\Application Data\postgresinstall.bat
[2009.05.19 19:01:59 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= >
Invalid Switch: askRedirect?o=13925&gct=&gc=1&q=
 
< IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=13928&l=dis >
Invalid Switch: ?o=13928&l=dis

 
< FF - prefs.js..network.proxy.backup.ftp: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.backup.ftp_port: 3128 >
 
< FF - prefs.js..network.proxy.backup.gopher: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.backup.gopher_port: 3128 >
 
< FF - prefs.js..network.proxy.backup.socks: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.backup.socks_port: 3128 >
 
< FF - prefs.js..network.proxy.backup.ssl: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.backup.ssl_port: 3128 >
 
< FF - prefs.js..network.proxy.ftp: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.ftp_port: 3128 >
 
< FF - prefs.js..network.proxy.gopher: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.gopher_port: 3128 >
 
< FF - prefs.js..network.proxy.http: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.http_port: 3128 >
 
< FF - prefs.js..network.proxy.share_proxy_settings: true >
 
< FF - prefs.js..network.proxy.socks: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.socks_port: 3128 >
 
< FF - prefs.js..network.proxy.ssl: "128.151.65.101" >
 
< FF - prefs.js..network.proxy.ssl_port: 3128 >
 
< [2010.08.30 21:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\rplsp >
 
< [2010.08.29 09:14:26 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF7975.exe >
 
< [2010.09.12 21:15:03 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\attrdsvr.dll >
 
< [2010.08.28 22:25:21 | 000,000,005 | ---- | M] () -- C:\zrpt.xml >
 
< :Commands >
 
< [purity] >
 
< [resethosts] >
 
< [emptytemp] >
 
========== Files - Unicode (All) ==========
[2009.12.01 23:52:42 | 000,000,632 | ---- | M] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,632 | ---- | C] ()(C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Documents and Settings\vvjj\Application Data\Microsoft\Internet Explorer\Quick Launch\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | M] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk
[2009.12.01 23:52:42 | 000,000,614 | ---- | C] ()(C:\Documents and Settings\vvjj\Desktop\????.lnk) -- C:\Documents and Settings\vvjj\Desktop\暴风影音.lnk

< End of report >
--- --- ---
Alt 15.09.2010, 17:54   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Wieso postest Du jetzt wieder OTL-Logs? Du solltest den OTL-Fix machen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.09.2010, 18:48   #11
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Ich hab den Fix jetzt gemacht. Leider verlinkt google immer noch auf komische Webseiten.

Folgendes Log kam nach neustart des computers:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "128.151.65.101" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "128.151.65.101" removed from network.proxy.backup.gopher
Prefs.js: 3128 removed from network.proxy.backup.gopher_port
Prefs.js: "128.151.65.101" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "128.151.65.101" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "128.151.65.101" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "128.151.65.101" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "128.151.65.101" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "128.151.65.101" removed from network.proxy.socks
Prefs.js: 3128 removed from network.proxy.socks_port
Prefs.js: "128.151.65.101" removed from network.proxy.ssl
Prefs.js: 3128 removed from network.proxy.ssl_port
C:\Program Files\Common Files\rplsp\Rpl\Codecs folder moved successfully.
C:\Program Files\Common Files\rplsp\Rpl folder moved successfully.
C:\Program Files\Common Files\rplsp folder moved successfully.
C:\WINDOWS\system32\CF7975.exe moved successfully.
C:\WINDOWS\system32\attrdsvr.dll moved successfully.
C:\zrpt.xml moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: elephant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Superjinchi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 24014979 bytes
->FireFox cache emptied: 4717815 bytes
->Flash cache emptied: 1406 bytes
 
User: vvjj
->Temp folder emptied: 4140721 bytes
->Temporary Internet Files folder emptied: 495156 bytes
->Java cache emptied: 94744679 bytes
->FireFox cache emptied: 76800675 bytes
->Flash cache emptied: 192701 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 424369 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 198,00 mb
 
 
OTL by OldTimer - Version 3.2.12.0 log created on 09152010_194139

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 15.09.2010, 18:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.09.2010, 18:49   #13
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


doppelpost

Alt 15.09.2010, 19:10   #14
Wurstbrod
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


der combofix log:

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-14.05 - vvjj 15.09.2010  19:58:34.9.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.953.611 [GMT 2:00]
ausgeführt von:: c:\documents and settings\vvjj\My Documents\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vvjj\My Documents\cc_20100915_195423.reg

c:\windows\system32\winlogon.exe . . . ist infiziert!!

c:\windows\explorer.exe . . . ist infiziert!!

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-15 bis 2010-09-15  ))))))))))))))))))))))))))))))
.

2010-09-15 17:41 . 2010-09-15 17:41	--------	d-----w-	C:\_OTL
2010-09-13 20:52 . 2010-09-13 20:52	--------	d-----w-	c:\documents and settings\vvjj\Application Data\Malwarebytes
2010-09-13 20:52 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 20:52 . 2010-09-13 20:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-13 20:52 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-13 20:45 . 2010-09-13 20:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-05 19:19 . 2010-09-05 19:19	--------	d-----w-	c:\program files\Flip Video
2010-09-05 19:04 . 2010-09-05 19:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\Flip Video
2010-09-03 18:00 . 2010-09-04 08:21	--------	d-----w-	c:\documents and settings\vvjj\Application Data\vlc
2010-09-03 17:59 . 2010-09-03 17:59	--------	d-----w-	c:\program files\VideoLAN
2010-08-30 18:47 . 2010-09-13 20:35	--------	d-----w-	c:\program files\eMule
2010-08-29 07:10 . 2010-08-29 07:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 17:54 . 2009-05-31 11:07	--------	d-----w-	c:\documents and settings\vvjj\Application Data\Media Player Classic
2010-09-15 17:52 . 2009-05-19 17:05	--------	d-----w-	c:\program files\CCleaner
2010-09-06 16:10 . 2009-06-11 08:59	--------	d-----w-	c:\documents and settings\vvjj\Application Data\uTorrent
2010-09-03 17:48 . 2009-08-04 20:43	--------	d-----w-	c:\documents and settings\vvjj\Application Data\DivX
2010-09-02 11:31 . 2009-12-01 21:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Storm
2010-08-27 22:55 . 2009-05-25 16:57	--------	d-----w-	c:\documents and settings\vvjj\Application Data\SogouPY
2010-07-29 21:48 . 2010-07-29 21:48	--------	d-----w-	c:\program files\QMI
2010-07-29 21:48 . 2009-05-20 22:36	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-25 10:12 . 2009-07-25 08:48	--------	d-----w-	c:\program files\DOSBox-0.73
2010-07-18 08:15 . 2010-06-30 16:49	--------	d-----w-	c:\documents and settings\vvjj\Application Data\SGPPLog
2010-07-08 18:48 . 2010-07-08 18:48	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2010-06-30 12:31 . 2008-04-14 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2008-04-14 12:00	667136	----a-w-	c:\windows\system32\wininet.dll
2010-06-23 18:32 . 2010-06-23 16:53	66936	--sha-w-	c:\windows\dlinfo_1.drv
2010-06-23 13:44 . 2008-04-14 12:00	1851904	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 18:40 . 2010-06-20 20:37	66936	--sha-w-	c:\windows\dlinfo_0.drv
2010-06-21 15:27 . 2008-04-14 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-20 19:54 . 2010-06-20 19:54	86528	----a-w-	c:\windows\bnetunin.exe
2010-06-20 19:54 . 2010-06-20 19:54	61440	----a-w-	c:\windows\diabunin.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . EEC9730F9CC03819111D90E6CAA2DCC9 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2008-04-14 . 2A39241E5FBED9C12BE29850232B8D89 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . DE4AA5D5375FFEFB183C103F3E50B3D3 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-14 149280]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PokerStrategy\\PokerStrategy Equilator\\Equilator.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\World of Warcraft\\WoW-3.2.0-deDE-downloader.exe"=
"e:\\World of Warcraft\\Launcher.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"e:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\vvjj\\My Documents\\Downloads\\qq2009sp6_installer.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\QQ.exe"=
"c:\\Program Files\\Tencent\\QQ\\Bin\\auclt.exe"=
"c:\\spiele\\Qianhong\\Qianhong.exe"=
"e:\\Diablo\\diablo.exe"=
"c:\\Program Files\\SogouInput\\5.0.1.4185\\PinyinUp.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [19.05.2009 19:33 108289]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [01.02.2008 04:02 65536]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.05.2009 19:02 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [21.05.2009 00:59 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [21.05.2009 00:37 43608]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11.06.2009 11:00 234888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [21.08.2009 23:39 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [21.08.2009 23:39 3072]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.06.2010 20:04 691696]
.
Inhalt des "geplante Tasks" Ordners

2010-09-05 c:\windows\Tasks\SogouImeMgr.job
- c:\progra~1\SOGOUI~1\501~1.418\SGTool.exe [2010-06-25 13:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: ???QQ?? - c:\program files\Tencent\QQ\Bin\AddEmotion.htm
DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} - hxxp://game-web.qq.com/client/QQGame2.cab
FF - ProfilePath - c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\vvjj\Application Data\Mozilla\Firefox\Profiles\opx683lu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Dateityp-Verknüpfung -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-15 20:01
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2025429265-299502267-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\MenuExt\ûm*R0RQ*Q*hˆÅ`]
"contexts"=dword:00000002
@="c:\\Program Files\\Tencent\\QQ\\Bin\\AddEmotion.htm"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\Citrix\ICA Client\pnsson.dll

- - - - - - - > 'lsass.exe'(824)
c:\program files\Citrix\ICA Client\pnsson.dll
.
Zeit der Fertigstellung: 2010-09-15  20:02:56
ComboFix-quarantined-files.txt  2010-09-15 18:02

Vor Suchlauf: 5.966.450.688 bytes free
Nach Suchlauf: 5.955.399.680 bytes free

- - End Of File - - 230832C8BB6C16E7E2B8E0FB51DB503B
--- --- ---
Alt 15.09.2010, 20:02   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Standard

Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
KILLALL::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-

File::
c:\windows\bnetunin.exe
c:\windows\diabunin.exe
c:\windows\dlinfo_1.drv
c:\windows\dlinfo_0.drv
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 3 1 23

Themen zu Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!
anfang, antivir, antivir guard, ask toolbar, avgnt, avira, bho, browser, combofix, components, desktop, firefox, gereinigt, google, helper, hijack, hijackthis, installation, internet explorer, jusched.exe, malware, mozilla, notepad.exe, phishing, plug-in, realtek, richtlinie, scan, server, sigcheck, software, sptd.sys, system, tencent, trojaner, werbesites, windows, windows xp


« Trojaner "Winserv.exe" eingefangen | JAVA/Agent.M.1 im Java Cache »


Ähnliche Themen: Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!


  1. Windows 7: MWAB findet immer wieder PUP.Optional.Shopperz.A
    Log-Analyse und Auswertung - 11.02.2015 (43)
  2. Windows 7: Rechner sehr langsam, MBAM findet immer wieder verschiedene Trojaner wie PUP.Optional.SystemSpeedup, Mindspark, PriceGong etc.
    Log-Analyse und Auswertung - 07.09.2014 (10)
  3. Windows XP: Internet Explorer öffnet sich immer wieder selbstständig
    Log-Analyse und Auswertung - 29.08.2013 (7)
  4. Windows 7: Malwarebytes findet immer wieder PUP.Optional.Conduit.A
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (9)
  5. Combofix händt sich immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 31.03.2013 (2)
  6. Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.
    Log-Analyse und Auswertung - 16.07.2012 (28)
  7. Windows Explorer stürzt bei pc start immer wieder ab und lädt sich neu
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (1)
  8. Windows Explorer funktioniert nicht mehr / Startet immer wieder eu
    Log-Analyse und Auswertung - 07.03.2012 (28)
  9. Mailware findet immer wieder trojaner
    Log-Analyse und Auswertung - 02.03.2012 (19)
  10. Combofix - immer wieder Rootkit!
    Mülltonne - 13.12.2010 (1)
  11. Bitte um HiJack-Logfile Auswertung - AntiVir findet Trojaner der immer wieder kommt
    Log-Analyse und Auswertung - 23.07.2010 (1)
  12. Explorer Startet nicht und Spybot findet Right Media immer wieder
    Plagegeister aller Art und deren Bekämpfung - 24.05.2010 (23)
  13. Hkey/AGprotect kommt immer wieder (Combofix-log)
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (2)
  14. Windows Explorer startet unter Vista immer wieder neu
    Alles rund um Windows - 23.03.2010 (1)
  15. Trotz system neu installation immer wieder WINDOWS explorer absturz
    Alles rund um Windows - 27.11.2009 (7)
  16. AntiVir Personal findet Trojaner immer wieder neu!
    Log-Analyse und Auswertung - 15.04.2009 (1)
  17. Antispy findet immer wieder IstBar Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.09.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! - Hallo, ich habe mir irgendwie einen Trojaner geholt. Am Anfang war es so, dass Links zu irgendwelchen Werbesites führten, heute hab ich auch nich einen Phishing Trojaner entdeckt. Früher hatte - Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert!...
Archiv
Du betrachtest: Trojaner im Computer. Combofix findet immer wieder: c:\windows\explorer.exe . . . ist infiziert! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131