| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Patched- TM [Trj] in c:\windows\explorer.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.01.2011, 17:11
| #1 |
| | ![Win32:Patched- TM [Trj] in c:\windows\explorer.exe - Standard](images/icons/icon1.gif){kind=icon} Win32:Patched- TM [Trj] in c:\windows\explorer.exe Hi @ all. Mir wird beim der avast! scan diese Meldung ausgegeben: Win32:Patched- TM [Trj], das ganze in meiner explorer.exe. Ich benutze Windows 7 Home 32bit, hab spybot und bis vor 2 tagen antivir genutzt. Antivir hat mir das gleiche angezeigt, nach einigem googln kam ich dann auf Anti-Malware. Dieses Programm hat mir aber 0 Fehler angezeigt. Danach hab ich mir avast! installiert, um zu testen ob antivir nicht richtig funktioniert. Avast! hat dann den gleichen Fehler angezeigt. Ich hab dann die verschiedene Möglichkeiten ausprobiert, in Container verschieben usw, was ja nicht funktioniert im laufenden Prozess. Dann hab ich den Explorer abgeschalten und gelöscht. Danach habe ich versucht mithilfe meiner Boot CD und der Systemwiederherstellung den Explorer wieder herzustellen, was auch ging aber ich habe nur wieder den Trojaner, die gleiche Anzeige in avast!. Anti-Malware zeigt mir weiterhin 0 Fehler. Ich habe leider keine ältere Systemherstellung, der letzte Eintrag ist von vor 3 Tagen (Windows-Update). Nun komm ich nicht mehr weiter, hab so an sich aber auch keine spürbaren Probleme, kein Abstürzen, PC läuft normal schnell... Anbei meine Scans: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5443
Windows 6.1.7600
Internet Explorer 9.0.7930.16406
02.01.2011 15:49:30
mbam-log-2011-01-02 (15-49-30).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136123
Laufzeit: 3 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter OTL Extras logfile created on: 02.01.2011 17:04:37 - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Public\Desktop\MFtools
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 348,19 Gb Total Space | 179,14 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Computer Name: ***PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\SRWare Iron\iron.exe (SRWare)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A532864-065D-4369-A548-DFF207C2C713}" = QIP 2010 3397 Jeak-Edition
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FFEC1CA-DD48-43C4-8BA1-01A82B2C8837}" = QIP 2010 4444 Jeak-Edition
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 7.0.520.1
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Blender" = Blender (remove only)
"Connectify" = Connectify
"DivX Setup.divx.com" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"GoldenEye: Source" = GoldenEye: Source - HalfLife 2 Mod
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HotspotShield" = Hotspot Shield 1.52
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IsoBuster_is1" = IsoBuster 2.8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"K-Meleon" = K-Meleon 1.5.4 de-DE (nur entfernen)
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox 4.0b6 (x86 de)" = Mozilla Firefox 4.0b6 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP3-Cutter" = MP3-Cutter
"Mumble" = Mumble and Murmur
"MyFreeCodec" = MyFreeCodec
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"rayatitray" = Ray Adams ATI Tray Tools
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"Steam App 218" = Source SDK Base 2007
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Update Service" = Update Service
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XMedia Recode" = XMedia Recode 2.2.4.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"22abf9dde03b3b37" = Seesmic for Windows
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter OTL logfile created on: 02.01.2011 17:04:36 - Run 2 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Public\Desktop\MFtools Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.7930.16406) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 348,19 Gb Total Space | 179,14 Gb Free Space | 51,45% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) PRC - C:\Program Files\jeak.de\QIP 2010 4196 Jeak-Edition\qip.exe (QIP) PRC - C:\Program Files\SRWare Iron\iron.exe (SRWare) PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Connectify\ConnectifyService.exe (Nomadio, Inc.) PRC - C:\Program Files\Connectify\Connectifyd.exe (Nomadio, Inc.) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Modules (SafeList) ========== MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) ========== Driver Services (SafeList) ========== DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (atitray) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys () DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (hcwPP2) -- C:\Windows\System32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://blog.fefe.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 6F 0A DD A5 57 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.4.2 FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.21 00:34:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.21 00:34:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files\K-Meleon\Plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files\K-Meleon\Components [2010.04.10 10:43:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.10 20:43:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.09.26 17:21:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins [2010.12.21 00:34:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.14 14:46:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.19 02:19:04 | 000,000,000 | ---D | M] [2010.10.05 00:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.02 10:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.27 03:10:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions [2010.11.28 09:06:43 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6} [2010.11.28 09:03:32 | 000,000,000 | ---D | M] (Sothink Flash Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D} [2010.11.28 08:53:10 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tttayqxy.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.05.23 02:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.12.21 00:34:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2010.12.21 00:34:50 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.10.24 23:21:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.24 23:21:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.24 23:21:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.24 23:21:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.24 23:21:40 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.02 16:03:16 | 000,427,737 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 14727 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3df6e85d-9896-11df-a458-0019db48e710}\Shell - "" = AutoRun O33 - MountPoints2\{3df6e85d-9896-11df-a458-0019db48e710}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{5d797118-b776-11df-b877-0019db48e710}\Shell - "" = AutoRun O33 - MountPoints2\{5d797118-b776-11df-b877-0019db48e710}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [3810.04.01 16:37:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [3810.04.01 16:37:35 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [3810.04.01 16:37:35 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [3810.04.01 16:37:35 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [3810.04.01 16:37:35 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [3810.04.01 16:37:35 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [3810.04.01 16:37:34 | 003,048,096 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys [3810.04.01 16:37:34 | 002,649,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [3810.04.01 16:37:34 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [3810.04.01 16:37:34 | 001,749,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [3810.04.01 16:37:34 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [3810.04.01 16:37:34 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [3810.04.01 16:37:34 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [3810.04.01 16:37:34 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [3810.04.01 16:37:34 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [3810.04.01 16:37:34 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [3810.04.01 16:37:34 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [3810.04.01 16:37:34 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [3810.04.01 16:37:34 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [3810.04.01 16:37:34 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [3810.04.01 16:37:34 | 000,307,616 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [3810.04.01 16:37:34 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [3810.04.01 16:37:34 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [3810.04.01 16:37:34 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [3810.04.01 16:37:34 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [3810.04.01 16:37:34 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [3810.04.01 16:37:34 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [3810.04.01 16:37:34 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [3810.04.01 16:37:34 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [3810.04.01 16:37:34 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [3810.04.01 16:37:34 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [3810.04.01 16:37:34 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [3810.04.01 16:37:34 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [3810.04.01 16:37:34 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [3810.04.01 16:37:34 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [3810.04.01 16:37:34 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [3810.04.01 16:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [3810.04.01 16:37:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [3810.04.01 16:37:32 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [3810.04.01 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [3810.04.01 16:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [3810.04.01 16:27:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [3810.04.01 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ [3810.04.01 16:27:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL [3810.04.01 16:22:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [3810.04.01 16:22:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [3810.04.01 16:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [3810.04.01 16:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [3810.04.01 16:20:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [3810.04.01 16:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [3810.04.01 16:14:21 | 000,000,000 | ---D | C] -- C:\ATI [3810.04.01 16:13:32 | 000,705,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll [3810.04.01 16:13:31 | 000,000,000 | ---D | C] -- C:\Windows\Panther [3810.04.01 16:13:21 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE [3810.04.01 16:13:17 | 000,000,000 | ---D | C] -- C:\NVIDIA [3810.04.01 16:09:14 | 000,000,000 | ---D | C] -- C:\Windows.old [3810.04.01 16:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [3810.04.01 16:02:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [3810.04.01 16:01:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [3810.04.01 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [3810.04.01 15:54:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [3810.04.01 15:54:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [3810.04.01 15:48:08 | 000,000,000 | R--D | C] -- C:\Programme [3810.04.01 15:47:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information [3810.04.01 15:47:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen [3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [3810.04.01 15:32:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [3810.04.01 15:31:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [3810.04.01 15:31:51 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [3810.04.01 15:31:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [3810.04.01 15:31:46 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Music [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Links [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [3810.04.01 15:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [3810.04.01 15:31:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [3810.04.01 15:31:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [3810.04.01 15:31:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Recovery [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [3810.04.01 15:31:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [3810.04.01 15:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [3810.04.01 15:14:32 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [3810.04.01 15:07:46 | 000,000,000 | -HSD | C] -- C:\Boot [2011.01.02 15:45:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.02 15:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ERUNT [2011.01.02 15:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.01.02 15:40:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.02 15:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.01.02 15:40:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.02 15:37:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2011.01.02 15:02:59 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.01.02 15:02:59 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.01.02 15:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\avast! Free Antivirus [2011.01.02 15:02:58 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.01.02 15:02:55 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.01.02 15:02:52 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.01.02 15:02:40 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.01.02 15:02:40 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2010.12.31 04:41:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2010.12.31 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.12.31 00:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2010.12.30 16:35:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.12.30 16:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 16:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.12.24 12:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4EF1C940-9150-467B-9027-ED397418F06D} [2010.12.21 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Local [2010.12.20 22:18:37 | 000,000,000 | ---D | C] -- C:\Users\***\tmp [2010.12.20 11:46:07 | 000,000,000 | ---D | C] -- C:\Users\***\temp [2010.12.19 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\***\win [2010.12.19 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Kazul [2010.12.19 17:14:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Egyzax [2010.12.16 04:33:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.12.16 04:33:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2010.12.16 04:33:41 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.12.16 04:33:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2010.12.16 04:33:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2010.12.16 04:33:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2010.12.16 04:33:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2010.12.16 04:33:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2010.12.16 04:33:38 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2010.12.16 04:33:37 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.12.14 20:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2010.12.14 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2010.12.14 20:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Steam [2010.12.14 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2010.12.14 20:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\GoldenEye Source v4.1 [2010.12.08 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D8D4B39E-B1DB-41B2-AF62-C96FFDD28D74} [2010.12.08 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B54C3638-F853-407A-B46B-A67C94D84EDC} [2010.12.08 14:12:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2010.12.05 19:50:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B90D3740-A3C5-4D94-806A-0EF2EF3E9CBB} [2010.12.05 19:49:30 | 000,000,000 | ---D | C] -- C:\Windows\de [2010.12.05 19:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010.12.05 19:46:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2010.12.05 19:46:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2010.12.05 19:46:02 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2010.12.05 19:45:41 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2010.12.05 19:45:08 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2010.12.05 19:45:08 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2010.12.05 19:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live [2010.12.05 19:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\YouTube Downloader [2010.12.05 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader [2010.04.29 19:16:00 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe1785.dll ========== Files - Modified Within 30 Days ========== [3810.04.01 16:13:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [3810.04.01 16:13:19 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [3810.04.01 15:17:53 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf [3810.04.01 15:17:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [3810.04.01 15:16:35 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [3810.04.01 14:56:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [3810.04.01 14:56:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [3810.04.01 14:52:03 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2011.01.02 16:29:43 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 16:29:43 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.02 16:26:48 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.02 16:26:48 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.02 16:26:48 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.02 16:26:48 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.02 16:22:35 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.02 16:22:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.02 16:22:15 | 2415,456,256 | -HS- | M] () -- C:\hiberfil.sys [2011.01.02 16:16:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001UA.job [2011.01.02 16:14:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.02 16:03:16 | 000,427,737 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.01.02 15:26:40 | 000,843,814 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt.png [2011.01.02 15:02:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.01.02 15:02:52 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.01.01 22:41:45 | 000,045,614 | ---- | M] () -- C:\Users\***\Desktop\164504_153427604707783_100001216342050_306293_3459804_n.jpg [2010.12.31 02:07:13 | 000,466,925 | ---- | M] () -- C:\Users\***\Desktop\d1.jpg [2010.12.30 06:34:50 | 000,461,537 | ---- | M] () -- C:\Users\***\Desktop\bh.jpg [2010.12.29 15:21:16 | 000,005,363 | ---- | M] () -- C:\Users\***\Desktop\get_pdf.pdf [2010.12.29 14:16:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001Core.job [2010.12.21 22:44:52 | 000,000,100 | ---- | M] () -- C:\Windows\wininit.ini [2010.12.21 22:14:41 | 000,427,737 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110102-160316.backup [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.16 19:03:18 | 000,290,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.14 20:46:48 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.12.14 20:41:55 | 000,139,128 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.12.10 02:55:54 | 000,171,014 | ---- | M] () -- C:\game.ico [2010.12.05 19:48:29 | 000,000,020 | ---- | M] () -- C:\Windows\èúÆ ========== Files Created - No Company Name ========== [3810.04.01 16:46:27 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved [3810.04.01 16:13:32 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [3810.04.01 16:13:19 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [3810.04.01 15:17:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [3810.04.01 15:16:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [3810.04.01 15:14:13 | 2415,456,256 | -HS- | C] () -- C:\hiberfil.sys [3810.04.01 15:07:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [3810.04.01 15:07:46 | 000,383,562 | RHS- | C] () -- C:\bootmgr [3810.04.01 14:56:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [3810.04.01 14:56:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [3810.04.01 13:39:12 | 000,009,227 | ---- | C] () -- C:\Users\***\Desktop\BÜCHERVERKAUF.odt [2011.01.02 15:26:40 | 000,843,814 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt.png [2011.01.02 15:02:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.01.01 22:41:50 | 000,045,614 | ---- | C] () -- C:\Users\***\Desktop\164504_153427604707783_100001216342050_306293_3459804_n.jpg [2010.12.31 02:07:13 | 000,466,925 | ---- | C] () -- C:\Users\***\Desktop\d1.jpg [2010.12.30 06:34:50 | 000,461,537 | ---- | C] () -- C:\Users\***\Desktop\bh.jpg [2010.12.29 15:21:16 | 000,005,363 | ---- | C] () -- C:\Users\***\Desktop\get_pdf.pdf [2010.12.21 22:44:52 | 000,000,100 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.10 02:55:54 | 000,171,014 | ---- | C] () -- C:\game.ico [2010.12.08 14:11:44 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001UA.job [2010.12.08 14:11:43 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-848041316-3006911568-935130591-1001Core.job [2010.12.05 19:48:28 | 000,000,020 | ---- | C] () -- C:\Windows\èúÆ [2010.11.15 01:52:22 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.07.26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.07.26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.07.26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.07.26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.07.22 23:12:53 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.07.22 23:12:53 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.07.06 16:43:36 | 000,003,838 | ---- | C] () -- C:\ProgramData\driverinfo.txt [2010.05.14 22:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.05.14 22:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.05.14 22:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.07 17:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.05.06 23:02:09 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.06 23:02:09 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.05.06 23:02:07 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.06 23:02:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.06 23:02:05 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.18 22:26:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwXDS.dll [2010.04.02 10:55:02 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.04.02 10:55:02 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2010.04.01 17:04:04 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.11.17 11:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.07.14 00:24:44 | 000,003,584 | ---- | C] () -- C:\Windows\System32\kb.dll [2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== LOP Check ========== [2010.04.06 15:14:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.bsnes [2010.04.29 20:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2010.05.21 02:57:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation [2010.06.28 05:04:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bump Technologies, Inc [2010.05.19 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.07.15 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2010.12.21 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Egyzax [2010.11.28 08:33:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2010.12.29 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.04.10 10:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Meleon [2010.12.21 12:24:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kazul [2010.04.01 17:00:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.21 00:34:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local [2010.08.04 19:48:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble [2011.01.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor [2010.04.07 13:15:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.09.27 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.11.28 09:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.11.28 08:29:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2010.06.01 15:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2010.09.08 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.07.15 18:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.04.02 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.10.22 23:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.11.30 14:05:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.07.26 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2010.08.16 02:42:11 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job [2010.12.26 22:45:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG Sven Die vollen Scans von Anti-Malware und avast! kommen zum gleichen Ergebnis. Wenn ich explorer.exe abschalte und ohne Neustart starten möchte, springt übrigens das avast! Fenster auf und lässt das Programm nicht zu. Starte ich win7 normal, kommt keine solche Meldung. so, nun ist nochmal irgendwas passiert mit der explorer.exe, mein Netzwerk sollte in ein öffentliches umgewandelt werden (?), danach hatte ich rechts unten das icon für "netzwerk deaktiviert", allerdings noch normalen Zugang ins Internet. Darauf hin habe ich nochmal eine Systemwiederherstellung gemacht, die aufgrund einer Fehlermeldung (leider zu schnell weggeklickt) nicht funktionierte und den Eintrag aus der Liste der Optionen gelöscht hat. Danach habe ich einen neueren Eintrag gewählt (vom 31.12., zu dem Zeitpunkt hatte ich aber schon definitiv die Anzeige im antivir sowie avast). Da ich nun aufgrund der Systemwiederherstellung keines der beiden Programme mehr installiert hatte, habe ich mich diesmal für Microsoft Essentials entschieden. Dies hat bei seinem Scan keinen Virus oder Trojaner gefunden. Danach habe ich noch einen quickscan mit Windows Live OneCare Safety durchgeführt, der auch ohne Meldung war. Anti-Malware ebenso nichts. Jetzt nicht das ich mich großartig freuen würde, ich tu mich grad schwer nochmals antivir / avast zum Gegenprüfen zu installieren. Vllt hat doch noch jemand eine Idee zu dem ganzen. Gruß |
|
03.01.2011, 13:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win32:Patched- TM [Trj] in c:\windows\explorer.exe Bitte Logs mit GMER und mbrcheck erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
03.01.2011, 18:29
| #3 |
| | Win32:Patched- TM [Trj] in c:\windows\explorer.exe Hi cosinus,
__________________danke für deine Antwort. Hier das GMER log, wobei ich keine Auswahl hatte wo ich hätte "No" drücken können (und kein Absturz). Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-03 18:14:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000073 SAMSUNG_ rev.CT10
Running: x3b9mgq4.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldypog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E57599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x91033000, 0x2ECEB2, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[876] Explorer.EXE 0069317E 2 Bytes [0C, 16] {OR AL, 0x16}
.text C:\Windows\Explorer.EXE[876] Explorer.EXE 00693190 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[876] kernel32.dll!CreateProcessInternalW 76E042CE 5 Bytes JMP 00357207
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000005d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
und MBRCheck gibts hier, wobei ja schon die Option zum fixen vom mbr zwecks Infektion angezeigt wird... Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7350
Logical Drives Mask: 0x000010fc
Kernel Drivers (total 197):
0x82E14000 \SystemRoot\system32\ntkrnlpa.exe
0x83224000 \SystemRoot\system32\halmacpi.dll
0x80BC2000 \SystemRoot\system32\kdcom.dll
0x8AE12000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AE8A000 \SystemRoot\system32\PSHED.dll
0x8AE9B000 \SystemRoot\system32\BOOTVID.dll
0x8AEA3000 \SystemRoot\system32\CLFS.SYS
0x8AEE5000 \SystemRoot\system32\CI.dll
0x8B010000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B081000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B08F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B0D7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B0E0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B0E8000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B112000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B11D000 \SystemRoot\System32\drivers\partmgr.sys
0x8B12E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B13E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B189000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8B190000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B19E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1B4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B1BD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AF90000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8AFB5000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B20E000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8B245000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B24E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B282000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B293000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B3C2000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B3ED000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B42D000 \SystemRoot\System32\Drivers\cng.sys
0x8B48A000 \SystemRoot\System32\drivers\pcw.sys
0x8B498000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B4A1000 \SystemRoot\system32\drivers\ndis.sys
0x8B558000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B596000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B61D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B766000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B797000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B7D6000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5BB000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B7DE000 \SystemRoot\System32\Drivers\mup.sys
0x8B7EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B83E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B870000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B881000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B905000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B924000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B94B000 \SystemRoot\System32\Drivers\Null.SYS
0x8B952000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B959000 \SystemRoot\System32\drivers\vga.sys
0x8B965000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B986000 \SystemRoot\System32\drivers\watchdog.sys
0x8B993000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B99B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B9A3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B9AB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B9B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B9C4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B9DB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9062B000 \SystemRoot\system32\drivers\afd.sys
0x90685000 \SystemRoot\System32\DRIVERS\netbt.sys
0x906B7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x906BE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x906DD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90705000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90718000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90728000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90769000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90773000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9077D000 \SystemRoot\System32\drivers\discache.sys
0x90789000 \SystemRoot\System32\Drivers\dfsc.sys
0x907A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x907AF000 \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
0x907B3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x907D4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90600000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x91032000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x90C17000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90CCE000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90D07000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90D26000 \SystemRoot\system32\DRIVERS\fdc.sys
0x90D31000 \SystemRoot\system32\DRIVERS\parport.sys
0x90D61000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90D6E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90D7B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90D85000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90DD0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91599000 \SystemRoot\system32\DRIVERS\hcwPP2.sys
0x915C7000 \SystemRoot\system32\DRIVERS\ks.sys
0x9186C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91879000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x91898000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x918AA000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x918BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x918D2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x918DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x918FF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91917000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9192E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91945000 \SystemRoot\system32\DRIVERS\taphss.sys
0x9194C000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x91952000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91954000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91962000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x919A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x96816000 \SystemRoot\system32\drivers\HdAudio.sys
0x96866000 \SystemRoot\system32\drivers\portcls.sys
0x96895000 \SystemRoot\system32\drivers\drmk.sys
0x9741B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97702000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9770D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97720000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97727000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x97729000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97740000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81E80000 \SystemRoot\System32\win32k.sys
0x9774B000 \SystemRoot\System32\drivers\Dxapi.sys
0x97755000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9776C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x97778000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97785000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x9778F000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x977C6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x977D7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x820E0000 \SystemRoot\System32\TSDDD.dll
0x82110000 \SystemRoot\System32\cdd.dll
0x977E2000 \SystemRoot\system32\drivers\luafv.sys
0x97400000 \SystemRoot\system32\drivers\WudfPf.sys
0x968AE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x968BE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x968D1000 \SystemRoot\system32\drivers\HTTP.sys
0x96956000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9696F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x96981000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x969A4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x969DF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96800000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9CC30000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9CCC0000 \SystemRoot\system32\drivers\peauth.sys
0x9CD57000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CD61000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CD82000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CD8F000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x9CD99000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8B8A6000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CDE8000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9CDF4000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0x9CDF9000 \SystemRoot\System32\drivers\dgderdrv.sys
0x9CC21000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0x919B7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91800000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA409E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA40A7000 \??\C:\Users\***\AppData\Local\Temp\kxldypog.sys
0xA40BF000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x76EE0000 \Windows\System32\ntdll.dll
0x48370000 \Windows\System32\smss.exe
0x77120000 \Windows\System32\apisetschema.dll
0x00E40000 \Windows\System32\autochk.exe
0x77040000 \Windows\System32\msctf.dll
0x77020000 \Windows\System32\imm32.dll
0x76ED0000 \Windows\System32\normaliz.dll
0x76E90000 \Windows\System32\ws2_32.dll
0x76DB0000 \Windows\System32\kernel32.dll
0x76C10000 \Windows\System32\setupapi.dll
0x76C00000 \Windows\System32\nsi.dll
0x76B70000 \Windows\System32\oleaut32.dll
0x76A50000 \Windows\System32\wininet.dll
0x769F0000 \Windows\System32\difxapi.dll
0x769A0000 \Windows\System32\Wldap32.dll
0x768D0000 \Windows\System32\user32.dll
0x767C0000 \Windows\System32\urlmon.dll
0x76720000 \Windows\System32\advapi32.dll
0x76670000 \Windows\System32\rpcrt4.dll
0x765D0000 \Windows\System32\usp10.dll
0x765C0000 \Windows\System32\lpk.dll
0x76570000 \Windows\System32\gdi32.dll
0x764F0000 \Windows\System32\comdlg32.dll
0x764C0000 \Windows\System32\imagehlp.dll
0x75870000 \Windows\System32\shell32.dll
0x75670000 \Windows\System32\iertutil.dll
0x75660000 \Windows\System32\psapi.dll
0x75600000 \Windows\System32\shlwapi.dll
0x755E0000 \Windows\System32\sechost.dll
0x75550000 \Windows\System32\clbcatq.dll
0x754A0000 \Windows\System32\msvcrt.dll
0x75340000 \Windows\System32\ole32.dll
0x752B0000 \Windows\System32\comctl32.dll
0x75280000 \Windows\System32\xmllite.dll
0x75260000 \Windows\System32\devobj.dll
0x75140000 \Windows\System32\crypt32.dll
0x750F0000 \Windows\System32\KernelBase.dll
0x750C0000 \Windows\System32\wintrust.dll
0x75090000 \Windows\System32\cfgmgr32.dll
0x75080000 \Windows\System32\msasn1.dll
Processes (total 60):
0 System Idle Process
4 SYSTEM
264 C:\Windows\System32\smss.exe
392 csrss.exe
464 C:\Windows\System32\wininit.exe
472 csrss.exe
524 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\svchost.exe
844 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
932 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\atieclxx.exe
1324 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1636 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1672 C:\Windows\System32\dgdersvc.exe
1704 C:\Windows\System32\svchost.exe
1744 C:\Windows\System32\FsUsbExService.Exe
1768 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1792 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1820 C:\Program Files\Hotspot Shield\bin\hsswd.exe
1856 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1896 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2036 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
312 C:\Windows\System32\dwm.exe
876 C:\Windows\explorer.exe
1092 C:\Windows\System32\taskhost.exe
1868 C:\Windows\System32\taskeng.exe
1720 C:\Program Files\Connectify\ConnectifyService.exe
2136 C:\Windows\System32\PnkBstrA.exe
2156 C:\Windows\System32\svchost.exe
2248 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2372 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2484 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2808 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2968 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3160 C:\Windows\System32\svchost.exe
3280 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3888 C:\Windows\System32\SearchIndexer.exe
4060 WmiPrvSE.exe
664 C:\Program Files\Connectify\Connectifyd.exe
1840 C:\Program Files\Windows Media Player\wmpnetwk.exe
1000 C:\Windows\System32\audiodg.exe
3360 C:\Program Files\Microsoft Security Client\msseces.exe
2852 C:\Windows\servicing\TrustedInstaller.exe
2816 C:\Windows\System32\VSSVC.exe
1724 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\SearchProtocolHost.exe
1480 C:\Program Files\jeak.de\QIP 2010 4196 Jeak-Edition\qip.exe
3944 C:\Users\***\Desktop\MBRCheck.exe
3988 C:\Windows\System32\conhost.exe
1240 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00002600 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD403LJ, Rev: CT10
Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: 777A3714DE624CB997E0E11C06F7961B443C9377
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
|
|
03.01.2011, 20:42
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Patched- TM [Trj] in c:\windows\explorer.exe Oh, hab OSAM vergessen. Mach bitte noch ein Log mit OSAM. Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.01.2011, 23:29
| #5 |
| | Win32:Patched- TM [Trj] in c:\windows\explorer.exe ja hab ich ist das wie früher beim XP "fixmbr" oder so? sowas hab ich nämlich gesucht beim systemwiederherstellen, aber funktioniert ja so nicht oder? |
|
04.01.2011, 09:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Patched- TM [Trj] in c:\windows\explorer.exe Boote den Rechner von dieser DVD. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Führe dann mbrcheck nochmal aus.
__________________ --> Win32:Patched- TM [Trj] in c:\windows\explorer.exe |
|
| Themen zu Win32:Patched- TM [Trj] in c:\windows\explorer.exe |
| 78.42.43.62, abstürzen, antivir, avast!, bho, conduit, corp./icp, desktop, downloader, dropbox, entfernen, error, feedback, firefox, flash player, fontcache, goldeneye, google, google chrome, google earth, home, home premium, hotspot shield, install.exe, langs, location, logfile, media center, microsoft essentials, mozilla, mozilla thunderbird, nvmf6232.sys, nvstor.sys, object, oldtimer, otl.exe, pc läuft, programdata, programm, realtek, registry, safer networking, saver, scan, searchplugins, security, server, shell32.dll, software, staropen, start menu, studio, super, system restore, systemwiederherstellung gemacht, taskhost.exe, teamspeak, trojaner, visual studio, vlc media player, vodafone, webcheck, windows, windows 7 home, youtube downloader |
![Win32:Patched- TM [Trj] in c:\windows\explorer.exe](iconimages/plagegeister-aller-art-deren-bekaempfung/win32-patched-tm-trj-c-windows-explorer-exe_ltr.gif)
Linear-Darstellung
