| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen [trojan].Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.03.2011, 13:25
| #1 |
 | ![TR/Dropper.Gen [trojan]. - Standard](images/icons/icon1.gif){kind=icon} TR/Dropper.Gen [trojan]. Hallo, Ich hab mir letztens blöderweise den TR/Dropper Gen eingefangen und hab keine Ahnung, was jetzt genau los ist. Bisher habe Ich noch keine Veränderungen im Computerbetrieb feststellen können und wollte einfach mal fragen, ob sich jemand meine Logs mal anschauen könnte und evtl. Entwarnung geben könnte. Der TR/Dropper Gen wurde von Avira erkannt und in die Quarantäne verschoben. Wenn Ich jetzt einen Systemcheck von avira machen lasse findet er auch nichts mehr. Malwarebytes hab Ich auch durchlaufen lassen, hat aber nichts gefunden. Auf jeden Fall kommen hier jetzt erst mal die drei Logs, die ich nach Anleitung angefertigt habe. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2011 12:20:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe PRC - [2011.03.26 22:02:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 22:09:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe ========== Modules (SafeList) ========== MOD - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - [2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 16:22:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.05.07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.05.14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.03.06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2005.03.02 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.2 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008.06.23 22:27:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.09.11 19:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.30 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions [2011.03.17 15:35:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.02.11 02:14:26 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2008.09.11 19:18:54 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\betteryoutube@ginatrapani.org [2011.03.30 12:12:49 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\firegestures@xuldev.org [2008.07.21 13:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.09.11 19:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009.06.14 00:50:06 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.10.02 22:17:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.02 22:17:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.02 22:17:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.02 22:17:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.02 22:17:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsm] File not found O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\Shell\AutoRun\command - "" = F:\umenu.exe O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe () MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe () MsConfig - StartUpReg: ASUSTPE - hkey= - key= - File not found MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found MsConfig - StartUpReg: PowerForPhone - hkey= - key= - C:\Program Files\PowerForPhone\PowerForPhone.exe () MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: Ulead AutoDetector - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.30 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.30 12:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.03.27 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.03.27 20:00:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.27 20:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.27 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.27 20:00:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.27 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.03.17 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2011.03.04 23:34:14 | 000,559,024 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v12.1.1.ocx [2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flv Audio Video Extractor [2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Flv Audio Video Extractor [2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job [2011.03.30 12:17:15 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.30 12:17:15 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.30 12:16:48 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.30 12:16:48 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.30 12:16:48 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.30 12:16:48 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.30 12:11:48 | 000,027,430 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.30 12:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.30 12:11:08 | 2012,397,568 | -HS- | M] () -- C:\hiberfil.sys [2011.03.30 12:10:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job [2011.03.18 15:25:05 | 000,414,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.04 23:34:14 | 000,000,864 | ---- | M] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk [2011.03.01 22:50:59 | 000,045,056 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.03.30 12:17:15 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.30 12:17:15 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.17 22:36:36 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2011.03.04 23:34:14 | 000,000,864 | ---- | C] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk [2010.01.25 17:00:35 | 000,030,247 | ---- | C] () -- C:\Windows\scunin.dat [2009.12.15 15:45:46 | 000,016,903 | ---- | C] () -- C:\Windows\DIIUnin.dat [2009.11.14 00:56:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.14 00:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.12 22:49:28 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.08.03 11:33:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.03.30 16:40:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.03.30 16:40:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.03.30 16:40:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.11.13 22:41:44 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.11.13 22:41:44 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.14 17:43:23 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.09.12 13:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.23 16:23:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.06.16 22:04:34 | 000,000,321 | ---- | C] () -- C:\Windows\ulead32.ini [2008.06.16 21:54:26 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.06.16 19:34:34 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.06.12 16:22:38 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.06.12 00:08:19 | 000,045,056 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.12 00:01:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.04.29 08:02:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.04.29 07:56:47 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.04.29 07:56:36 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2008.04.29 07:56:34 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2007.04.18 11:14:04 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.04.18 11:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.04.18 11:14:04 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.04.18 11:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.04.18 10:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.03.06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,414,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2008.06.23 22:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2009.08.09 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2008.07.20 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab [2011.03.28 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2008.06.23 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar [2008.07.04 21:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2009.06.14 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2008.10.14 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2008.06.23 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer [2008.06.23 21:31:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2008.09.09 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2011.03.30 12:10:21 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job [2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.06.12 16:18:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.04.29 05:54:47 | 000,000,000 | ---D | M] -- C:\ADOBE [2009.12.01 10:51:08 | 000,000,000 | -HSD | M] -- C:\Boot [2008.06.23 19:55:37 | 000,000,000 | ---D | M] -- C:\CDDB [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.30 12:08:35 | 000,000,000 | ---D | M] -- C:\Downloads [2008.06.22 20:24:44 | 000,000,000 | ---D | M] -- C:\My Music [2008.04.29 05:51:11 | 000,000,000 | ---D | M] -- C:\NIS [2009.09.12 23:55:15 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.07.04 20:41:47 | 000,000,000 | ---D | M] -- C:\PerfLogs [2008.04.28 18:14:03 | 000,000,000 | ---D | M] -- C:\Preload [2011.03.30 12:17:14 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.27 20:00:33 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.01.05 07:36:44 | 000,000,000 | ---D | M] -- C:\Programme [2011.03.30 12:21:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.06.22 20:21:11 | 000,000,000 | R--D | M] -- C:\Users [2010.08.02 16:51:48 | 000,000,000 | ---D | M] -- C:\Westwood [2011.02.23 22:51:35 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.29 06:32:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.29 06:32:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 14:02:52 < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.03.2011 12:20:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{247F3926-D08A-4CAC-A8D8-0460C36F9142}" = rport=138 | protocol=17 | dir=out | app=system |
"{264130A1-3B56-48AF-A7EF-B79D51A28B52}" = lport=139 | protocol=6 | dir=in | app=system |
"{475938AF-80CB-4A93-9292-9F81FE6F3D75}" = rport=137 | protocol=17 | dir=out | app=system |
"{580F77E8-11E2-4F13-8367-0F7E850952EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{58F2B9FC-57CB-4DED-8503-8A6326B57B92}" = rport=445 | protocol=6 | dir=out | app=system |
"{6814A8CE-6AAC-4681-AD60-970BF2E10DF1}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F0967BB-B7A4-436E-B8C9-D07FA0BCF0EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFF2201E-5FF1-4B74-AEEC-BDB6CE4963C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7AFC9C8-A754-422A-AF00-B0DAC6347BFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D42688D0-FFCB-47CE-B836-457F21D75615}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FF959A-4D02-495F-BC6E-3A1AF8DC8A16}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{08F5D5EA-9A17-49B9-A279-12DAFC137E7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1992F291-D0C7-4CC2-BAEE-505CEDDB0D91}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{22AA1750-67BD-4235-AF32-D481E8C7BA0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F509C62-0DE3-4A3F-A292-1027CB3E7DAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BA1DD14-D773-431D-9D4C-F0C89F3B7923}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{831616DB-AD8C-4625-B9B4-6695A0A56429}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{96B12EC4-4E18-4B02-AEDD-78186F3A0AD2}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{ADD4B7FE-5E99-46F6-A597-E3CA865EBC35}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{D133ACE8-3C03-4483-ACB4-78557C704BA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D2AB1CBA-D791-4548-8F97-8AE77127412A}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FC2FF3D3-BABF-49B1-B1EF-7B25E29E4046}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"TCP Query User{0CF6FD06-8256-423B-853E-90BDE1C443FE}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{10A60E74-46DD-4E0B-A797-893871D3A92E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AFAD91B0-DEFE-493C-88E5-3CBE84021FDF}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{0842F692-1067-409F-A847-36006F67D245}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{466204E1-5227-45AE-8EEA-0C250EEAA27C}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{72668DDC-F61D-4684-AB14-4E15B7175A9D}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Digital Camera Driver" = Digital Camera Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Flv Audio Video Extractor_is1" = Flv Audio Video Extractor 2.0
"Free Download Manager_is1" = Free Download Manager 3.0
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.41
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 0.9.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 07.02.2011 06:25:50 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8193
Description =
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8210
Description =
Error - 09.02.2011 13:24:39 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 13.02.2011 17:47:56 | Computer Name = ***Laptop | Source = EventSystem | ID = 4622
Description =
Error - 26.02.2011 08:58:51 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 27.02.2011 11:18:08 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 01.03.2011 14:58:48 | Computer Name = ***Laptop | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12ec Anfangszeit: 01cbd8380bf077e0 Zeitpunkt der Beendigung:
16
[ System Events ]
Error - 31.01.2011 18:49:46 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 08.02.2011 15:54:13 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 10.02.2011 20:13:03 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 14.02.2011 07:46:03 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
857424. Anzahl der gedruckten Bytes: 526560. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 14.02.2011 07:47:06 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
196608. Anzahl der gedruckten Bytes: 92604. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 24.02.2011 21:13:08 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 18.03.2011 16:07:27 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 23.03.2011 22:01:16 | Computer Name = ***Laptop | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Atheros AR5007EG Wireless Network Adapter" (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&14aa9c8c&0&0068)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 29.03.2011 09:40:39 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 30.03.2011 06:09:49 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 13:05:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9250827AS rev.3.AAA
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kxliqkow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B803340, 0x3442A7, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Hier hab Ich auch noch die Ereignisse, die Avira gemeldet hat: 21:52:54 In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben 21:53:51 In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 21:53:53 Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 59 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 Anzahl Fehler: 0 21:53:53 Die Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49bcf3ae.qua' verschoben! Hoffe Ich habe alles richtig gemacht. Danke schon mal! falls nötig, kann ich auch HijackThis noch mal drüberlaufen lassen |
| Themen zu TR/Dropper.Gen [trojan]. |
| 7-zip, antivir, audacity, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, canon, codejock software, decrypter, desktop, error, firefox, flash player, frage, free download, grand theft auto, hijack, hijackthis, home, install.exe, installation, location, logfile, maßnahme, monitor.exe, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, oldtimer, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, start menu, studio, telefonnummer, telefonnummern, tr/drooper.gen, tracker, trojan, trojaner, usb 2.0, vista, warnung |
![TR/Dropper.Gen [trojan].](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-dropper-gen-trojan_ltr.gif)
Baum-Darstellung