| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2011, 14:23
| #1 |
 |  BKA Trojaner entfernt? Hallo liebes Team ich habe mir heute den BKA Trojaner eingefangen. Bildschirm wurde weiß und ich sollte 100 Euro oder so bezahlen. (Ihr kennt das ja alles...) Man konnte halt nix mehr machen und nach dem Neustart des PCs wurde die Datei jashla.exe oder so änlich gestartet. Ich habe den PC dann im abgesicherten Modus gestartet und einen Malwarebytes Scan durchgeführt. Dabei wurde eine infizierte Datei und ein infizierter Registrierungsschlüssel gefunden. Beides hab ich dann gelöscht und jetzt. Die jahla.exe Datei war auch Datei jashla.exe. Jetzt scheint so als wäre alles wieder normal. Anbei habe ich noch die Logs von OTL und Malwarebytes.OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2011 15:05:26 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,20% Memory free 5,98 Gb Paging File | 4,91 Gb Available in Paging File | 82,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1397,17 Gb Total Space | 1102,28 Gb Free Space | 78,89% Space Free | Partition Type: NTFS Computer Name: GLOECKNER-PC | User Name: Glöckner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.07 15:03:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.07.02 17:16:24 | 000,947,056 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2011.06.29 12:35:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.03 07:56:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.27 13:18:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.20 21:59:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\Autoruns\HiJackThis204.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe ========== Modules (SafeList) ========== MOD - [2011.08.07 15:03:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.29 12:35:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 13:18:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.06 18:15:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.05 23:23:48 | 000,222,568 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.12.26 13:35:11 | 002,850,296 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2010.09.29 03:50:58 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.06.29 12:35:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 12:35:41 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.01.05 23:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.12.25 12:18:53 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2010.12.25 12:18:25 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.12.25 12:18:25 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2010.12.21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.12.21 07:55:02 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV - [2010.12.21 07:55:02 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2010.12.21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2010.12.15 18:50:35 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.29 04:25:14 | 006,472,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.09.29 03:14:30 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.07 16:28:12 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.11.26 00:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.10.02 10:59:16 | 000,489,952 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2004.04.14 12:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 3E 5F F5 4F AB CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.110.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\***\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2011.04.22 18:32:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins [2011.06.19 22:37:57 | 000,000,000 | ---D | M] [2010.12.14 16:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.07.07 22:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gh233ysl.default\extensions [2011.06.04 13:58:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gh233ysl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.07.07 22:42:35 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gh233ysl.default\extensions\battlefieldheroespatcher@ea.com [2010.12.21 21:27:50 | 000,000,000 | ---D | M] (vShare) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\gh233ysl.default\extensions\vshare@toolbar [2010.12.28 21:02:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 4\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\GLöCKNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GH233YSL.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D} File not found (No name found) -- C:\USERS\GLöCKNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GH233YSL.DEFAULT\EXTENSIONS\BATTLEFIELDHEROESPATCHER@EA.COM O1 HOSTS File: ([2011.05.22 15:02:21 | 000,434,745 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 14960 more lines... O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010.12.10 16:53:10 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.110.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1b1e6e37-102b-11e0-91aa-002421f3177f}\Shell - "" = AutoRun O33 - MountPoints2\{1b1e6e37-102b-11e0-91aa-002421f3177f}\Shell\AutoRun\command - "" = E:\Startme.exe O33 - MountPoints2\{d3b917b5-bf39-11df-99c9-002421f3177f}\Shell - "" = AutoRun O33 - MountPoints2\{d3b917b5-bf39-11df-99c9-002421f3177f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.07 15:03:59 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.07.30 22:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\ProgDVB [2011.07.30 21:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TerraTec [2011.07.30 21:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TerraTec [2011.07.30 21:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\TerraTec [2011.07.30 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TerraTec [2011.07.15 22:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2011 Patch [2011.07.12 22:28:33 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.12 22:28:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011.07.12 22:28:32 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.12 22:28:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011.07.12 22:28:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011.07.12 22:28:30 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.07.12 22:28:30 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.12 22:28:28 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.11 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft [2011.07.11 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ubisoft Game Launcher [2011.07.11 13:53:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.07.11 13:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2011.07.10 18:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.07 15:03:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.08.07 14:55:53 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 14:55:53 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 14:53:29 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.07 14:53:29 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.07 14:53:29 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.07 14:53:29 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.07 14:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.07 14:48:11 | 2408,931,328 | -HS- | M] () -- C:\hiberfil.sys [2011.08.04 21:19:25 | 000,025,846 | ---- | M] () -- C:\Users\***\Desktop\FCK.JPG [2011.08.04 21:13:55 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.07.13 15:45:46 | 000,408,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.04 21:19:25 | 000,025,846 | ---- | C] () -- C:\Users\***\Desktop\FCK.JPG [2011.07.10 18:50:28 | 000,001,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.07.10 18:50:28 | 000,001,887 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.07.10 18:50:28 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.07.07 23:00:11 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.07 23:00:07 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.07 22:59:21 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.05.09 21:46:03 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.02.09 19:32:27 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.01.21 11:27:17 | 000,000,020 | ---- | C] () -- C:\Windows\LauschAngriff.ini [2011.01.04 17:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2010.12.29 00:47:00 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.12.25 13:10:03 | 000,025,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.24 23:16:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.12.24 23:16:19 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.12.10 04:43:46 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2010.12.10 03:58:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.08.11 15:24:20 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.07.06 13:54:27 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.05.28 20:08:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.05.13 22:05:38 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010.05.12 20:08:26 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2010.03.26 16:55:51 | 000,139,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.03.11 16:13:42 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll [2010.03.07 23:31:37 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.02.27 21:23:28 | 000,000,327 | ---- | C] () -- C:\Windows\RefreshLock.ini [2010.02.21 11:47:23 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2010.02.21 11:46:52 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.02.14 19:02:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.14 19:02:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.02.14 19:02:55 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.02.14 19:02:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.02.14 19:02:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.13 12:00:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.02.12 21:04:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,408,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.01.03 02:09:18 | 000,000,356 | ---- | C] () -- C:\Windows\System32\AF15IrTbl.bin ========== LOP Check ========== [2010.12.10 04:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\4DB6F16B09ACB8EBC91A9D9E28852821 [2011.01.05 19:09:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.12.14 16:22:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arpoa [2011.07.28 01:52:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2010.12.12 22:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azemb [2010.12.10 04:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\bizarre creations [2011.08.02 17:38:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2010.12.10 04:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.12.10 04:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2010.12.10 04:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.29 00:40:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EurekaLog [2010.12.10 00:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Exhoba [2010.12.18 14:57:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hardcore [2011.08.07 14:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.12.10 04:32:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jasc [2010.12.10 04:32:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.10 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nopyx [2010.12.10 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Octoshape [2010.12.05 19:01:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Okumbi [2011.07.02 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.12.12 22:13:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Oqypa [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers [2011.02.07 16:56:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2010.12.10 04:32:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.12.10 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg [2010.12.10 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software [2011.07.30 21:42:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec [2010.12.10 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.07.11 13:53:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2010.12.10 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.02.14 19:03:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Video DVD Maker FREE [2010.12.10 04:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2010.12.10 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yzgo [2010.04.06 16:54:53 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.06.26 01:42:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Geändert von Larusso (07.08.2011 um 15:09 Uhr) |
| Themen zu BKA Trojaner entfernt? |
| 100 euro, abgesicherte, abgesicherten, abgesicherten modus, bka trojaner, datei, emsisoft, emsisoft anti-malware, entfern, entfernt, entfernt?, euro, excel.exe, gefunde, gelöscht, heute, infizierte, infizierte datei, infizierter, jashla.exe, konnte, langs, malwarebytes, modus, neustart, neustart des pcs, pcs, plug-in, scan, schei, start menu, troja, trojaner, version=1.0, webcheck |
Baum-Darstellung