| |
| |||||||
Log-Analyse und Auswertung: Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.09.2012, 07:50
| #1 |
 |  Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen Hallo! Ich hatte gestern beim Surfen im Internet plötzlich eine Admin-Anforderung von cmd.exe. Während dessen hat sich auch gleich Antivir(free) gemeldet mit dem Trojaner TR/Crypt.XPACK.Gen. Es kamen weitere Admin-Anforderungen von Adobe. Alle wurden von mir abgelehnt. Das hörte auch erst auf, nachdem ich ein Prozess (Ich habe mir den Namen leider nicht gemerkt irgendwie A... und eine wilde Nummer) mit dem Task-Manager beendet habe. Antivir hat gleich einen Suchlauf gestartet und diese Meldung gegeben: Code:
ATTFilter The file 'C:\$Recycle.Bin\S-1-5-21-120065402-3469818826-2513661517-1001\$6fff002266dd706dd0472f89929f9759\n'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '551886c3.qua'.
Danach habe ich dann einen vollständigen Suchlauf mit Malwarebytes durchgeführt. Diesen habe ich gestern Abend abgebrochen, da ich festgestellt habe, das mein Antivir die ganze Zeit aktiv war. Ich habe da keine weitere Aktion durchgeführt, sondern den Suchlauf erneut gestartet (Und dann alle Funde beseitigen lassen). Dann habe ich jetzt noch nach Anleitung den Scan mit OTL gemacht. GMER stürzt leider (auch nach einem Neustart) ab. (Siehe Screenshot in der ZIP). Code:
ATTFilter OTL logfile created on: 16.09.2012 07:50:44 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 66,52% Memory free 6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 359,99 Gb Total Space | 81,78 Gb Free Space | 22,72% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 3,51 Gb Free Space | 35,12% Space Free | Partition Type: NTFS Drive Z: | 122,76 Mb Total Space | 121,46 Mb Free Space | 98,95% Space Free | Partition Type: FAT Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.09.15 09:22:27 | 000,368,640 | ---- | M] (MXI Security) -- C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe PRC - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.08.08 20:38:10 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.30 09:56:06 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe PRC - [2012.06.09 06:06:58 | 001,855,080 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe PRC - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe PRC - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.04.24 02:11:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.12 09:01:00 | 000,201,216 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBU.EXE PRC - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE PRC - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.03 21:05:50 | 001,193,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.09.08 07:40:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.12 19:43:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.09 06:48:28 | 000,089,192 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks (2)\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2012.06.09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2012.06.09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012.06.03 16:25:57 | 003,491,792 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.05.02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.04.27 22:23:04 | 000,821,552 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.04.17 19:20:54 | 002,326,288 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.04.17 19:20:36 | 000,498,960 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.04.17 19:20:32 | 000,107,792 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.03.28 05:03:50 | 003,293,184 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [Disabled | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks Workgroup PDM\Vault\pdmwService.exe -- (PDMWorks Workgroup Server) SRV - [2012.03.08 12:19:40 | 000,104,208 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.03.01 11:35:18 | 000,509,448 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.02.02 17:14:32 | 000,255,864 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike) SRV - [2011.10.31 17:38:20 | 000,153,464 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv) SRV - [2011.10.31 17:38:04 | 000,122,232 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv) SRV - [2011.10.20 17:10:29 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.10.11 21:01:27 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2011.08.29 23:11:00 | 000,665,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2011.06.21 18:45:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Disabled | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009.09.14 07:00:00 | 000,153,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE -- (EPSON_EB_RPCV4_04) SRV - [2009.09.14 07:00:00 | 000,121,856 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.20 16:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\AEstSrv.exe -- (AESTFilters) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2005.09.23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2012.07.23 16:18:34 | 000,064,664 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv) DRV - [2012.07.19 23:21:19 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2012.06.09 02:37:14 | 000,055,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2012.06.09 02:36:16 | 000,025,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2012.06.09 02:35:30 | 000,025,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2012.06.08 23:52:20 | 000,036,464 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2012.06.08 23:52:20 | 000,016,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2012.06.03 16:25:58 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.06.03 16:25:50 | 000,775,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.06.03 16:25:48 | 000,614,592 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2012.06.03 16:25:39 | 000,126,880 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.06.03 16:25:37 | 000,086,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt67.sys -- (vidsflt67) DRV - [2012.06.03 16:25:35 | 000,177,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.06.03 16:25:33 | 000,080,416 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:18:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP) DRV - [2012.03.01 10:55:22 | 000,141,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL) DRV - [2011.11.16 19:18:08 | 000,144,896 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uigxrdr.SYS -- (uigxrdr) DRV - [2011.09.22 18:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.08.29 23:11:00 | 000,032,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2011.08.08 14:58:56 | 000,098,928 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.07.05 20:42:00 | 000,334,712 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM) DRV - [2011.03.30 13:05:54 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011.03.07 20:38:21 | 000,060,544 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser) DRV - [2011.03.07 20:38:21 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm) DRV - [2010.11.20 14:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 14:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 12:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.07 04:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.02.15 19:27:02 | 000,330,752 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.10.10 18:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.03.05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2005.03.30 12:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort) DRV - [2001.08.09 11:39:46 | 000,025,569 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103UD.SYS -- (F5U103UD) DRV - [2001.08.09 11:39:46 | 000,016,528 | ---- | M] (Belkin Components) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\F5U103BD.SYS -- (F5U103BD) DRV - [2000.06.29 18:24:14 | 000,003,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DLPORTIO.SYS -- (DLPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 83 64 C0 5A E4 E7 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {64A06B48-89FD-4E8C-943A-840FFA28A5BA} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{64A06B48-89FD-4E8C-943A-840FFA28A5BA}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "file:///c:/tor.pac" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9001 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 07:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.23 20:45:30 | 000,000,000 | ---D | M] [2011.09.13 08:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.05 15:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions [2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.03 10:19:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.01 14:12:04 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2012.05.14 21:16:02 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\fb_add_on@avm.de [2011.01.06 20:25:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\firefox@tvunetworks.com [2011.08.30 20:05:57 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\LogMeInClient@logmein.com [2011.01.06 20:25:27 | 000,000,000 | ---D | M] (Vodafone DRM Plugin for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w60uhokx.default\extensions\vodafone_drm_plugin@vodafone.com [2012.09.01 14:12:07 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\firebug@software.joehewitt.com.xpi [2012.09.05 15:06:24 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\w60uhokx.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.01.21 09:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.08 07:40:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.06 18:50:26 | 000,258,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.02.18 08:59:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 07:40:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.18 08:59:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.17 15:33:38 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.18 08:59:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.18 08:59:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.18 08:59:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [\\hxxp://192.168.178.25:631\Epson_Stylus_Office_BX620FWD] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBU.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify] C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [syshost32] C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388}\syshost.exe (MXI Security) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DEFBE5-D94D-4CB4-85A8-DA76DBF7E87A}: NameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell - "" = AutoRun O33 - MountPoints2\{85b807a4-d2b1-11e1-bb55-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun O33 - MountPoints2\{b5695cd5-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell - "" = AutoRun O33 - MountPoints2\{b5695ce0-a480-11e0-afaf-e0f57537b277}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun O33 - MountPoints2\{ff519d9d-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun O33 - MountPoints2\{ff519da4-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell - "" = AutoRun O33 - MountPoints2\{ff519dbf-d4d5-11e0-ae04-bc4c1724e355}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell - "" = AutoRun O33 - MountPoints2\{ff519df1-d4d5-11e0-ae04-002269bfdbfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 07:46:24 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.15 13:16:01 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\virAkt [2012.09.15 09:22:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B0AE868C-A82E-44FC-0427-DD61E3F44388} [2012.09.14 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.14 16:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.14 16:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.14 16:19:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.05 20:36:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.09.05 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FRITZ! [2012.09.05 20:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ! [2012.09.05 20:35:43 | 000,050,480 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmColorFaxRender.dll [2012.09.05 20:35:43 | 000,046,384 | ---- | C] (AVM Berlin) -- C:\Windows\System32\AvmFaxRender.dll [2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaMon.dll [2012.09.05 20:35:43 | 000,024,880 | ---- | C] (AVM Berlin) -- C:\Windows\System32\FritzVistaColorMon.dll [2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzPort.dll [2012.09.05 20:35:42 | 000,054,576 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\FritzColorPort.dll [2012.09.05 20:35:42 | 000,042,288 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\System32\Fridru32.dll [2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ISDNWatch [2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.09.05 20:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\FRITZ! [2012.09.05 20:17:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2012.09.03 21:05:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Spotify [2012.09.03 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spotify [2012.08.17 13:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 ========== Files - Modified Within 30 Days ========== [2012.09.16 07:54:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.16 07:49:17 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\bzi7mtxm.exe [2012.09.16 07:46:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.16 07:43:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 07:35:49 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.16 07:34:28 | 000,727,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.16 07:34:28 | 000,150,494 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.16 07:34:27 | 000,774,328 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.16 07:34:27 | 000,178,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.16 07:33:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.16 07:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.16 07:27:32 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys [2012.09.15 13:52:10 | 000,331,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.15 10:13:02 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 16:27:12 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 20:35:57 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk [2012.09.03 21:05:50 | 000,001,811 | ---- | M] () -- C:\Users\***\Desktop\Spotify.lnk [2012.08.19 08:33:26 | 523,621,415 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.17 13:52:22 | 000,048,332 | ---- | M] () -- C:\Users\***\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf [2012.08.17 13:50:21 | 001,664,981 | ---- | M] () -- C:\Users\***\Desktop\In meiner Macht (M s T ).pdf [2012.08.17 13:41:45 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.08.17 13:41:32 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk ========== Files Created - No Company Name ========== [2012.09.16 07:49:13 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\bzi7mtxm.exe [2012.09.15 10:13:02 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.05 20:35:57 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!fax.lnk [2012.09.03 21:05:50 | 000,001,811 | ---- | C] () -- C:\Users\***\Desktop\Spotify.lnk [2012.09.03 21:05:50 | 000,001,797 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.08.17 13:52:22 | 000,048,332 | ---- | C] () -- C:\Users\***\Desktop\In meiner Macht (M s T ) (Inhaltsangabe).pdf [2012.08.17 13:50:21 | 001,664,981 | ---- | C] () -- C:\Users\***\Desktop\In meiner Macht (M s T ).pdf [2012.08.17 13:41:45 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.08.17 13:41:32 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.07.28 14:25:53 | 000,144,902 | ---- | C] () -- C:\Users\***\final_bstSnapshot_51112.jpg [2012.07.13 14:47:32 | 000,028,903 | ---- | C] () -- C:\Users\***\AppData\Local\Temp20.html [2012.07.13 14:47:14 | 000,001,858 | ---- | C] () -- C:\Users\***\AppData\Local\Temp1.html [2012.05.15 21:30:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.05.15 21:30:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.04.04 18:27:37 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Temptable.xml [2012.03.07 22:27:53 | 000,000,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\myAVR_ProgTool.cfg [2012.03.07 22:09:12 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\DLPORTIO.SYS [2012.03.05 21:46:20 | 000,001,778 | ---- | C] () -- C:\Users\***\gdbtk.ini [2012.03.03 09:30:20 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2012.01.31 19:35:41 | 000,000,001 | ---- | C] () -- C:\Users\***\AppData\Local\llftool.4.25.agreement [2011.11.07 23:36:16 | 109,744,128 | ---- | C] () -- C:\Users\***\AppData\Roaming\Streets2.db [2011.10.16 14:05:08 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.10.08 17:35:41 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.09.27 13:55:05 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini [2011.09.27 13:55:05 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini [2011.09.27 13:54:48 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.08.17 18:27:50 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.03 12:29:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.07 22:27:46 | 000,000,022 | ---- | C] () -- C:\Users\***\PDM Tool.hhp [2011.04.15 16:16:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.04.15 16:16:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.03.14 22:18:15 | 000,218,062 | ---- | C] () -- C:\Users\***\AppData\Local\debuggee.mdmp [2011.01.14 16:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011.01.11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll [2011.01.08 14:53:55 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2011.01.08 11:08:48 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.01.07 15:35:38 | 000,007,630 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.01.07 09:24:02 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin ========== LOP Check ========== [2012.06.03 16:25:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\60638F71-5E88-4767-8B1E-A02E0753EE95 [2012.06.03 16:26:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\6ED8FC49-0C8F-41D9-90C3-DCB0E68B49F2 [2012.06.03 16:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2011.12.21 18:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ActiveState [2011.04.18 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\anpo.republika.pl [2011.12.04 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVM [2012.03.03 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2011.11.16 21:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft [2012.07.18 19:31:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.05.22 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.02.21 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2012.03.03 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.03.03 10:19:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.20 08:13:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EAC [2011.01.21 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EDrawings [2012.03.20 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.01.09 09:25:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2012.03.04 15:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Exdez [2011.04.18 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fltk.org [2012.09.05 20:36:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2012.09.05 20:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.04.18 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2012.05.01 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GMX [2011.10.20 21:39:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.05.08 21:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS [2012.03.09 15:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hykaf [2011.05.22 09:01:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IcoFX [2012.05.20 14:44:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2011.05.20 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.12.21 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LuaEdit [2012.03.05 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MCS Electronics [2011.04.30 09:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Atlas Creator [2012.01.24 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut [2012.09.10 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2012.03.19 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.07.04 18:20:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.05.15 21:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RipIt4Me [2011.04.15 16:16:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.09.16 07:33:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2011.08.03 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SqueezePlay [2012.01.21 12:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.07.30 21:45:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.01.06 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TMP [2011.04.30 13:57:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinCachebox [2012.07.29 07:50:55 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.07.25 21:23:07 | 001,044,480 | ---- | C] ()(C:\Users\***\Desktop\??.max) -- C:\Users\***\Desktop\瑶琴.max [2006.05.24 10:30:22 | 001,044,480 | ---- | M] ()(C:\Users\***\Desktop\??.max) -- C:\Users\***\Desktop\瑶琴.max ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:5F64C164 < End of report > Trojan:Win32/Necurs.gen!A ist aktiv. Ich habe vom Defender das System bereinigen lassen (Quarantäne). Ich habe in der angehängten Zip die Logs von: - Antivir (Ich habe alle Events einfach rauskopiert) - OTL - Screenshot von GMER - Malewarebytes Ist das System noch mit normalen Aufwand zu retten? Oder lieber gleich alles Formatieren? Vielen Dank! Gruß Bismosa |
| Themen zu Trojan.0Access / Trojan.Sirefef / TR/Crypt.XPACK.Gen |
| antivir, avira, babylon toolbar, babylontoolbar, bho, bluestacks, bonjour, error, firefox, flash player, format, internet, logfile, moved, mozilla, nvidia update, object, performance, plug-in, proxy, prozess, recycle.bin, registry, remote access, scan, security, server, software, spotify web helper, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojaner, usb, virus, visual studio, vodafone, windows |
Baum-Darstellung