Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Gefahr durch bösartige Trojaner gebannt?

Gefahr durch bösartige Trojaner gebannt?


Plagegeister aller Art und deren Bekämpfung: Gefahr durch bösartige Trojaner gebannt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 18.02.2013, 13:51   #1
Asterios
 
Gefahr durch bösartige Trojaner gebannt? - Standard

Gefahr durch bösartige Trojaner gebannt?


Hallo,

von Antivir erhielt ich ständig Warnungen über Trojaner, die erkannt und in die Quaratäne verschoben wurden. Bei meinem Antivvirenprogramm/Windows Update habe ich zwar ständig darauf geachtet aktuell zu sein, allerdings liefen andere Programme teilweise noch unter alten Versionen. Zwischenzeitlich sind diese auf dem neuesten Stand wie der Adobe Flash-Player. Java wurde aktualisiert bzw. wo es möglich war, deaktiviert. Beim Acrobat Reader warte ich auf eine neue Version ohne die derzeitigen Gefährdungen.

Nach den ersten Trojanerwarnungen habe ich auf passwortgeschützen Aktivitäten (z.B. Bank) verzichtet, da ich eine Infizierung meines Rechners nicht ausschließen kann. (Vgl. angehängte Logfiles von malwarebytes, OTL, Defogger)

Daher meine Frage: Kann ich meinem System noch vertrauen?

Viele Grüße aus Freiburg

Logfiles

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
arion :: SILBERMÖWE [Administrator]

Schutz: Aktiviert

08.02.2013 10:53:58
mbam-log-2013-02-08 (10-53-58).txt

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216578
Laufzeit: 14 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-619588117-3399432581-2271541447-1000\$36f845180cba593605ed5cee81bbe9e4\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\arion\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\arion\AppData\Local\Temp\166211249.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\arion\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\arion\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\arion\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
arion :: SILBERMÖWE [Administrator]

Schutz: Aktiviert

08.02.2013 11:54:28
mbam-log-2013-02-08 (11-54-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378305
Laufzeit: 2 Stunde(n), 50 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\$RECYCLE.BIN\S-1-5-21-619588117-3399432581-2271541447-1000\$36f845180cba593605ed5cee81bbe9e4\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-619588117-3399432581-2271541447-1000\$36f845180cba593605ed5cee81bbe9e4\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$RECYCLE.BIN\S-1-5-21-619588117-3399432581-2271541447-1000\$36f845180cba593605ed5cee81bbe9e4\U\800000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\arion\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\69546505-6f345a37 (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.12.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
arion :: SILBERMÖWE [Administrator]

Schutz: Aktiviert

12.02.2013 16:46:14
mbam-log-2013-02-12 (16-46-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380099
Laufzeit: 2 Stunde(n), 24 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL logfile created on: 12.02.2013 16:14:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\arion\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 27,93% Memory free
4,21 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,08 Gb Total Space | 11,45 Gb Free Space | 12,30% Space Free | Partition Type: NTFS
Drive E: | 91,76 Gb Total Space | 87,33 Gb Free Space | 95,17% Space Free | Partition Type: NTFS

Computer Name: SILBERMÖWE | User Name: arion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.02.12 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arion\Desktop\OTL.exe
PRC - [2013.02.06 11:26:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.06 11:25:59 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.02.06 11:25:55 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.06 11:25:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.13 15:05:42 | 000,042,496 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe
PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- E:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.04.30 12:24:26 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 12:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2009.07.03 10:58:10 | 000,464,896 | ---- | M] (telegate MEDIA AG) -- C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.26 01:43:58 | 001,115,528 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAC8SWK.EXE
PRC - [2008.09.25 13:07:58 | 000,181,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2008.07.04 13:51:54 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008.01.29 18:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.22 13:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:32:59 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2008.01.17 15:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2008.01.09 13:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.12.25 12:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007.12.25 12:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007.09.06 00:48:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2007.07.10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\Toshiba Online Product Information\TOPI.exe
PRC - [2007.06.20 21:04:52 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Programme\Microsoft Works\WkCalRem.exe
PRC - [2007.06.18 09:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.09 17:52:21 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.09 17:52:07 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.09 17:49:15 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.09 17:49:01 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.10.13 15:05:42 | 000,042,496 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2007.12.25 11:03:40 | 000,015,184 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007.12.14 20:40:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2007.12.14 20:28:38 | 004,726,784 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007.09.13 14:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.01.18 08:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll
MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2006.10.10 10:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 10:57:04 | 000,053,248 | ---- | M] () -- c:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Services (SafeList) ==========

SRV - [2013.02.09 17:01:28 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 11:26:19 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.06 11:25:55 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- E:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.04.30 12:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)
SRV - [2008.08.08 15:05:07 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.21 15:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008.01.21 03:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.17 15:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.12.25 12:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007.12.03 16:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007.11.21 16:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006.08.23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2003.07.28 10:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.13 09:59:21 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.13 09:59:21 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 11:17:29 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.03.03 11:52:46 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2010.07.19 12:36:35 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008.01.21 14:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008.01.21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.12.28 19:21:54 | 000,104,448 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.26 10:20:32 | 000,290,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007.11.09 13:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.10.17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.04.23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006.11.20 13:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006.10.18 10:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKLM\..\SearchScopes,DefaultScope = {F4B28663-0219-49D0-995E-2BFBE2F87B02}
IE - HKLM\..\SearchScopes\{F4B28663-0219-49D0-995E-2BFBE2F87B02}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=3dnsdRzLgTPcbiJrosDXK8658I8?q={searchTerms}
IE - HKCU\..\SearchScopes\{F4B28663-0219-49D0-995E-2BFBE2F87B02}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEA
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.09 18:01:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.09 18:01:21 | 000,000,000 | ---D | M]

[2009.06.23 14:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arion\AppData\Roaming\mozilla\Extensions
[2011.09.07 07:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\arion\AppData\Roaming\mozilla\Firefox\Profiles\z4dlc4h7.default\extensions
[2009.06.25 08:49:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\arion\AppData\Roaming\mozilla\Firefox\Profiles\z4dlc4h7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.10 08:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 09:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.04 09:54:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.03.10 08:19:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009.09.18 08:08:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.21 08:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.24 09:34:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.16 09:30:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.04 09:54:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.06.30 18:03:44 | 000,535,912 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2012.03.10 08:18:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.18 08:27:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.09.18 08:27:16 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.09.18 08:27:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.18 08:27:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.09.18 08:27:16 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========


O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Exlaaxyphe] C:\Users\arion\AppData\Roaming\Suque\epuh.exe File not found
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Programme\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\arion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telefon- und Branchenbuch Herbst 2009 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Herbst 2009\kstart32.EXE (telegate MEDIA AG)
O4 - Startup: C:\Users\arion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://barmenia.netucate.net/download1026/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://ssl.barmenia24.de/app/BRP/notes/dwa7W.cab (Domino Web Access 7 Control)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.02.12 12:05:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\arion\Desktop\OTL.exe
[2013.02.08 10:51:12 | 000,000,000 | ---D | C] -- C:\Users\arion\AppData\Roaming\Malwarebytes
[2013.02.08 10:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.08 10:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.08 10:50:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.08 10:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.14 17:55:00 | 000,000,000 | ---D | C] -- C:\Users\arion\AppData\Roaming\PeerNetworking
[2013.01.14 16:31:30 | 000,000,000 | ---D | C] -- C:\Users\arion\AppData\Roaming\Obtuig
[2013.01.14 16:31:30 | 000,000,000 | ---D | C] -- C:\Users\arion\AppData\Roaming\Dihyib
[2013.01.14 16:31:30 | 000,000,000 | ---D | C] -- C:\Users\arion\AppData\Roaming\Atbieg
[2011.04.05 14:02:34 | 058,014,806 | ---- | C] (Igor Pavlov) -- C:\Users\arion\eBASIS_lokal-1.0_700_0100_arion_win7.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.02.12 16:11:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 16:07:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.12 16:07:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 16:07:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 16:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 16:07:01 | 2136,961,024 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 12:47:32 | 000,000,000 | ---- | M] () -- C:\Users\arion\defogger_reenable
[2013.02.12 12:44:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.12 12:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\arion\Desktop\OTL.exe
[2013.02.12 11:55:49 | 000,050,477 | ---- | M] () -- C:\Users\arion\Desktop\Defogger.exe
[2013.02.10 12:42:04 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.10 12:42:04 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.10 12:42:04 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.10 12:42:04 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.08 10:50:53 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.31 14:14:15 | 000,169,472 | ---- | M] () -- C:\Users\arion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.25 12:12:15 | 000,000,278 | ---- | M] () -- C:\Users\arion\Desktop\Alles für den Bereich Elektro Unterhaltung. real.de.url
[2013.01.14 17:55:00 | 000,024,206 | ---- | M] () -- C:\Users\arion\AppData\Roaming\UserTile.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.12 12:47:32 | 000,000,000 | ---- | C] () -- C:\Users\arion\defogger_reenable
[2013.02.12 11:55:49 | 000,050,477 | ---- | C] () -- C:\Users\arion\Desktop\Defogger.exe
[2013.02.08 10:50:53 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.25 12:12:15 | 000,000,278 | ---- | C] () -- C:\Users\arion\Desktop\Alles für den Bereich Elektro Unterhaltung. real.de.url
[2013.01.14 17:55:00 | 000,024,206 | ---- | C] () -- C:\Users\arion\AppData\Roaming\UserTile.png
[2012.01.11 17:56:22 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.05.24 09:30:05 | 000,096,256 | ---- | C] () -- C:\Windows\System32\EditPath.exe
[2011.03.24 10:57:57 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009.11.02 16:23:23 | 000,000,064 | ---- | C] () -- C:\Users\arion\axa-bt.ini
[2009.11.02 16:22:17 | 000,000,027 | ---- | C] () -- C:\Users\arion\version.ini
[2009.06.24 10:45:29 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2009.06.24 10:45:16 | 000,000,016 | -H-- | C] () -- C:\Users\arion\AppData\Local\mxfilerelatedcache.mxc2
[2009.06.24 10:45:14 | 000,000,016 | -H-- | C] () -- C:\Users\arion\AppData\Roaming\mxfilerelatedcache.mxc2
[2009.03.19 08:53:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.04 16:06:03 | 000,005,864 | ---- | C] () -- C:\Users\arion\AppData\Local\d3d9caps.dat
[2008.07.08 09:23:47 | 000,000,016 | -H-- | C] () -- C:\Users\arion\mxfilerelatedcache.mxc2
[2008.07.08 09:23:00 | 000,169,472 | ---- | C] () -- C:\Users\arion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.07 18:00:07 | 000,001,694 | ---- | C] () -- C:\Users\arion\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.30 11:17:19 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Atbieg
[2009.09.21 19:49:44 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\CoSoSys
[2013.01.14 16:31:30 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Dihyib
[2012.04.23 11:11:11 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Image Zone Express
[2009.09.10 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\klickTel
[2011.04.06 10:59:58 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\MAGIX
[2008.07.07 17:55:32 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\myphotobook
[2013.01.30 12:00:56 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Obtuig
[2012.12.21 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Omatud
[2011.07.04 10:22:02 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Opera
[2013.01.14 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\PeerNetworking
[2012.12.31 18:05:25 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\phonostar GmbH
[2011.12.15 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Printer Info Cache
[2012.12.19 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Suque
[2012.03.16 10:55:20 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\TeamViewer
[2008.07.09 10:14:55 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Template
[2012.01.11 17:56:49 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Tobit
[2008.07.08 09:50:54 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Toshiba
[2010.07.19 10:21:28 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\TrueCrypt
[2012.12.19 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\Uvwie
[2009.06.23 08:01:06 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\WinBatch
[2011.05.29 10:48:41 | 000,000,000 | ---D | M] -- C:\Users\arion\AppData\Roaming\XSManager

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 12.02.2013 16:14:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\arion\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 27,93% Memory free
4,21 Gb Paging File | 2,49 Gb Available in Paging File | 58,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,08 Gb Total Space | 11,45 Gb Free Space | 12,30% Space Free | Partition Type: NTFS
Drive E: | 91,76 Gb Total Space | 87,33 Gb Free Space | 95,17% Space Free | Partition Type: NTFS

Computer Name: SILBERMÖWE | User Name: arion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CD2E47-562D-4129-A565-8F94216CE434}" = lport=49155 | protocol=17 | dir=in | name=canon capt port |
"{19DBB6DB-892C-41A7-B226-52475FC0B926}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{25F0168D-4559-4759-B084-750E90D88CF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{303A875C-DAD6-427C-BE27-3ABA7ABEF5D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{3D42D62C-2340-449B-B334-660487CD03CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{58480FBF-CA16-4873-9AB0-0FD0E79BD73A}" = lport=139 | protocol=6 | dir=in | app=system |
"{5CA7C486-4586-4A1A-922B-346C48819397}" = lport=137 | protocol=17 | dir=in | app=system |
"{71E98736-8A30-489E-8F3D-9861D24C75C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{A5591069-D968-4415-9A3B-4ABA160FECD4}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA1FF5C6-5A86-4FB1-806E-8E172EA94DAD}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF36EE0C-E461-4673-A114-2423F0DF895E}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07018698-F315-422D-8564-BC0118A0C699}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{075D0A21-CA03-46F1-BB76-4961558268A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{162F077A-DD73-42B5-83E6-84F05344D66F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FEA555C-94A1-4C96-AF8B-C5F80EFC47BA}" = protocol=17 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe |
"{6FBA5033-7086-42C7-9A67-B4F9A0716543}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{98B7AA26-4642-4375-A7B9-1D7A98E8122B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A1A568DE-F861-465E-9622-D1D5F489F25E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A3C6B928-3461-48E5-917E-D310A1B3E7CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC9BA3D0-24CA-4E08-BA1B-27DE8928D8E7}" = protocol=17 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe |
"{CBACD62B-319E-408D-B42E-585AD5B05239}" = protocol=6 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe |
"{F7BEF4AF-A978-4490-B616-7E6EFED473B4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F84BAC1A-019F-405A-920A-4D3DEF3004E1}" = protocol=6 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe |
"TCP Query User{0468BEDB-02F7-42D9-A892-9CFEF117CF45}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{0770024A-BBD9-4CB6-BF29-78353C2145ED}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\javaw.exe |
"TCP Query User{0FEA1C40-E5B2-4465-B926-AC76C974639E}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe |
"TCP Query User{13216AB9-6361-4BA9-A439-7C834075F1EC}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\javaw.exe |
"TCP Query User{1F4D8C15-AAD7-416C-A7D5-81984F094F46}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe |
"TCP Query User{4105ED4F-8ACD-42D6-B046-EE4ECCDE0087}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A97F6F3-C1E7-4627-8792-B4F830405DE2}C:\users\arion\appdata\local\temp\lmi61df.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\arion\appdata\local\temp\lmi61df.tmp\lmi_rescue.exe |
"TCP Query User{6E2391BB-5423-4E39-84A5-3B5E295D77EC}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\java.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\java.exe |
"TCP Query User{76DD036C-C2AB-4D5B-B210-A038311ABB98}C:\users\arion\appdata\local\temp\lmic005.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\arion\appdata\local\temp\lmic005.tmp\lmi_rescue.exe |
"TCP Query User{9CFA08CE-FCE1-4BED-972A-BF70A8C2687F}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\java.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\java.exe |
"TCP Query User{9E84569C-EC92-49B9-ACD7-06926719E335}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{A1C0F049-92B3-4F5E-B79C-33874089F610}C:\users\arion\appdata\local\temp\lmia423.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\arion\appdata\local\temp\lmia423.tmp\lmi_rescue.exe |
"TCP Query User{ABDCB283-AA26-449A-B0F1-A04EE77F303A}C:\users\arion\appdata\local\temp\lmibaa.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\arion\appdata\local\temp\lmibaa.tmp\lmi_rescue.exe |
"TCP Query User{B17F222A-EAB5-472D-AE1E-9168704ED5F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B641528C-6A63-4747-9564-3D7A62095D92}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D50A5F9B-6947-4D35-8D4D-50C71DB896D9}C:\users\arion\ebasis_lokal-1.0\j2re1.4.2_18\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\j2re1.4.2_18\bin\javaw.exe |
"TCP Query User{FFBE256E-60D9-4603-ACE2-1D3FAA33BAC1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{02FDBA4F-8D59-4085-8E88-215DF7FF4C24}C:\users\arion\appdata\local\temp\lmi61df.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\arion\appdata\local\temp\lmi61df.tmp\lmi_rescue.exe |
"UDP Query User{094D68EC-F484-4DB1-B8AA-991F64D018DE}C:\users\arion\ebasis_lokal-1.0\j2re1.4.2_18\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\j2re1.4.2_18\bin\javaw.exe |
"UDP Query User{0CCCFFB4-808B-40FE-B957-D3B0E35CEC6E}C:\users\arion\appdata\local\temp\lmic005.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\arion\appdata\local\temp\lmic005.tmp\lmi_rescue.exe |
"UDP Query User{11CF4E01-C79D-44A9-81F8-2C734C5BC7A4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{287488D3-FC43-43D1-8B97-4EA98F8D734C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{38FF0FC9-89BA-40F1-B855-329437FF37D7}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\java.exe |
"UDP Query User{4123E606-2002-47C1-B839-30189E5666EF}C:\users\arion\appdata\local\temp\lmia423.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\arion\appdata\local\temp\lmia423.tmp\lmi_rescue.exe |
"UDP Query User{6AFB474A-6412-426D-BFCD-A8F772AF8C49}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{98DC9F0F-ABBC-448E-9A6C-138AECC8FAC5}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\javaw.exe |
"UDP Query User{9FA58EED-933C-4F42-AA0E-9E8DD3ADD68D}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_22\bin\javaw.exe |
"UDP Query User{A8BAE887-BF0D-480F-A63F-8965E67A66DF}C:\users\arion\appdata\local\temp\lmibaa.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\arion\appdata\local\temp\lmibaa.tmp\lmi_rescue.exe |
"UDP Query User{B2A4387F-E98D-4745-8E5C-26E75681E350}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C53A4852-3A5D-4A0D-B63B-1E1098C39E3A}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\java.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_21\bin\java.exe |
"UDP Query User{D64FFC84-5324-4D30-8705-36E3D425ED25}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DA6E2D95-47B5-4375-BBDD-212ED5BDC65B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F5D34534-4EC8-49EF-AE69-F1AEA5C0415B}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\javaw.exe |
"UDP Query User{F7F18F9C-5CFE-445A-AA9E-414661F4762B}C:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\java.exe" = protocol=17 | dir=in | app=c:\users\arion\ebasis_lokal-1.0\jre1.5.0_17\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EB321CB-3D1D-4cf2-ACB5-9F20874B8E69}" = HP Officejet Pro All-In-One Series
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{579BA389-D55B-40B7-A466-788D63C90F4C}_is1" = Barmenia Geschäftsversicherung Version 1.0.0.13; Stand 27.12.2011
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68E1BAC6-F79F-43C4-AF03-A89F53F748D3}" = Microsoft XML Parser
"{695963FB-222D-4BAD-92A6-50B73106D01D}" = klickTel Telefon- und Branchenbuch Herbst 2009
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A495D4DC-4036-4914-9CB2-0FCF6A3166EF}" = L7500
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon LBP5050" = Canon LBP5050
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"klickIdent 23_is1" = klickIdent 23
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"myphotobook" = myphotobook 3.5
"Opera 12.14.1738" = Opera 12.14
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.8
"Picasa 3" = Picasa 3
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"ROLAND-Beratung_is1" = ROLAND-Beratung Version 1.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server 4" = SWR RadioRecorder
"TrueCrypt" = TrueCrypt
"uninstall.exe" = iLinc Client
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"XSManager" = XSManager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Barmenia eBASIS lokal - Update" = Barmenia eBASIS lokal - Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03.08.2011 06:03:31 | Computer Name = silbermöwe | Source = WinMgmt | ID = 10
Description =

Error - 03.08.2011 06:04:36 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03.08.2011 06:04:36 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.08.2011 06:53:45 | Computer Name = silbermöwe | Source = WinMgmt | ID = 10
Description =

Error - 10.08.2011 06:55:20 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10.08.2011 06:55:20 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11.08.2011 03:05:05 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11.08.2011 03:05:06 | Computer Name = silbermöwe | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11.08.2011 06:56:59 | Computer Name = silbermöwe | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung googleearth.exe, Version 6.0.3.2197, Zeitstempel
0x4dd2429c, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc06d007e, Fehleroffset 0x0003fc56, Prozess-ID 0x1178,
Anwendungsstartzeit 01cc5815372f73e0.

Error - 11.08.2011 06:57:09 | Computer Name = silbermöwe | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung googleearth.exe, Version 6.0.3.2197, Zeitstempel
0x4dd2429c, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel
0x4da47967, Ausnahmecode 0xc06d007e, Fehleroffset 0x0003fc56, Prozess-ID 0x1558,
Anwendungsstartzeit 01cc58153ca4bb00.

[ System Events ]
Error - 05.02.2013 06:01:44 | Computer Name = silbermöwe | Source = Service Control Manager | ID = 7022
Description =

Error - 07.02.2013 07:01:42 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 08.02.2013 04:50:48 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 08.02.2013 05:04:52 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 08.02.2013 11:16:11 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 09.02.2013 12:00:13 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 11.02.2013 02:35:09 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 12.02.2013 05:54:50 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 12.02.2013 05:55:32 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =

Error - 12.02.2013 07:51:47 | Computer Name = silbermöwe | Source = DCOM | ID = 10010
Description =


< End of report >

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:47 on 12/02/2013 (arion)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

 

Themen zu Gefahr durch bösartige Trojaner gebannt?
32 bit, 7-zip, antivir, autorun, avg, avira, bho, canon, error, excel, firefox, flash player, format, frage, home, hängen, iexplore.exe, install.exe, intranet, neue version, officejet, plug-in, realtek, recycle.bin, registry, rundll, security, software, stick, system, tcp, trojaner, udp, vista, wallpapers, wrapper


« Searchnu in Eigenregie beseitigt - erfolgreich? | Trojaner eingefangen? - System Repair brauche euren Rat »


Ähnliche Themen: Gefahr durch bösartige Trojaner gebannt?


  1. CERT warnt vor Gefahr durch Cookies
    Nachrichten - 30.09.2015 (0)
  2. DHL Trojaner sofort von Windows-Defender erkannt und entfernt - Gefahr wirklich gebannt?
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (9)
  3. AVM: Fritzboxen droht durch TR-069-Fernwartungslücke keine Gefahr
    Nachrichten - 20.08.2014 (0)
  4. Studie: Unternehmen sehen wachsende Gefahr durch Datenklau
    Nachrichten - 05.08.2013 (0)
  5. ITU warnt vor Gefahr durch SIM-Karten-Hack
    Nachrichten - 21.07.2013 (0)
  6. Gefahr durch offene PHP-Lücke
    Nachrichten - 03.05.2012 (0)
  7. Virus ZBotR.Gen gefunden & gelöscht - ist die Gefahr gebannt?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (19)
  8. System Repair Virus - gebannt?
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (4)
  9. Gefahr durch ActiveX-Komponente von F-Secure
    Nachrichten - 26.08.2011 (0)
  10. Gefahr für iPhone-Nutzer durch öffentlichen Exploit
    Nachrichten - 07.07.2011 (0)
  11. Gefahr für Mac durch Trojaner/Malware auf externer Festplatte?
    Alles rund um Mac OSX & Linux - 07.04.2011 (39)
  12. Gefahr vorerst gebannt, aber wie schütze ich mich vor Wiederinfizierung durch ext. HD?
    Log-Analyse und Auswertung - 28.02.2011 (4)
  13. Gefahr durch Online-Scanner
    Antiviren-, Firewall- und andere Schutzprogramme - 22.11.2008 (2)
  14. Ip/Gebiet gesperrt/gebannt im IRC
    Überwachung, Datenschutz und Spam - 08.04.2008 (2)
  15. Gefahr durch Punkbuster?
    Überwachung, Datenschutz und Spam - 20.06.2005 (3)
  16. Router: Gefahr durch Viren von fremden Rechnern?
    Netzwerk und Hardware - 20.01.2005 (3)
  17. Gefahr durch Dialer mit 0193-Einwahlnummer
    Plagegeister aller Art und deren Bekämpfung - 27.03.2003 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gefahr durch bösartige Trojaner gebannt? - Hallo, von Antivir erhielt ich ständig Warnungen über Trojaner, die erkannt und in die Quaratäne verschoben wurden. Bei meinem Antivvirenprogramm/Windows Update habe ich zwar ständig darauf geachtet aktuell zu sein, - Gefahr durch bösartige Trojaner gebannt?...
Archiv
Du betrachtest: Gefahr durch bösartige Trojaner gebannt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131