Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC mit mehreren Trojanern verseucht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.03.2013, 23:15   #1
Klaus80
 
PC mit mehreren Trojanern verseucht - Standard

PC mit mehreren Trojanern verseucht



Hallo,
der PC einer Freundin war (ist) mit mehreren Trojanern verseucht. Sie hat bereits mit der Kasperky Rettungs CD einen Scan durchgeführt und 18 Trojaner damit beseitigt. Leider hat Sie dazu kein Log bzw. Trojaner-Namen aufgeschrieben.

Ich möchte nun sichergehen, dass keine Schädlinge mehr auf dem PC sind und bitte euch um Hilfe.

EDIT: Ein Scan mit Malewarebytes gab keine Treffer.


[CODE]
LOG otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.03.2013 20:22:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,13% Memory free
6,22 Gb Paging File | 5,08 Gb Available in Paging File | 81,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 588,49 Gb Total Space | 432,67 Gb Free Space | 73,52% Space Free | Partition Type: NTFS
Drive D: | 7,68 Gb Total Space | 1,03 Gb Free Space | 13,48% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.31 20:21:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2013.03.12 23:26:09 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013.02.13 20:38:18 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.02.13 20:38:14 | 001,509,232 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.16 13:50:30 | 000,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer3\TeamViewer_Host.exe
PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.06.13 16:24:56 | 002,109,440 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe
PRC - [2008.03.26 15:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.02.22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007.02.22 20:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2007.02.22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.12.19 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\Mctray.exe
PRC - [2006.12.19 11:27:54 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006.12.19 11:27:00 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\UdaterUI.exe
PRC - [2006.12.19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\Common Framework\FrameworkService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.21 20:20:25 | 017,357,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3a2811b2575419f179a9483ea5dc223d\Kies.Theme.ni.dll
MOD - [2013.02.21 20:20:24 | 000,615,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\9e92863cc5773d369dd33367b949900f\DevicePodcast.ni.dll
MOD - [2013.02.21 20:20:24 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\48a6935006451bdd36752dbaa01e9b00\DummyStorePlugin.ni.dll
MOD - [2013.02.21 20:20:22 | 000,299,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\0a6b5c22025f5fef5decfd2cfdd9a154\DeviceVideo.ni.dll
MOD - [2013.02.21 20:20:21 | 000,353,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\feec14e3158097d2ad5c5aa994c2ea07\DevicePhoto.ni.dll
MOD - [2013.02.21 20:20:21 | 000,305,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\16918874ec60312f393730a10b423b9d\DeviceMusic.ni.dll
MOD - [2013.02.21 20:20:20 | 000,473,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\4a13818f4b710df9f95cf6a8b35b8fa2\VideoManager.ni.dll
MOD - [2013.02.21 20:20:18 | 000,776,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\39b7c9f05c7ce251217f4547b257f0e5\PhotoManager.ni.dll
MOD - [2013.02.21 20:20:17 | 001,929,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\d0cba77024fca6b8adcdb8dd4677ddbe\Phonebook.ni.dll
MOD - [2013.02.21 20:20:13 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\d3c20779a43876a3c6c23adcff6fa871\MusicManager.ni.dll
MOD - [2013.02.21 20:20:12 | 000,403,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\eb75f10c09cda65132a69f8abf87df5c\BATPlugin.ni.dll
MOD - [2013.02.21 20:20:08 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\c3591e42ecbfb3dcede8d0d187970ae7\Kies.Common.StoreManager.ni.dll
MOD - [2013.02.21 20:20:07 | 000,516,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\220c4f43c34cb54c75e9382d2f904c33\Kies.Common.MediaDB.ni.dll
MOD - [2013.02.21 20:20:06 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll
MOD - [2013.02.21 20:20:06 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3ad9ee19474948c19f44d02e2e39f3c0\Kies.Common.AllShare.ni.dll
MOD - [2013.02.21 20:20:04 | 000,109,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\3d74945aaa12a862a32a2d6f2b2d0a85\Kies.Common.CRMManager.ni.dll
MOD - [2013.02.21 20:20:04 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2b281f588da8c0f6325847d9cea8a309\Kies.Common.DBManager.ni.dll
MOD - [2013.02.21 20:20:03 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\19b10cf015a1f933cfe8f82c5f85ab39\Kies.Common.MainUI.ni.dll
MOD - [2013.02.21 20:20:02 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d3b9cf40b4cb23e25a1cc3b5178d3f2e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013.02.21 20:20:02 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5e8f63ab895c509b4776a28a14bc52d6\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013.02.21 20:20:01 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\5333631d7054d9bec6cb3b1eb8a91e00\Interop.DevFileServiceLib.ni.dll
MOD - [2013.02.21 20:20:00 | 000,572,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c1e7dca461af06b7e5b67be5cbc336b7\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013.02.21 20:19:59 | 001,098,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3f25b84ff01d15bc415faefa61807f0c\Kies.Common.DeviceService.ni.dll
MOD - [2013.02.21 20:19:57 | 001,138,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\5229c4daac5736509edce3c799323ae0\Podcaster.ni.dll
MOD - [2013.02.21 20:19:54 | 000,732,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\03c4a3659ec4b2cbe92ee0a70f7a639b\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013.02.21 20:19:26 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\31c98182c59c4ee6811ea4166f36f69b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013.02.21 20:19:22 | 000,926,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f79614e3dd9fdc554da29c1469c1d078\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013.02.21 20:19:20 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\ede2cb8d493fe0860167dc3639f14f0c\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013.02.21 20:19:20 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\613d9b5af9aba20ee1353c43c9c0a84b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013.02.21 20:19:20 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\145952716fb5eee03a99b0ccf8ac02cb\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013.02.21 20:19:19 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\df583bdd5805a8ea646aa90a83e31a0a\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013.02.21 20:19:19 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\13768136a6ebec8fc106782cbc077814\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013.02.21 20:19:17 | 002,209,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\65e8750397e2df1d899dbe7e17eb1ec3\Kies.Common.Multimedia.ni.dll
MOD - [2013.02.21 20:19:13 | 000,628,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\fce4c2c60461a5c24bf2e552841a11e5\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013.02.21 20:19:13 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7614a90ae9f8f0ef4a4e63405d3733a1\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.02.21 20:19:07 | 006,797,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\8ea6981dadd24ecb41739a5a17634e49\DeviceHost.ni.dll
MOD - [2013.02.21 20:19:00 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8ea615184f2f6240df29ba506a9c178c\CabLib.ni.dll
MOD - [2013.02.21 20:18:59 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\3bb27b144b33bd17f89f40040900ff28\Kies.Common.Util.ni.dll
MOD - [2013.02.21 20:18:59 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\1224c906a60f250029b81536811cb7e4\Interop.DeviceSearchLib.ni.dll
MOD - [2013.02.21 20:18:58 | 001,599,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\3b025e0e37d23bed9487bd3fe8f0e2df\Kies.Locale.ni.dll
MOD - [2013.02.21 20:18:58 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2b5ae02c7c071309fa9f44c8d922d2ff\Kies.MVVM.ni.dll
MOD - [2013.02.21 20:18:57 | 001,928,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\e233b3c397279e3a01220071c5f2e8de\Kies.UI.ni.dll
MOD - [2013.02.21 20:18:55 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\73e794883f4094f1920dc276675d4c1b\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013.02.21 20:18:53 | 001,246,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7c862e4a2a2f60ad1fade7766d0b75d2\Kies.Interface.ni.dll
MOD - [2013.02.21 20:18:41 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cbb1eb18b6cfdc6f75b8643217ef079e\System.Runtime.Remoting.ni.dll
MOD - [2013.02.21 20:18:39 | 002,114,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\9324446a8020708cb2d38f214f403b05\Kies.ni.exe
MOD - [2013.02.21 19:52:52 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll
MOD - [2013.02.21 19:50:33 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll
MOD - [2013.02.21 19:43:56 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll
MOD - [2013.02.21 19:43:39 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll
MOD - [2013.02.21 19:43:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll
MOD - [2013.02.21 19:43:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll
MOD - [2013.02.21 19:43:24 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll
MOD - [2013.02.21 19:43:14 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll
MOD - [2013.02.21 19:43:04 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll
MOD - [2013.02.21 19:42:57 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll
MOD - [2008.06.13 16:24:56 | 002,109,440 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe
MOD - [2008.02.04 00:16:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006.12.19 11:28:14 | 000,120,384 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naXML71.dll
MOD - [2006.12.19 11:26:12 | 000,157,248 | ---- | M] () -- C:\Programme\McAfee\Common Framework\naisign.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.12 23:26:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.07.16 13:50:30 | 000,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer3\TeamViewer_Host.exe -- (TeamViewer)
SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.02.22 20:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007.02.22 20:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006.12.19 11:24:50 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.01.31 10:19:50 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.01.31 10:19:50 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2009.10.14 08:07:40 | 000,348,160 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008.02.04 00:46:00 | 003,483,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.12.07 17:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.12.07 17:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 21:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 17:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.04.23 11:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.02.22 20:50:00 | 000,170,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006.11.30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006.11.30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006.11.30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006.11.30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.11.30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Programme\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1B9B5C3A-CAC1-4DB8-9AF0-2F6192BD32DF}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C58E70E8-2D69-4636-AC96-33CE6B41EADA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=81&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 E1 8D A3 3B 2E CE 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{1B9B5C3A-CAC1-4DB8-9AF0-2F6192BD32DF}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKCU\..\SearchScopes\{44DE764B-ECF5-49AE-87DC-1E5D0D45B5DD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAT&apn_uid=454D0658-F3E8-4B14-A152-33D9CEEC4370&apn_sauid=49B3C879-1F9A-4EED-88DA-FD70AB880A4E
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deAT307
IE - HKCU\..\SearchScopes\{C58E70E8-2D69-4636-AC96-33CE6B41EADA}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 5.0\resources\de-AT\local\search.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C9D2450-2C3E-479C-AD6E-7BF7B353D7B8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8FEFEB7-959A-4709-80F1-F22185E5F0DB}: DhcpNameServer = 10.0.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.23 12:11:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.31 20:48:07 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.70.0.1100.exe
[2013.03.31 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2013.03.31 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.31 19:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.31 19:45:18 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.31 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.31 16:50:00 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.03.31 14:01:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Canneverbe_Limited
[2013.03.31 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\CDBurnerXP Projects
[2013.03.31 13:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.11 23:05:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Apple Computer
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.31 20:48:19 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.70.0.1100.exe
[2013.03.31 20:21:00 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.03.31 19:50:35 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.31 19:50:35 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.31 19:50:35 | 000,126,292 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.31 19:50:35 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.31 19:45:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.31 19:43:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 19:43:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 19:43:41 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.31 19:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.31 19:43:31 | 3219,632,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.31 14:38:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.31 14:37:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.31 13:52:56 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.31 13:49:41 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.12 11:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 
========== Files Created - No Company Name ==========
 
[2013.03.31 20:21:00 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.03.31 19:45:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.31 13:52:56 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.02.05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.02.05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.02.05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.02.05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.02.05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.03.31 14:01:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe_Limited
[2008.07.20 23:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2012.06.11 09:43:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2008.07.20 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ScanSoft
[2009.03.20 13:36:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2011.12.11 11:50:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\YOU&ME Schularbeiten CD
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---




[CODE]
LOG Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.03.2013 20:22:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,13% Memory free
6,22 Gb Paging File | 5,08 Gb Available in Paging File | 81,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 588,49 Gb Total Space | 432,67 Gb Free Space | 73,52% Space Free | Partition Type: NTFS
Drive D: | 7,68 Gb Total Space | 1,03 Gb Free Space | 13,48% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B7E8A04-487D-4D0E-992A-3D9BD4E5CB95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{55AB639E-C3B3-4284-A262-980BC09D54F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{197D1772-5ABF-4D75-AEC4-6EAB65C9625C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{213BDDD1-7669-4670-8FC2-A7025BB0CEDB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{2D1ED7CB-F381-44F5-A71C-5DCB156E4E37}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3AAE7106-34A4-4D56-B59D-E0506657B9A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4E2D7D26-5B77-417E-971D-95CD17CB7ABF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7090EC81-F7AE-460A-B9AE-F2D11DC263FF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{7769D7E3-7DBB-48B9-92A3-A3F11F41A7F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7ECAF52C-751A-4C3F-8AD6-CB8986DD5937}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7EE095E0-A79F-4F93-A054-685F310B0582}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{877F8A1E-D858-4DD5-8A34-1171D1CF982C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{A0CE50AF-9DEF-46D9-8D34-C31A691D5D3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B15333DE-0C22-46FC-A9D5-26924ED08EBC}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0E3C223-24E2-4121-A493-B29D413C95CB}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"TCP Query User{021577CF-617E-4D94-9AF5-4E13D8A07520}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{3C5CE4AE-1A8A-4527-A526-80B434074E72}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{5E66BE03-9BA0-465B-BC11-FF772F7A6071}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{74DE9900-28E3-423D-97D1-A2EB69858821}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{8E39CDA3-C9EB-4459-A4C1-25DDD62F646C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{906CD6C4-06CE-44DD-85D5-5AB6D9B722A0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1DC14251-8293-4A7F-B63E-064E9F47624A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{417F1742-6C48-474B-B8C1-85130A0A5A92}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{54BA2BF8-2767-4070-8676-9CA5CCD53010}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{8433AD58-2414-42DE-AF00-3DACF4022461}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{CF230A43-EAD7-4A9D-8ED7-6C3AC3748E8D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F9EE00E3-BE3C-4362-81EF-0B08D008C9C5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01EF7E36-5E23-96E5-C195-CB45880AB805}" = CCC Help Czech
"{0238C5F4-A485-DE76-530F-F467AFACD7AC}" = Catalyst Control Center Localization Chinese Traditional
"{039DB2DA-151D-8AF8-1BC8-B7E7157180A0}" = CCC Help French
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D705D16-064C-BAA6-C4E1-067F9DC2A477}" = Catalyst Control Center Localization Hungarian
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software  1.10.23.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{11C97ACD-BD9C-027A-B490-67C5D6FCB14E}" = Catalyst Control Center Localization French
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{133A778F-13AD-A1B4-57DB-74D6DF2D0519}" = CCC Help Turkish
"{13EFD013-6DD3-F5F4-F357-A95AA12C8A70}" = Catalyst Control Center Localization Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D6E5AB-18D1-A6A1-69D0-F8D717B22306}" = CCC Help Portuguese
"{240D1D4E-099E-8A4C-6A4C-241C60DB1863}" = CCC Help Dutch
"{24B62B98-A210-1AF0-10DE-630538BB150D}" = Catalyst Control Center Graphics Full New
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25D1518C-B7C1-53C6-10E1-C06B340302FC}" = CCC Help Chinese Standard
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28FC4B8A-7FA5-B078-E25B-1D60BA1B135B}" = Catalyst Control Center Localization German
"{2A31318A-C9F8-482E-6860-F738D8A9A94B}" = CCC Help Korean
"{2ABD2125-CBBE-4E11-3573-D1F088BD2594}" = Catalyst Control Center Localization Italian
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{352EA20F-C3F5-A2C4-5A63-472AF1FD87B5}" = Catalyst Control Center Graphics Previews Common
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D066F3A-48BA-E6BC-4C8A-0477FCE8DA87}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3C7239-11B9-F8F3-0303-897538F3CFC8}" = Catalyst Control Center Core Implementation
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{5587AD4E-2A66-C0A5-95C9-7D04683BEECB}" = Catalyst Control Center Localization Japanese
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5BD715FA-CAAF-D30D-2613-22776086B382}" = CCC Help Finnish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61F09589-4A31-B31D-2BE1-AC2A65583180}" = Catalyst Control Center Localization Dutch
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{671EEC45-A4AF-6E57-9808-F887CB1F5EE3}" = Catalyst Control Center Localization Swedish
"{6AC3C209-610A-0799-7A5A-486AB7B0D8E1}" = ccc-core-static
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734E5DD4-912F-A7CF-3945-ABDB768CEB34}" = Skins
"{737CABA8-7A6C-C777-B568-285DAD5E90BC}" = CCC Help Thai
"{73E82A61-DB85-A0A9-B09B-C480059F58EE}" = Catalyst Control Center Graphics Light
"{741F918D-A8F8-E6CD-8A6E-12BCC47F952D}" = Catalyst Control Center Localization Chinese Standard
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82984E09-F0F7-60F2-8C6E-BCDB23FC0283}" = CCC Help Norwegian
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8800D4DB-33F1-DF48-F5FA-3F8A8D46D5D9}" = Catalyst Control Center Localization Portuguese
"{899DA790-A271-6A1D-D7DC-573900BC4047}" = CCC Help German
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B8433F3-BE3D-E9A2-B878-91633AAE80E2}" = Catalyst Control Center Localization Norwegian
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{9505717F-666B-9AAA-008B-96F2A1759ED6}" = CCC Help Spanish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A573E06-A63A-4054-DEBF-66116F066859}" = Catalyst Control Center Localization Korean
"{9BDEE2D8-B415-6678-C8D3-1DEACD134637}" = Catalyst Control Center Localization Polish
"{9C9E474F-075C-9414-2CB8-38FEDA33F70B}" = CCC Help Russian
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F00F0AC-AF1C-6242-0237-AA83B342C71D}" = CCC Help Polish
"{A2AC0DE5-73A5-61CC-13B6-3B4DD1B9963B}" = Catalyst Control Center Localization Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB29189D-56E8-5B13-0036-6B233346B2A8}" = CCC Help Danish
"{AC491FE4-B6F9-01ED-F5B4-75F04266FD68}" = Catalyst Control Center Localization Danish
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B52DFE51-966A-3A2F-0CA3-6A86D18D1CA5}" = Catalyst Control Center Localization Turkish
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BC75E2A0-6E73-5DBD-4B81-267EEFC93666}" = Catalyst Control Center Localization Finnish
"{BCA4A04F-2BF5-4A1A-01E2-C527D8CD0B35}" = ccc-utility
"{C138C612-345A-A1B6-7DED-CCE5ADC3FD53}" = Catalyst Control Center Localization Czech
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C9A34BE5-FCA2-11B1-6A48-512FF58AA4BD}" = Catalyst Control Center Graphics Full Existing
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB267145-8ADA-C66E-2D61-5F989BFDA17A}" = CCC Help Japanese
"{CD9282E5-F3B4-1942-D56D-9DCACEEA7BF9}" = CCC Help English
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7DC9FC-1E2C-394E-ACEE-1FFDE152A292}" = Catalyst Control Center Graphics Previews Vista
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1EFBDCB-3C0A-C01E-A56B-26AEF453896B}" = CCC Help Hungarian
"{DA42A12A-DA69-0D32-6254-7976F7AE268B}" = CCC Help Swedish
"{DC01D608-E195-569B-180A-3661D60D44FE}" = ATI Catalyst Install Manager
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E5C4FD04-A70C-E186-C30E-9AB08ACAD3B9}" = CCC Help Greek
"{F001C6A1-56EC-643F-2A91-164AA4EFECA3}" = CCC Help Italian
"{F01EA7D4-4851-B2C9-E08D-029AED1203D3}" = Catalyst Control Center Localization Spanish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29D2233-EB8F-F36D-40FF-6B556729E3E1}" = CCC Help Chinese Traditional
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL Toolbar" = AOL Toolbar 5.0
"Canon MP520 series Benutzerregistrierung" = Canon MP520 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hanna und Co" = Hanna und Co
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Schulschriften AU Demo_is1" = Schulschriften AU Demo 1.0
"TeamViewer 3" = TeamViewer 3
"The new YOU&ME Aufgabensammlung für Schularbeiten_is1" = The New YOU&ME, Aufgabensammlung für Schularbeiten
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2010 02:39:48 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.05.2010 16:41:15 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mcupdate.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e02324, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037dd, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fbae,  Prozess-ID 0x1380,
 Anwendungsstartzeit 01caf600f6675340.
 
Error - 20.05.2010 00:18:41 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 20.05.2010 15:50:22 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 21.05.2010 10:42:00 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 27.05.2010 18:59:15 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 31.05.2010 18:09:43 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 01.06.2010 14:50:21 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.06.2010 17:09:39 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
Error - 06.06.2010 17:17:59 | Computer Name = *** | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 15.06.2011 17:39:12 | Computer Name = *** | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 23.06.2010 16:47:12 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.09.2010 17:44:28 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2010 17:10:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2010 17:42:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.01.2012 17:12:54 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20795
 seconds with 9180 seconds of active time.  This session ended with a crash.
 
Error - 09.02.2012 06:00:15 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3494
 seconds with 2340 seconds of active time.  This session ended with a crash.
 
Error - 21.02.2012 17:35:39 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1062
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 21.02.2012 17:37:24 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 72
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 27.10.2012 15:55:31 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6605
 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error - 27.10.2012 15:55:56 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 31.03.2013 08:24:56 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 31.03.2013 08:24:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 08:30:39 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 08:32:08 | Computer Name = *** | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.35 für die Netzwerkkarte mit der Netzwerkadresse
 001FC6725064 wurde durch den DHCP-Server 192.168.0.99 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 31.03.2013 08:33:27 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 08:33:35 | Computer Name = *** | Source = RasMan | ID = 20033
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
 Registrierung bei der lokalen Sicherheitsinstanz ausgeführt werden konnte. Führen
 Sie einen Neustart der RAS-Verbindungsverwaltung aus. Falls das Problem weiterhin
 besteht, wenden Sie sich an den Systemadministrator. Unzulässige Funktion.  
 
Error - 31.03.2013 08:33:35 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 31.03.2013 08:36:02 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 08:43:13 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 31.03.2013 13:45:14 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---




Code:
ATTFilter
Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-31 23:08:10
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000053 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Admin\AppData\Local\Temp\kwrdipog.sys


---- System - GMER 2.1 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x9CD9B4E7]

---- Kernel code sections - GMER 2.1 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                      section is writeable [0x8E201000, 0x1E7094, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] kernel32.dll!CreateThread               7731CB0E 5 Bytes  JMP 6FE075E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateDialogParamW           76ED72A2 5 Bytes  JMP 6FF992A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!GetAsyncKeyState             76ED863C 5 Bytes  JMP 6FDEDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!SetWindowsHookExW            76ED87AD 5 Bytes  JMP 6FE425B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CallNextHookEx               76ED8E3B 5 Bytes  JMP 6FE67FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!UnhookWindowsHookEx          76ED98DB 5 Bytes  JMP 6FE8ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!EnableWindow                 76EDCD8B 5 Bytes  JMP 6FE49EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DefWindowProcA               76EDDB88 7 Bytes  JMP 6FE0980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateWindowExA              76EDDC2A 5 Bytes  JMP 6FE13643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateWindowExW              76EE1305 5 Bytes  JMP 6FE703DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!GetKeyState                  76EE8CB1 5 Bytes  JMP 6FDEDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DefWindowProcW               76EF03B4 7 Bytes  JMP 6FE68054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!IsDialogMessageW             76EF0745 5 Bytes  JMP 6FF999FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateDialogParamA           76EF17AA 5 Bytes  JMP 6FF99268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!IsDialogMessage              76EF1847 5 Bytes  JMP 6FF999D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateDialogIndirectParamA   76EF26F1 5 Bytes  JMP 6FF992D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!CreateDialogIndirectParamW   76EF9A62 5 Bytes  JMP 6FF99310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!SetKeyboardState             76F00987 5 Bytes  JMP 6FF9A2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxParamW              76F010B0 5 Bytes  JMP 6FDA1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxIndirectParamW      76F02EF5 5 Bytes  JMP 6FF98F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!SendInput                    76F02F75 5 Bytes  JMP 6FF9A269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!EndDialog                    76F0326E 5 Bytes  JMP 6FF99CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!SetCursorPos                 76F16FB2 5 Bytes  JMP 6FF9A342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxParamA              76F18152 5 Bytes  JMP 6FF98ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!DialogBoxIndirectParamA      76F1847D 5 Bytes  JMP 6FF98F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxIndirectA          76F2D4D9 5 Bytes  JMP 6FF98E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxIndirectW          76F2D5D3 5 Bytes  JMP 6FF98DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxExA                76F2D639 5 Bytes  JMP 6FF98D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!MessageBoxExW                76F2D65D 5 Bytes  JMP 6FF98D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] USER32.dll!keybd_event                  76F2D972 5 Bytes  JMP 6FF9A226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] SHELL32.dll!SHRestricted + D95          75D689A8 4 Bytes  [CF, 01, BD, 6F]
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] SHELL32.dll!SHRestricted + D9D          75D689B0 8 Bytes  [E0, 61, BC, 6F, 79, F7, BC, ...] {LOOPNZ 0x63; MOV ESP, 0xbcf7796f; OUTS DX, DWORD [ESI]}
.text           C:\Program Files\Internet Explorer\iexplore.exe[2452] ole32.dll!OleLoadFromStream             76FA1E80 5 Bytes  JMP 6FF99704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!EnableWindow                 76EDCD8B 5 Bytes  JMP 6FE49EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!DialogBoxParamW              76F010B0 5 Bytes  JMP 6FDA1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!DialogBoxIndirectParamW      76F02EF5 5 Bytes  JMP 6FF98F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!DialogBoxParamA              76F18152 5 Bytes  JMP 6FF98ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!DialogBoxIndirectParamA      76F1847D 5 Bytes  JMP 6FF98F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!MessageBoxIndirectA          76F2D4D9 5 Bytes  JMP 6FF98E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!MessageBoxIndirectW          76F2D5D3 5 Bytes  JMP 6FF98DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!MessageBoxExA                76F2D639 5 Bytes  JMP 6FF98D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[4188] USER32.dll!MessageBoxExW                76F2D65D 5 Bytes  JMP 6FF98D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] kernel32.dll!CreateThread               7731CB0E 5 Bytes  JMP 6FE075E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateDialogParamW           76ED72A2 5 Bytes  JMP 6FF992A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!GetAsyncKeyState             76ED863C 5 Bytes  JMP 6FDEDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!SetWindowsHookExW            76ED87AD 5 Bytes  JMP 6FE425B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CallNextHookEx               76ED8E3B 5 Bytes  JMP 6FE67FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!UnhookWindowsHookEx          76ED98DB 5 Bytes  JMP 6FE8ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!EnableWindow                 76EDCD8B 5 Bytes  JMP 6FE49EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DefWindowProcA               76EDDB88 7 Bytes  JMP 6FE0980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateWindowExA              76EDDC2A 5 Bytes  JMP 6FE13643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateWindowExW              76EE1305 5 Bytes  JMP 6FE703DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!GetKeyState                  76EE8CB1 5 Bytes  JMP 6FDEDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DefWindowProcW               76EF03B4 7 Bytes  JMP 6FE68054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!IsDialogMessageW             76EF0745 5 Bytes  JMP 6FF999FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateDialogParamA           76EF17AA 5 Bytes  JMP 6FF99268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!IsDialogMessage              76EF1847 5 Bytes  JMP 6FF999D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateDialogIndirectParamA   76EF26F1 5 Bytes  JMP 6FF992D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateDialogIndirectParamW   76EF9A62 5 Bytes  JMP 6FF99310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!SetKeyboardState             76F00987 5 Bytes  JMP 6FF9A2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamW              76F010B0 5 Bytes  JMP 6FDA1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamW      76F02EF5 5 Bytes  JMP 6FF98F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!SendInput                    76F02F75 5 Bytes  JMP 6FF9A269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!EndDialog                    76F0326E 5 Bytes  JMP 6FF99CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!SetCursorPos                 76F16FB2 5 Bytes  JMP 6FF9A342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamA              76F18152 5 Bytes  JMP 6FF98ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamA      76F1847D 5 Bytes  JMP 6FF98F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectA          76F2D4D9 5 Bytes  JMP 6FF98E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectW          76F2D5D3 5 Bytes  JMP 6FF98DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExA                76F2D639 5 Bytes  JMP 6FF98D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExW                76F2D65D 5 Bytes  JMP 6FF98D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!keybd_event                  76F2D972 5 Bytes  JMP 6FF9A226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] SHELL32.dll!SHRestricted + D95          75D689A8 4 Bytes  [CF, 01, BD, 6F]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] SHELL32.dll!SHRestricted + D9D          75D689B0 8 Bytes  [E0, 61, BC, 6F, 79, F7, BC, ...] {LOOPNZ 0x63; MOV ESP, 0xbcf7796f; OUTS DX, DWORD [ESI]}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5520] ole32.dll!OleLoadFromStream             76FA1E80 5 Bytes  JMP 6FF99704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] kernel32.dll!CreateThread               7731CB0E 5 Bytes  JMP 6FE075E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateDialogParamW           76ED72A2 5 Bytes  JMP 6FF992A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!GetAsyncKeyState             76ED863C 5 Bytes  JMP 6FDEDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!SetWindowsHookExW            76ED87AD 5 Bytes  JMP 6FE425B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CallNextHookEx               76ED8E3B 5 Bytes  JMP 6FE67FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!UnhookWindowsHookEx          76ED98DB 5 Bytes  JMP 6FE8ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!EnableWindow                 76EDCD8B 5 Bytes  JMP 6FE49EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DefWindowProcA               76EDDB88 7 Bytes  JMP 6FE0980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateWindowExA              76EDDC2A 5 Bytes  JMP 6FE13643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateWindowExW              76EE1305 5 Bytes  JMP 6FE703DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!GetKeyState                  76EE8CB1 5 Bytes  JMP 6FDEDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DefWindowProcW               76EF03B4 7 Bytes  JMP 6FE68054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!IsDialogMessageW             76EF0745 5 Bytes  JMP 6FF999FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateDialogParamA           76EF17AA 5 Bytes  JMP 6FF99268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!IsDialogMessage              76EF1847 5 Bytes  JMP 6FF999D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateDialogIndirectParamA   76EF26F1 5 Bytes  JMP 6FF992D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!CreateDialogIndirectParamW   76EF9A62 5 Bytes  JMP 6FF99310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!SetKeyboardState             76F00987 5 Bytes  JMP 6FF9A2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DialogBoxParamW              76F010B0 5 Bytes  JMP 6FDA1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DialogBoxIndirectParamW      76F02EF5 5 Bytes  JMP 6FF98F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!SendInput                    76F02F75 5 Bytes  JMP 6FF9A269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!EndDialog                    76F0326E 5 Bytes  JMP 6FF99CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!SetCursorPos                 76F16FB2 5 Bytes  JMP 6FF9A342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DialogBoxParamA              76F18152 5 Bytes  JMP 6FF98ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!DialogBoxIndirectParamA      76F1847D 5 Bytes  JMP 6FF98F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!MessageBoxIndirectA          76F2D4D9 5 Bytes  JMP 6FF98E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!MessageBoxIndirectW          76F2D5D3 5 Bytes  JMP 6FF98DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!MessageBoxExA                76F2D639 5 Bytes  JMP 6FF98D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!MessageBoxExW                76F2D65D 5 Bytes  JMP 6FF98D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] USER32.dll!keybd_event                  76F2D972 5 Bytes  JMP 6FF9A226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] SHELL32.dll!SHRestricted + D95          75D689A8 4 Bytes  [CF, 01, BD, 6F]
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] SHELL32.dll!SHRestricted + D9D          75D689B0 8 Bytes  [E0, 61, BC, 6F, 79, F7, BC, ...] {LOOPNZ 0x63; MOV ESP, 0xbcf7796f; OUTS DX, DWORD [ESI]}
.text           C:\Program Files\Internet Explorer\iexplore.exe[5944] ole32.dll!OleLoadFromStream             76FA1E80 5 Bytes  JMP 6FF99704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                       mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                       mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                      mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                         unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---
Ich hoffe ich hab jetzt keinen Fehler gemacht, die Logs sind ja ziemlich lange.

Danke schon mal vorab für die Hilfe!
lg
Klaus

Alt 01.04.2013, 21:01   #2
t'john
/// Helfer-Team
 
PC mit mehreren Trojanern verseucht - Standard

PC mit mehreren Trojanern verseucht





Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast!
(Reiter Logdateien)
__________________

__________________

Alt 18.05.2013, 11:37   #3
t'john
/// Helfer-Team
 
PC mit mehreren Trojanern verseucht - Standard

PC mit mehreren Trojanern verseucht



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________

Antwort

Themen zu PC mit mehreren Trojanern verseucht
7-zip, autorun, bho, bonjour, cdburnerxp, error, excel, firefox, flash player, home, iexplore.exe, install.exe, intranet, kaspersky, logfile, netgear, office 2007, problem, realtek, registry, rundll, scan, security, senden, software, svchost.exe, trojaner, usb, vista



Ähnliche Themen: PC mit mehreren Trojanern verseucht


  1. Ausstattung von mehreren PCs mit AV Programm
    Antiviren-, Firewall- und andere Schutzprogramme - 22.08.2015 (12)
  2. PC bring Popup Meldung, dass PC massiv mit Viren und Trojanern verseucht sei und ist extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 31.01.2015 (1)
  3. Win XP: Infektion mit mehreren Trojanern
    Log-Analyse und Auswertung - 28.04.2014 (33)
  4. Windows 7: Befall von mehreren Trojanern/Viren -Win64/Conedex.B + C + I, Win64/Sirefef.AZ+BJ
    Log-Analyse und Auswertung - 15.02.2014 (86)
  5. Computer war mit Trojanern und Maleware verseucht
    Log-Analyse und Auswertung - 26.01.2014 (11)
  6. Windows 7 - mit mehreren Viren & Trojanern infiziert
    Log-Analyse und Auswertung - 27.12.2013 (13)
  7. Infizierung mit mehreren Trojanern
    Log-Analyse und Auswertung - 06.09.2012 (8)
  8. Problem mit mehreren Viren/Trojanern
    Log-Analyse und Auswertung - 31.01.2011 (10)
  9. Probleme mit mehreren Trojanern
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (22)
  10. WINXP mit mehreren Trojanern verseucht!?
    Plagegeister aller Art und deren Bekämpfung - 05.05.2009 (8)
  11. Systemabsturz bei mehreren programmen
    Log-Analyse und Auswertung - 26.12.2008 (1)
  12. Laptop durch VIren/Trojanern verseucht . Brauche Hilfe!
    Log-Analyse und Auswertung - 07.09.2008 (12)
  13. Fund in mehreren Programmen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2008 (8)
  14. windows in mehreren teilen
    Alles rund um Windows - 19.02.2008 (11)
  15. Windows 2000 mit Viren und Trojanern verseucht
    Plagegeister aller Art und deren Bekämpfung - 18.11.2007 (3)
  16. ist mein PC mit trojanern oder viren verseucht????
    Mülltonne - 21.10.2007 (0)
  17. immer offen Verbindung zu einer IP - Selbige ist mit Trojanern Verseucht.
    Plagegeister aller Art und deren Bekämpfung - 02.02.2007 (2)

Zum Thema PC mit mehreren Trojanern verseucht - Hallo, der PC einer Freundin war (ist) mit mehreren Trojanern verseucht. Sie hat bereits mit der Kasperky Rettungs CD einen Scan durchgeführt und 18 Trojaner damit beseitigt. Leider hat Sie - PC mit mehreren Trojanern verseucht...
Archiv
Du betrachtest: PC mit mehreren Trojanern verseucht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.