|
TR/Crypt.XPACK.Gen3 Trojaner Hallo, ich habe seit gerade eben Probleme mit oben genannten Trojaner. Weiß auch aus welcher Datei er stammte... Hoffe ihr könnt mir helfen und sagen ob ich formatieren muss..... Danke OTL logfile created on: 11.12.2011 18:44:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\incely\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,71% Memory free 4,00 Gb Paging File | 2,53 Gb Available in Paging File | 63,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 19,28 Gb Free Space | 12,94% Space Free | Partition Type: NTFS Drive D: | 699,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: INCELY-COMP | User Name: incely | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.11 18:44:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\incely\Downloads\OTL.exe PRC - [2011.12.11 18:43:18 | 000,050,477 | ---- | M] () -- C:\Users\incely\Downloads\Defogger.exe PRC - [2011.12.11 16:34:06 | 000,083,456 | ---- | M] () -- C:\Users\incely\AppData\Local\Temp\tmp284.exe PRC - [2011.11.09 11:47:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.08.01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2011.06.30 14:46:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe PRC - [2009.10.29 17:06:44 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.06.22 15:13:48 | 000,304,592 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe PRC - [2008.02.09 19:33:54 | 000,136,192 | -HS- | M] () -- C:\Users\incely\Network\wmpkh32.exe ========== Modules (No Company Name) ========== MOD - [2011.12.11 18:43:18 | 000,050,477 | ---- | M] () -- C:\Users\incely\Downloads\Defogger.exe MOD - [2011.12.11 16:34:06 | 000,083,456 | ---- | M] () -- C:\Users\incely\AppData\Local\Temp\tmp284.exe MOD - [2011.11.09 11:47:43 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.02.09 19:33:54 | 000,136,192 | -HS- | M] () -- C:\Users\incely\Network\wmpkh32.exe ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.06.30 14:46:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2011.04.16 12:49:28 | 000,073,520 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe -- (EWSASERV) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2010.11.08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.22 15:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - [2011.12.11 18:33:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.08.19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC) DRV - [2011.06.30 14:46:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 14:46:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.04.04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2011.03.31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2011.02.07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice) DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2010.09.17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2010.09.14 14:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.04 13:34:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.05.04 13:34:08 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet) DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.12 18:17:08 | 000,691,696 | ---- | M] () [Kernel | Disabled | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2009.05.08 10:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2009.03.27 12:23:12 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.03.06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService) DRV - [2008.10.31 15:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService) DRV - [2007.09.26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2005.08.17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 13 2A 85 97 D0 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://hukd.mydealz.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\incely\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.28 15:05:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.22 15:00:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 11:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 10:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M] [2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions [2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.03.18 17:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.12.04 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions [2011.02.28 23:46:56 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2011.12.04 17:01:48 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.11.19 01:48:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.10.07 15:08:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.04 16:58:20 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.10.16 15:23:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\firefox@tvunetworks.com [2010.08.15 11:26:55 | 000,002,252 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\askcom.xml [2009.12.16 16:43:08 | 000,005,318 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\com-searchde.xml [2010.10.10 18:15:12 | 000,002,059 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\daemon-search.xml [2011.12.07 23:35:40 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-1.xml [2010.07.24 23:41:56 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-2.xml [2010.08.13 13:50:59 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-3.xml [2010.09.24 14:42:48 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-4.xml [2010.10.05 16:38:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-5.xml [2010.10.28 15:43:22 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-6.xml [2010.12.10 15:48:57 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-7.xml [2011.03.02 16:13:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-8.xml [2010.07.19 16:02:12 | 000,001,056 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin.xml [2011.12.04 16:58:09 | 000,003,915 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\sweetim.xml [2011.11.09 11:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.05 19:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\INCELY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YOMQYBRK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 11:47:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.05.15 11:31:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.10.10 21:53:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.10 21:53:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.10 21:53:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.10 21:53:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.13 11:45:51 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011.10.10 21:53:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.10 21:53:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gears.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Unity Player (Enabled) = C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\incely\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_1\ O1 HOSTS File: ([2010.01.05 00:30:37 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll () O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\incely\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [WinMedia Server] C:\Users\incely\Network\wmpkh32.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Download YouTube Video\upod_link.HTM () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A59DDFA-7CF2-4CC8-8150-465CDB022B59}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23B500A-E036-42BD-BFDB-B4AA53BFC1F1}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell - "" = AutoRun O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell\AutoRun\command - "" = G:\setup.exe -a O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell - "" = AutoRun O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell - "" = AutoRun O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.11 18:33:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.12.11 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Malwarebytes [2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.11 18:33:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.11 18:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.11 15:59:49 | 000,000,000 | -HSD | C] -- C:\Users\incely\Network [2011.12.08 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Facebook [2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong [2011.12.04 16:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2011.12.04 16:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2011.12.03 02:16:15 | 000,000,000 | ---D | C] -- C:\Users\incely\ntb-eleven-xvid [2011.12.03 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\incely\bright-fl-xvid [2011.11.21 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free [2011.11.20 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free [2011.11.19 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.19 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Logitech® Webcam-Software [2011.11.19 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2011.11.19 16:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS [2011.11.19 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2011.11.19 16:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2011.11.19 16:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2011.11.19 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2011.11.15 09:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery [2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery [2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft [2011.11.15 09:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft Password Recovery [2011.11.13 22:23:38 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\MetaGeek,_LLC [2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek [2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\inSSIDer 2.0 [2011.11.13 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.11 18:44:29 | 000,000,176 | ---- | M] () -- C:\Users\incely\defogger_reenable [2011.12.11 18:33:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.12.11 18:33:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 18:06:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.11 17:53:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job [2011.12.11 16:08:50 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 16:08:50 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 16:03:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.11 16:02:53 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job [2011.12.11 16:02:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.11 16:02:37 | 1609,383,936 | -HS- | M] () -- C:\hiberfil.sys [2011.12.11 16:00:35 | 000,047,109 | -H-- | M] () -- C:\Users\incely\userdiff.sav [2011.12.11 16:00:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job [2011.12.08 07:00:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job [2011.12.07 18:04:44 | 296,474,112 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi [2011.12.06 10:53:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job [2011.12.06 05:41:29 | 000,001,082 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.11.25 14:22:28 | 004,298,746 | ---- | M] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3 [2011.11.25 11:13:11 | 000,253,720 | ---- | M] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf [2011.11.20 22:23:21 | 000,062,061 | ---- | M] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg [2011.11.20 22:22:24 | 000,081,406 | ---- | M] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg [2011.11.20 18:30:14 | 000,002,030 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk [2011.11.19 22:08:15 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.19 16:12:37 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.11.17 19:43:44 | 000,029,084 | ---- | M] () -- C:\Users\incely\Documents\ajk.jpg [2011.11.13 22:16:46 | 000,003,027 | ---- | M] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.11 18:43:53 | 000,000,176 | ---- | C] () -- C:\Users\incely\defogger_reenable [2011.12.11 18:33:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 16:00:35 | 000,047,109 | -H-- | C] () -- C:\Users\incely\userdiff.sav [2011.12.08 06:55:26 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job [2011.12.08 06:55:25 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job [2011.12.07 17:53:37 | 296,474,112 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi [2011.12.06 05:41:29 | 000,001,082 | ---- | C] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2011.11.25 14:22:04 | 004,298,746 | ---- | C] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3 [2011.11.25 11:13:11 | 000,253,720 | ---- | C] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf [2011.11.20 22:23:16 | 000,062,061 | ---- | C] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg [2011.11.20 22:22:18 | 000,081,406 | ---- | C] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg [2011.11.20 18:30:14 | 000,002,030 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk [2011.11.19 22:08:15 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.19 16:12:37 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2011.11.17 19:43:34 | 000,029,084 | ---- | C] () -- C:\Users\incely\Documents\ajk.jpg [2011.11.13 22:16:46 | 000,003,027 | ---- | C] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk [2011.09.30 13:54:03 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011.09.30 13:54:03 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.09.25 20:12:48 | 000,007,602 | ---- | C] () -- C:\Users\incely\AppData\Local\Resmon.ResmonCfg [2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.02 17:28:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.02 17:25:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.05 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2011.02.26 23:54:10 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2011.02.06 23:45:44 | 000,000,094 | ---- | C] () -- C:\Users\incely\AppData\Local\fusioncache.dat [2011.01.17 16:49:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.30 15:03:08 | 000,021,504 | ---- | C] () -- C:\Users\incely\AppData\Local\WebpageIcons.db [2010.11.10 14:11:08 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini [2010.05.04 13:34:09 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.05.04 13:34:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.04.07 10:42:55 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll [2010.03.18 13:25:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.02.17 12:30:39 | 000,009,216 | ---- | C] () -- C:\Users\incely\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.11 18:36:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.12.23 19:54:40 | 000,000,000 | ---- | C] () -- C:\Users\incely\AppData\Roaming\AVSMediaPlayer.m3u [2009.12.23 19:52:48 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.23 19:52:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.12.22 11:41:50 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2009.12.22 11:41:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.12.22 11:41:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.12.19 01:12:52 | 000,000,059 | ---- | C] () -- C:\Users\incely\AppData\Roaming\GoodnightTimer.ini [2009.12.14 17:59:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.12 18:17:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,537,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.04.27 19:28:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2007.10.08 13:21:46 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== LOP Check ========== [2011.09.30 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Atari [2011.09.21 22:07:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\BOM [2010.04.04 10:15:34 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Canneverbe Limited [2009.12.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DAEMON Tools Lite [2011.02.28 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Dropbox [2011.10.07 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoft [2011.10.07 15:08:12 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.04 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Foxit Software [2011.06.07 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Free Download Manager [2010.04.07 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\FreeFLVConverter [2010.10.23 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Friday's games [2011.08.21 13:48:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GameRanger [2011.01.22 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GrabPro [2011.12.04 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ICQ [2011.04.23 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ImgBurn [2011.08.30 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Kalypso Media [2011.09.29 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Leadertech [2010.11.24 23:39:31 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2011.02.26 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MiniDm [2010.04.25 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MudTV [2009.12.14 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\OpenOffice.org [2010.03.31 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Opera [2010.09.09 16:59:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ProtectDISC [2011.10.24 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Screaming Bee [2010.02.17 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ShareTV [2010.04.06 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Softi Software [2010.03.18 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Songbird2 [2011.07.17 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Sports Interactive [2011.03.22 15:09:36 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Swiss Academic Software [2010.04.09 14:33:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Thunderbird [2011.01.02 12:47:42 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tific [2011.11.20 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TS3Client [2009.12.14 13:37:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TuneUp Software [2011.05.06 01:47:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tunngle [2011.04.25 21:45:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Ubisoft [2010.02.11 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Xilisoft [2010.10.28 19:45:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\XSManager [2010.05.03 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Z-Software [2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.12.11 16:02:53 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job [2011.12.08 07:00:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job [2011.12.11 16:00:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job [2011.10.13 11:08:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
einen malware scan und eset scan mach ich gerade.... |
Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8352 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 11.12.2011 20:35:41 mbam-log-2011-12-11 (20-35-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 368501 Laufzeit: 2 Stunde(n), 0 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\incely\downloads\elcomsoft.wireless.security.auditor.3.0.2.375\elcomsoft.wireless.security.auditor.3.0.2.375\Patch\elcomsoft.wireless.securit y.auditor.3.0.2.375.patch-jw.exe (RiskWare.Tool.HCK) -> No action taken. c:\Users\incely\downloads\mini-kms.activator.v1.072.en-plz\mini-kms.activator.v1.072.en-plz\mKMSAct.exe (PUP.Hacktool) -> No action taken. |
C:\Users\incely\laqqxwe.exe Win32/Tofsee.AI trojan C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Exploit.Pdfka.PAV trojan C:\Users\incely\Network\wmpkh32.exe a variant of Win32/Injector.MBS trojan C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application Operating memory multiple threats |
Hallo, könnte mit bitte jemand sagen wie folgenschwer der Befall ist und wie ich weiter vorgehen soll. Vielen Dank! |
Soll ich noch irgendwelche tests durchführen oder könnt ihr damit schon was anfangen? |
Schade, mir mag wohl keiner helfen :( |
Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8355 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12.12.2011 20:54:33 mbam-log-2011-12-12 (20-54-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 362259 Laufzeit: 1 Stunde(n), 17 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\incely\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ICQTTKJL\3x1[1].zip (Trojan.Agent) -> No action taken. c:\Users\incely\laqqxwe.exe (Trojan.Agent) -> No action taken. |
Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 8355 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 12.12.2011 22:54:14 mbam-log-2011-12-12 (22-54-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 363019 Laufzeit: 1 Stunde(n), 39 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=90957aa4dcd8cf4db0544eb62d871897 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-12 02:52:18 # local_time=2011-12-12 03:52:18 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 21879 60187646 28548 0 # compatibility_mode=5893 16776574 100 94 13554957 75282016 0 0 # compatibility_mode=8192 67108863 100 0 28054 28054 0 0 # scanned=177472 # found=44 # cleaned=0 # scan_time=7555 C:\spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\laqqxwe.exe Win32/Tofsee.AI trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Network\wmpkh32.exe a variant of Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=90957aa4dcd8cf4db0544eb62d871897 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-13 12:08:00 # local_time=2011-12-13 01:08:00 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 134209 60299976 140878 0 # compatibility_mode=5893 16776574 100 94 13667287 75394346 0 0 # compatibility_mode=8192 67108863 100 0 140384 140384 0 0 # scanned=170412 # found=47 # cleaned=0 # scan_time=14946 C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\1aj[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\1nd[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\au[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77LPSQ9B\1nd[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp288.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp33.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\AppData\Local\Temp\tmp4.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
Hier der neuste OTL scan ausgeführt vom Desktop:OTL Logfile: Code: OTL logfile created on: 13.12.2011 13:49:15 - Run 2OTL Logfile: Code: OTL Extras logfile created on: 13.12.2011 13:49:15 - Run 2 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:18 Uhr. |
Copyright ©2000-2025, Trojaner-Board