|
TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 Hallo, ich habe folgendes Problem: Avira hat bei mir gestern TR/Crypt.ZPACK.Gen8 gefunden unter: C:\Users\***\AppData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5….. Ich habe es in die Quarantäne verschoben und nichts weiter gemacht. Heute fand Avira zwei weitere Viren und zwar: TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 in C:\Users\***\AppData\Local….. Sie habe ich auch wieder in die Quarantäne verschoben, doch die beiden werden von Avira jetzt jedes Mal wenn ich online gehe neu gefunden. Ich hoffe, dass ihr mir helfen könnt. Unten sind die Ergebnisse von defogger, OTL und gmer. Falls ihr noch Informationen braucht sagt Bescheid. Vielen Dank schon mal! Liebe Grüße, Rozel Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:43 on 02/06/2012 (Comp Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL: OTL logfile created on: 02.06.2012 20:58:39 - Run 3 OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\***\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy 2,75 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 63,89% Memory free 5,73 Gb Paging File | 4,75 Gb Available in Paging File | 82,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 105,82 Gb Free Space | 45,44% Space Free | Partition Type: NTFS Computer Name: *** | User Name: Comp Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Comp Admin. ***\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Program Files\1&1 Surf-Stick\UIExec.exe () PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Program Files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\OSDCtrl.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a6d889aa69fd51c100352f23c7cebd22\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c8750ecd71abac98fb26b2f4bf3a031a\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll () MOD - C:\Program Files\1&1 Surf-Stick\UIExec.exe () MOD - C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3076.38379__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3076.38436__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3076.38415__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3076.38401__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3076.38423__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3076.38617__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3076.38651__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3076.38588__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3076.38657__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3076.38594__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3076.38394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3076.38580__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3076.38587__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3076.38649__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3076.38544__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3076.38448__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3076.38402__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3076.38608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3076.38573__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3076.38443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3076.38543__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3076.38454__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3076.38560__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3076.38572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3076.38528__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3076.38536__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3076.38535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3076.38542__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3076.38669__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3076.38680__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3076.38632__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3076.38408__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3076.38641__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3076.38639__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3076.38372__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3076.38370__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3076.38387__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3076.38371__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3076.38369__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3076.38370__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3076.38640__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () MOD - C:\Program Files\Launch Manager\OSDCtrl.exe () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (StumbleUponUpdater) -- C:\Users\Comp Admin. ***\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (OpenVPNService) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\COMPAD~1.ZEL\AppData\Local\Temp\catchme.sys File not found DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found DRV - (BTKRNL) -- system32\DRIVERS\btkrnl.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (MegaSR) -- C:\Windows\System32\drivers\MegaSR.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Microsoft Corporation) DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company) DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation) DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation) DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic) DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation) DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic) DRV - (kbdhid) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation) DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex) DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation) DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation) DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation) DRV - (fdc) -- C:\Windows\System32\drivers\fdc.sys (Microsoft Corporation) DRV - (flpydisk) -- C:\Windows\System32\drivers\flpydisk.sys (Microsoft Corporation) DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation) DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation) DRV - (usbuhci) -- C:\Windows\System32\drivers\usbuhci.sys (Microsoft Corporation) DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys (Microsoft Corporation) DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation) DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation) DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation) DRV - (intelppm) -- C:\Windows\System32\drivers\intelppm.sys (Microsoft Corporation) DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation) DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation) DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation) DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ErrDev) -- C:\Windows\System32\drivers\errdev.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation) DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic) DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation) DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation) DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation) DRV - (usbcir) eHome Infrared Receiver (USBCIR) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation) DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation) DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation) DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) DRV - (ViPImgSVC) -- C:\Windows\System32\drivers\vpmini.sys (Aviclink Corporation) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 51 38 5F 1D 0B CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2010.09.06 13:15:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comp Admin. ***\AppData\Roaming\mozilla\Extensions [2011.10.16 10:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Comp Admin. ***\AppData\Roaming\mozilla\Firefox\Profiles\ypwcvow9.default\extensions [2011.10.06 13:05:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Comp Admin. ***\AppData\Roaming\mozilla\Firefox\Profiles\ypwcvow9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.18 14:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.10.06 21:36:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011.10.06 21:36:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2011.10.06 18:27:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Comp Admin. ***\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe () O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.) O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://imtvpn2.uni-paderborn.de/http/0/platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7792C564-6984-4732-A1A2-EF6446ACE5AA}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.30 09:27:10 | 000,000,000 | ---D | C] -- C:\UserData [2012.05.30 09:22:42 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2012.05.30 09:22:42 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2012.05.30 09:22:42 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2012.05.30 09:22:42 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2012.05.30 09:22:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB [2012.05.30 09:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.05.30 09:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick [2012.05.06 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2 [2012.05.06 18:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management ========== Files - Modified Within 30 Days ========== [2012.06.02 21:00:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A1D0584-02FE-4FA6-8FFA-A6D20E0883B7}.job [2012.06.02 20:43:19 | 000,000,000 | ---- | M] () -- C:\Users\Comp Admin. ***\defogger_reenable [2012.06.02 20:42:02 | 000,003,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 20:42:02 | 000,003,760 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.02 18:41:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.02 18:41:54 | 2950,742,016 | -HS- | M] () -- C:\hiberfil.sys [2012.06.01 15:48:00 | 000,647,626 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.01 15:48:00 | 000,125,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.30 09:22:36 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.05.29 13:49:07 | 000,000,841 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2012.05.17 13:17:28 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.17 13:17:28 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.06.02 20:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Comp Admin. ***\defogger_reenable [2012.05.30 09:27:10 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.05.30 09:22:25 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.05.06 18:53:18 | 000,000,841 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2011.10.06 18:10:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.10.06 18:10:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.10.06 18:10:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.10.06 18:10:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.10.06 18:10:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.05 21:00:20 | 000,000,062 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk.lic [2010.09.23 10:06:14 | 000,000,680 | ---- | C] () -- C:\Users\Comp Admin. ***\AppData\Local\d3d9caps.dat [2010.09.22 14:23:27 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2010.09.22 14:20:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\vpvfw.dll [2010.09.22 14:20:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\remove.dll ========== LOP Check ========== [2012.04.27 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\Dev-Cpp [2009.07.30 12:21:17 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\DriverCure [2011.02.28 11:57:54 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\IrfanView [2012.03.26 09:24:47 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\SoftGrid Client [2011.02.22 18:05:28 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\TP [2009.10.18 14:43:48 | 000,000,000 | ---D | M] -- C:\Users\Comp Admin. ***\AppData\Roaming\UDC Profiles [2012.06.02 11:54:27 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.02 21:00:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5A1D0584-02FE-4FA6-8FFA-A6D20E0883B7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Gmer: GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-02 22:49:35 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA Running: lz93dp7l.exe; Driver: C:\Users\COMPAD~1.ZEL\AppData\Local\Temp\uwldypow.sys ---- System - GMER 1.0.15 ---- SSDT 8C9074AE ZwCreateSection SSDT 8C907486 ZwCreateSymbolicLinkObject SSDT 8C90748B ZwLoadDriver SSDT 8C907481 ZwOpenSection SSDT 8C9074B8 ZwRequestWaitReplyPort SSDT 8C9074B3 ZwSetContextThread SSDT 8C9074BD ZwSetSecurityObject SSDT 8C907490 ZwSetSystemInformation SSDT 8C9074C2 ZwSystemDebugControl SSDT 8C90744F ZwTerminateProcess SSDT 8C90744A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 826E2998 4 Bytes [AE, 74, 90, 8C] .text ntkrnlpa.exe!KeSetEvent + 21D 826E29A0 4 Bytes [86, 74, 90, 8C] {XCHG [EAX+EDX*4-0x74], DH} .text ntkrnlpa.exe!KeSetEvent + 37D 826E2B00 4 Bytes [8B, 74, 90, 8C] {MOV ESI, [EAX+EDX*4-0x74]} .text ntkrnlpa.exe!KeSetEvent + 3FD 826E2B80 4 Bytes [81, 74, 90, 8C] .text ntkrnlpa.exe!KeSetEvent + 539 826E2CBC 4 Bytes [B8, 74, 90, 8C] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E404000, 0x205314, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtClose 77B14164 5 Bytes JMP 6E409BF1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtCreateFile 77B14224 5 Bytes JMP 6E4088D9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtCreateKey 77B14264 5 Bytes JMP 6E40552A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtDeleteFile 77B14604 5 Bytes JMP 6E4086F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtDeleteKey 77B14614 5 Bytes JMP 6E404D8A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtDeleteValueKey 77B14644 5 Bytes JMP 6E40504D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtDuplicateObject 77B14674 5 Bytes JMP 6E409CC7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtEnumerateKey 77B146B4 5 Bytes JMP 6E404E2E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtEnumerateValueKey 77B146E4 5 Bytes JMP 6E404FA7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtFlushKey 77B14744 5 Bytes JMP 6E404DDC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtNotifyChangeKey 77B149B4 5 Bytes JMP 6E4050FB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtNotifyChangeMultipleKeys 77B149C4 5 Bytes JMP 6E405189 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtOpenFile 77B14A04 5 Bytes JMP 6E408A64 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtOpenKey 77B14A34 5 Bytes JMP 6E40543B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryAttributesFile 77B14BA4 5 Bytes JMP 6E408761 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryDirectoryFile 77B14C04 5 Bytes JMP 6E4075E6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryFullAttributesFile 77B14C54 5 Bytes JMP 6E4087D1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryKey 77B14D04 5 Bytes JMP 6E404E81 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryMultipleValueKey 77B14D14 5 Bytes JMP 6E4050A8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryObject 77B14D34 5 Bytes JMP 6E409D1D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQuerySecurityObject 77B14D94 5 Bytes JMP 6E409C61 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtQueryValueKey 77B14E24 5 Bytes JMP 6E404F54 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtRenameKey 77B14F14 5 Bytes JMP 6E40559F C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtSetInformationFile 77B15134 5 Bytes JMP 6E408841 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtSetInformationKey 77B15154 5 Bytes JMP 6E404EE7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtSetSecurityObject 77B15204 5 Bytes JMP 6E409D7A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ntdll.dll!NtSetValueKey 77B152A4 5 Bytes JMP 6E404FFA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!CreateProcessW 778C1BF3 5 Bytes JMP 6E3E2337 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!CreateProcessA 778C1C28 5 Bytes JMP 6E3E2475 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!LoadLibraryExW 778E9109 7 Bytes JMP 6E3E2E8C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!SetDllDirectoryW 77952467 5 Bytes JMP 6E3E3300 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!SetDllDirectoryA 779524FD 5 Bytes JMP 6E3E3633 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] kernel32.dll!WinExec 77955CF7 5 Bytes JMP 6E3E2A2E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] GDI32.dll!AddFontResourceW 7726CC93 5 Bytes JMP 6E3F0AB4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] GDI32.dll!AddFontResourceA 7726CFBF 5 Bytes JMP 6E3F0A98 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!StartServiceA 777FA24D 7 Bytes JMP 6E3F379E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!CreateProcessAsUserA 777FCEB9 5 Bytes JMP 6E3E27ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!CreateProcessAsUserW 77811EE9 5 Bytes JMP 6E3E26AB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!OpenSCManagerA 77812D93 7 Bytes JMP 6E3F31B4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!OpenServiceA 77812EBD 7 Bytes JMP 6E3F3323 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!StartServiceW 77813E0B 7 Bytes JMP 6E3F3708 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceStatusEx 77814FFE 7 Bytes JMP 6E3F39AC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceConfigW 778150A4 7 Bytes JMP 6E3F4448 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceConfigA 778151AD 7 Bytes JMP 6E3F44E1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!OpenSCManagerW 77817137 7 Bytes JMP 6E3F3128 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!CloseServiceHandle 778182A5 7 Bytes JMP 6E3F3BB6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!OpenServiceW 77818354 7 Bytes JMP 6E3F3297 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceStatus 7781842C 7 Bytes JMP 6E3F3919 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!CreateServiceW 77839EB4 7 Bytes JMP 6E3F3421 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ControlService 77839FB8 7 Bytes JMP 6E3F388D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!DeleteService 7783A07E 7 Bytes JMP 6E3F3C44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!GetServiceDisplayNameW 7783B0B3 7 Bytes JMP 6E3F4297 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!GetServiceKeyNameW 7783B164 7 Bytes JMP 6E3F40E6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumServicesStatusExA 7783B31B 7 Bytes JMP 6E3F4A26 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ControlServiceExA 7787662E 7 Bytes JMP 6E3F2BDA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ControlServiceExW 77876741 7 Bytes JMP 6E3F2B61 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumServicesStatusExW 77876909 7 Bytes JMP 6E3F4960 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumServicesStatusA 77876B47 7 Bytes JMP 6E3F48A2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceObjectSecurity 77876C21 7 Bytes JMP 6E3F46B2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!SetServiceObjectSecurity 77876CD9 7 Bytes JMP 6E3F474E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ChangeServiceConfigA 77876DD9 7 Bytes JMP 6E3F3DB7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ChangeServiceConfigW 77876F81 7 Bytes JMP 6E3F3CD2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ChangeServiceConfig2A 77877099 7 Bytes JMP 6E3F4050 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!ChangeServiceConfig2W 778771E1 7 Bytes JMP 6E3F3FBA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!CreateServiceA 778772A1 7 Bytes JMP 6E3F34F7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumDependentServicesA 77877505 7 Bytes JMP 6E3F3AFF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumDependentServicesW 778775D9 7 Bytes JMP 6E3F3A48 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!GetServiceDisplayNameA 778776B1 7 Bytes JMP 6E3F434F C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!GetServiceKeyNameA 77877759 7 Bytes JMP 6E3F419E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceConfig2A 77877891 7 Bytes JMP 6E3F4616 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!QueryServiceConfig2W 77877A19 7 Bytes JMP 6E3F457A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ADVAPI32.dll!EnumServicesStatusW 77877F61 5 Bytes JMP 6E3F47E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoRegisterPSClsid 761E2746 5 Bytes JMP 6E3FA1FE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoResumeClassObjects + 7 761F2C12 7 Bytes JMP 6E3FA7CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoRegisterClassObject 761F7DBE 5 Bytes JMP 6E3FB27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!OleInitialize 761FEE4B 5 Bytes JMP 6E3FA539 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!OleRun 761FF3F4 5 Bytes JMP 6E3FA68A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoGetPSClsid 76201B2B 5 Bytes JMP 6E3FA376 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoGetClassObject 7621FAE8 5 Bytes JMP 6E3FB5E2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoRevokeClassObject 7622B109 5 Bytes JMP 6E3F9DE0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoCreateInstance 76239F3E 5 Bytes JMP 6E3FC8B0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoCreateInstanceEx 76239F81 5 Bytes JMP 6E3FAC12 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoInitializeEx 7623ADFB 5 Bytes JMP 6E3FA3E9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoUninitialize 7623D309 5 Bytes JMP 6E3FA46B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoSuspendClassObjects + 7 762419A9 7 Bytes JMP 6E3FA6FA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!OleUninitialize 7625B90D 6 Bytes JMP 6E3FA5A9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!CoGetInstanceFromFile 7628C595 5 Bytes JMP 6E3FBAA2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5508] ole32.dll!OleRegEnumFormatEtc 762D5657 5 Bytes JMP 6E3FA614 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Library Q:\140062.deu\Office14\MAPIPH.DLL (*** hidden *** ) @ C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe [3168] 0x65B00000 Library Q:\140062.deu\Office14\OLMAPI32.dll (*** hidden *** ) @ C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe [3168] 0x64790000 Library c:\windows\system32\n (*** hidden *** ) @ C:\Windows\Explorer.EXE [3640] 0x45670000 ---- EOF - GMER 1.0.15 ---- |
:hallo: Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
|
Hallo Marius, vielen lieben Dank, dass du mir bei meinem Problem hilfst! Ich habe eben nach deiner Anweisung das ComboFix ausgeführt. Hier ist die combofix.txt: Danke nochmal und bis später! Liebe Grüße, Rozel Combofix Logfile: Code: ComboFix 12-06-03.05 - Comp Admin 04.06.2012 19:09:02.1.2 - x86 |
MBAM Downloade Dir bitte Malwarebytes
|
Hallo Marius, das ist die mbam_Log Datei. Liebe Grüße, Rozel Malwarebytes Anti-Malware (Trial) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: v2012.06.05.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Comp Admin :: *** [administrator] Protection: Disabled 5.6.2012 16:55:52 mbam-log-2012-06-05 (16-55-52).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 435747 Time elapsed: 2 hour(s), 56 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\***\AppData\Local\{501f786a-755e-e538-1038-2a28534a3915}\n (Trojan.Dropper.PE4) -> Delete on reboot. C:\Users\***\AppData\Local\{501f786a-755e-e538-1038-2a28534a3915}\U\00000001.@ (Trojan.Small) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\{501f786a-755e-e538-1038-2a28534a3915}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully. C:\Users\***\AppData\Local\{501f786a-755e-e538-1038-2a28534a3915}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Users\***\Desktop\Downloads\SoftonicDownloader_fuer_dev-c.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully. (end) |
adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
Guten Morgen! :-) Das ist adw Log: # AdwCleaner v1.608 - Logfile created 06/06/2012 at 08:22:05 # Updated 27/05/2012 by Xplode # Operating system : Windows Vista (TM) Ultimate Service Pack 2 (32 bits) # User : Comp Admin - *** # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\Conduit ***** [Registry] ***** Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKLM\SOFTWARE\AppDataLow\Software\Conduit ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v [Unable to get version] -\\ Google Chrome v [Unable to get version] ************************* AdwCleaner[R1].txt - [827 octets] - [06/06/2012 08:22:05] ########## EOF - \AdwCleaner[R1].txt - [954 octets] ########## |
Schritt 1: Onlinescan zur Kontrolle ESET Online Scanner
|
Hi Marius, ESET ist jetzt fertig mit dem Scannen. Es kam die Meldung, dass nichts gefunden wurde. Gibt es deshalb keine Log Datei, oder ich kann sie nicht finden? :-) Liebe Grüße, Rozel |
Poste mir bitte die extras.txt von OTL. Du findest sie im Verzeichnis C:\_OTL. |
Ich kann sie dort nicht finden :-( Und auch über die Suche nicht... |
Neues OTL-Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: activex
|
Hi, ich habe 3 Mal Quick Scan ausgeführt und habe immer noch nicht die extras.txt :-( Das ist OTL.txt:OTL Logfile: Code: OTL logfile created on: 06.06.2012 17:06:05 - Run 6 |
Drücke statt dem Quick Scan- den Scan-Button! :) |
Ooops sorry :-) Stand so in der Anleitung ;-) So jetzt aber die beiden: :-D OTL:OTL Logfile: Code: OTL logfile created on: 11.06.2012 08:04:27 - Run 7Extras:OTL Logfile: Code: OTL Extras logfile created on: 11.06.2012 08:04:27 - Run 7 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:06 Uhr. |
Copyright ©2000-2025, Trojaner-Board
