Bundespolizei Trojaner - weg nach Systemwiederherstellung?
Hallo ihr. Ich habe das gleiche Problem wie jener User in diesem Thread, auf den ich leider nicht antworten konnte, was ich sonst lieber getan hätte, als ein neues Thema zu erstellen: http://www.trojaner-board.de/102459-...rstellung.html
Der Trojaner scheint ruhig nach der Wiederherstellung des Systems auf ein älteres Datum, auch nach einem Runter und wieder Hochfahren, doch ich möchte lieber sicher gehen.
Ich habe die Schritte die in dem alten Thread angegeben waren schon mal befolgt und poste einfach gleich mal die Logs :)
Ich hoffe ihr könnt mir weiterhelfen, will das Ding runter haben.
Hier einmal von Malware: Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.18.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
18.06.2012 14:47:48
mbam-log-2012-06-18 (14-47-48).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 184774
Laufzeit: 8 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
| Und hier nun der Log aus dem OTL:
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 18.06.2012 15:20:23 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\XXX\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 404,87 Mb Available Physical Memory | 39,96% Memory free
1,99 Gb Paging File | 1,16 Gb Available in Paging File | 58,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 52,00 Gb Total Space | 28,29 Gb Free Space | 54,41% Space Free | Partition Type: NTFS
Drive D: | 76,95 Gb Total Space | 76,85 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: GOLDEN | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0070CE78-D48D-43BB-A285-C629019AE1B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2C139EAD-F191-4418-83D0-48B1DB68B932}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{431697DD-ADD2-4C29-9811-C36E4A343832}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C9C2F111-16E3-452F-8E77-74F5086FD749}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28DC0538-7463-4400-9718-88822F02FD91}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2E0E6BDB-9D93-4A99-B1C5-B2C5F42F2514}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{33A2D829-A092-456F-AD64-8EC09A03D078}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{34CCB822-D716-4AF5-9E5B-631F751939D3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3C5D70C9-02AD-48C5-8780-5750A7CF1010}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4E7B4ADF-71AE-441D-8F71-178217FEFBF7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{666EAEF7-2C31-4B09-97BB-B073A4D46567}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{72ADF450-7CB8-4D02-963B-FCF7DCCE781C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{798652A5-5048-421E-8C22-67E7196A2A28}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B3702187-7D9A-42F8-BFCE-84226A7C03EE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CE218C06-29AA-4AC6-9E5B-B813DBF9D294}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DE433D38-F211-40B2-A386-62091E3E62E6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E5AA9444-D72F-4460-824B-889E40DAC166}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E932CD42-7A11-4EC6-841B-D2AB7DBA171D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F9A13331-7AC9-4222-824F-6FB4510A571A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{96540678-BBAE-4F49-85F3-F15389612D4D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AFC39FBC-79AF-4E16-838F-C317FE20D06D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{3CF0AC8C-38F9-4DBE-AF52-EB02655A41FE}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E7794614-6057-43DD-88FD-75554F610335}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05709317-05C6-BED8-3DE2-AB2D8EEAA485}" = twhirl
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenAL" = OpenAL
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.06.2012 11:27:22 | Computer Name = Golden | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 13.06.2012 11:34:31 | Computer Name = Golden | Source = VSS | ID = 8194
Description =
Error - 13.06.2012 14:46:29 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:46:30 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:46:53 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:48:55 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:49:16 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 14:49:18 | Computer Name = Golden | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 13.06.2012 16:48:49 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.06.2012 17:47:36 | Computer Name = Golden | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 18.06.2012 07:14:31 | Computer Name = Golden | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 18.06.2012 07:17:56 | Computer Name = Golden | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:16:50 on ?18.?06.?2012 was unexpected.
Error - 18.06.2012 07:18:44 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 07:36:14 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 07:44:50 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:02:52 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:06:45 | Computer Name = Golden | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Error - 18.06.2012 08:07:16 | Computer Name = Golden | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.
Error - 18.06.2012 08:07:23 | Computer Name = Golden | Source = DCOM | ID = 10005
Description =
Error - 18.06.2012 08:07:22 | Computer Name = Golden | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053
< End of report >
--- --- ---
Uuund noch ein log, diesmal von SUPERantiSpyware: Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/19/2012 at 01:36 AM
Application Version : 5.1.1002
Core Rules Database Version : 8757
Trace Rules Database Version: 6569
Scan type : Complete Scan
Total Scan Time : 00:29:26
Operating System Information
Windows 7 Starter 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 576
Memory threats detected : 0
Registry items scanned : 33087
Registry threats detected : 0
File items scanned : 24034
File threats detected : 7
Adware.Tracking Cookie
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\SU4L2HNG.txt [ /mediaplex.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\2RT698P2.txt [ /apmebf.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\I54NX2FE.txt [ /atdmt.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\SMU8RR56.txt [ /c.atdmt.com ]
C:\USERS\xxx\Cookies\SU4L2HNG.txt [ Cookie:xxx@mediaplex.com/ ]
C:\USERS\xxx\Cookies\2RT698P2.txt [ Cookie:xxx@apmebf.com/ ]
C:\USERS\xxx\Cookies\I54NX2FE.txt [ Cookie:xxx@atdmt.com/ ]
| |
