Malware entfernen?

Dieses Thema Malware entfernen? im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von eos, 22. Juli 2010.

Thema: Malware entfernen? Hi, ein Bekannter hat mir sein NB gebracht - das hatte er verliehen und nun ist dieses Biest drauf Antivir Solution...

  1. eos
    eos
    Hi, ein Bekannter hat mir sein NB gebracht - das hatte er verliehen und nun ist dieses Biest drauf
    Antivir Solution Pro
    Neuinstallation erforderlich?HuhHuh?
    Oder kann ich es versuchen zu bereinigen?
    Er sagt, dass er keine wichtigen Daten auf der Platte hat - aber Acer - nicht mal RecoveryDVD........Vista HP32. Soll ich platt machen?
     
  2. Hi :)

    http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_otl

    CustomScan mit OTL

    • Starte bitte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und als Administrator ausführen wählen.
    • Kopiere nun den Inhalt in die [​IMG] Textbox.
    Code:
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    
    • Schließe alle Programme. (Wichtig)
    • Klicke auf den Quick Scan Button.
    • Klick auf [​IMG].
    • Kopiere den Inhalt aus OTL.txt und Extras.txt hier in Deinen Thread.

    =========

    http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_gm

    Gmer bitte nach Anleitung laufen lassen und das Logfile hier posten :)

    ===========

    http://www.bleepingcomputer.com/forums/index.php?showtopic=324806&view=findpost&p=1848420

    Bitte MBRCheck laden und laufen lassen. Falls Probleme mit dem englischen Text bestehen einfach Bescheid geben.


    Und alle Logfiles bitte in Spoiler-Tags posten :)
     
  3. eos
    eos
    Mach es nachher - bin total im Stress - mein Banking-Programm will nicht mehr starten und ich brauch es dringend!
    Bitte habt Geduld mit Oma......
     
  4. ;D ;D ;D
     
  5. eos
    eos
    Dauert alles noch - habe 3 Baustellen - und alles dauuuuuuuuuert.....

    Der Ausleihende war so freundlich, dem Besitzer ungefragt alle mögliche Software zu installieren - fremden Drucker, Apple-Sachen und und und
    Habe das alles erstmal entfernt - und SP2 installiert usw.

    Bin jetzt soweit, dass ich OTL laufen lassen kann - nur verstellt es sich nach Beginn des QuickScan - zB
    setzt sich zurück - Scanzeitraum geht auf 90 Tage und rechts unten sind in beiden Kästchen Haken drin........
    Und nach Neustart hatte sich das böse Teil wieder gemeldet mit Warnungen und Aufforderung zu neuer Installation der ProVersion - danach ging erstmal wieder nix - konnte nicht mal ne Textdatei dauerhaft offen halten - es nervt!!!!!!!!

    Ich versuch es trotzdem brav weiter - denn ohne das KaufMalwarezeug lief gar nix mehr - keine einzige exe ging - man konnte NICHTS machen.
    Ich nenn sowas mal doch kriminell. Erpressung zur Installation und Kauf von Malware für Basisversion 50 - die läuft aber nur mit Upgrade auf Pro für 70 Piepen. Toll - grrrrrrrrrrrr
     
  6. eos
    eos
    So - erster Lauf von OTL - Ergebnisse
    OTL logfile created on: 23.07.2010 04:51:57 - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Desktop\AntiMalware
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
    7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 144,04 Gb Total Space | 115,56 Gb Free Space | 80,22% Space Free | Partition Type: NTFS
    Drive D: | 140,50 Gb Total Space | 140,39 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USER-PC
    Current User Name: user
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - C:\Users\user\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
    PRC - C:\Users\user\AppData\Local\ickmfiqrv\qorcibltssd.exe ()
    PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
    PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    PRC - C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
    PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
    PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
    PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
    PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
    PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    PRC - C:\ACER\Mobility Center\MobilityService.exe ()
    PRC - C:\Windows\PLFSetI.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\user\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
    SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
    SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
    SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
    SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
    DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
    DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
    DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
    DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
    DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
    DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
    DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
    DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
    DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
    DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
    DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
    DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
    DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
    DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
    DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0



    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5530
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.07 18:47:20 | 000,000,000 | ---D | M]
     
  7. eos
    eos
    O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-772419714-465867292-1252962964-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [{12239928-8A3D-80EC-268D-D5669DDAD859}] C:\Users\user\AppData\Roaming\Axazeg\qefyu.exe File not found
    O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [AVSolution] C:\Program Files\Antivir Solution Basic\avsolution.exe ()
    O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [excqvjfl] C:\Users\user\AppData\Local\ickmfiqrv\qorcibltssd.exe ()
    O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [userinit] C:\Users\user\AppData\Roaming\sdra64.exe File not found
    O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
    O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{3ba57094-ea6a-11de-9d63-001eec5c8dc0}\Shell - = AutoRun
    O33 - MountPoints2\{3ba57094-ea6a-11de-9d63-001eec5c8dc0}\Shell\AutoRun\command - = F:\NokiaPCIA_Autorun.exe -- File not found
    O33 - MountPoints2\{f1af926a-b5c1-11de-aa57-001eec5c8dc0}\Shell - = AutoRun
    O33 - MountPoints2\{f1af926a-b5c1-11de-aa57-001eec5c8dc0}\Shell\AutoRun\command - = F:\AutoRun.exe -- File not found
    O33 - MountPoints2\{f1af9279-b5c1-11de-aa57-001eec5c8dc0}\Shell - = AutoRun
    O33 - MountPoints2\{f1af9279-b5c1-11de-aa57-001eec5c8dc0}\Shell\AutoRun\command - = F:\AutoRun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- %1 %*
    O35 - HKLM\..exefile [open] -- %1 %*
    O37 - HKLM\...com [@ = comfile] -- %1 %*
    O37 - HKLM\...exe [@ = exefile] -- %1 %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010.07.23 04:25:05 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
    [2010.07.23 04:04:26 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
    [2010.07.23 04:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
    [2010.07.23 04:00:27 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe
    [2010.07.23 04:00:27 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe
    [2010.07.23 04:00:27 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe
    [2010.07.23 03:58:03 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
    [2010.07.23 03:57:02 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\AntiMalware
    [2010.07.23 01:36:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LOGS
    [2010.07.23 00:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010.07.23 00:50:33 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\System32\deployJava1.dll
    [2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
    [2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
    [2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
    [2010.07.22 21:26:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2010.07.22 20:48:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
    [2010.07.22 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Seven Zip
    [2010.07.22 18:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Antivir Solution Basic
    [2010.07.22 16:29:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ickmfiqrv
    [2010.07.21 18:15:11 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Roaming\lowsec
    [2010.07.14 16:36:31 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [2010.06.09 17:06:56 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
    [2010.05.29 16:16:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
    [2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 90 Days ==========

    [2010.07.23 04:52:37 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\jqmghmj.sys
    [2010.07.23 04:51:53 | 002,621,440 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
    [2010.07.23 04:38:36 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Antivir Solution Basic.lnk
    [2010.07.23 04:34:29 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010.07.23 04:34:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2010.07.23 04:34:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010.07.23 04:34:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2010.07.23 04:34:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010.07.23 04:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2010.07.23 04:28:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010.07.23 04:28:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010.07.23 04:27:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010.07.23 04:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010.07.23 04:24:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2010.07.23 04:24:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010.07.23 04:24:39 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
    [2010.07.23 04:24:39 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
    [2010.07.23 04:24:36 | 002,447,281 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
    [2010.07.23 04:01:51 | 000,000,201 | ---- | M] () -- C:\Users\user\Desktop\Startup - Verknüpfung.lnk
    [2010.07.23 04:00:15 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll
    [2010.07.23 04:00:15 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe
    [2010.07.23 04:00:15 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe
    [2010.07.23 04:00:15 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe
    [2010.07.23 00:46:56 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Java - Verknüpfung.lnk
    [2010.07.22 22:24:40 | 000,296,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010.07.22 20:43:26 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\System - Verknüpfung.lnk
    [2010.07.22 20:43:15 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Programme und Funktionen - Verknüpfung.lnk
    [2010.07.22 20:43:01 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Geräte-Manager - Verknüpfung.lnk
    [2010.07.22 19:47:14 | 000,000,527 | ---- | M] () -- C:\Users\user\Desktop\Temp - Verknüpfung (2).lnk
    [2010.07.22 19:16:47 | 000,000,798 | ---- | M] () -- C:\Users\user\Desktop\Temp - Verknüpfung.lnk
    [2010.07.22 19:10:07 | 000,071,400 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010.07.22 17:27:53 | 000,000,104 | ---- | M] () -- C:\Users\user\Desktop\Computer - Verknüpfung.lnk
    [2010.07.01 17:21:09 | 000,001,832 | ---- | M] () -- C:\Users\user\Desktop\Cyberlink PowerDirector.lnk
    [2010.06.29 17:40:10 | 000,005,632 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010.05.29 16:16:33 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.6.lnk
    [2010.05.04 04:58:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
    [2010.04.24 14:30:43 | 000,000,486 | ---- | M] () -- C:\Users\user\Documents\message-delivery-status-attachment

    ========== Files Created - No Company Name ==========

    [2010.07.23 04:38:36 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Antivir Solution Basic.lnk
    [2010.07.23 04:24:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2010.07.23 04:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2010.07.23 04:01:51 | 000,000,201 | ---- | C] () -- C:\Users\user\Desktop\Startup - Verknüpfung.lnk
    [2010.07.23 04:01:21 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Startup.cpl
    [2010.07.23 00:46:56 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Java - Verknüpfung.lnk
    [2010.07.22 20:47:03 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010.07.22 20:43:26 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\System - Verknüpfung.lnk
    [2010.07.22 20:43:15 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Programme und Funktionen - Verknüpfung.lnk
    [2010.07.22 20:43:01 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Geräte-Manager - Verknüpfung.lnk
    [2010.07.22 19:47:14 | 000,000,527 | ---- | C] () -- C:\Users\user\Desktop\Temp - Verknüpfung (2).lnk
    [2010.07.22 19:16:47 | 000,000,798 | ---- | C] () -- C:\Users\user\Desktop\Temp - Verknüpfung.lnk
    [2010.07.22 17:27:53 | 000,000,104 | ---- | C] () -- C:\Users\user\Desktop\Computer - Verknüpfung.lnk
    [2010.07.22 16:30:52 | 000,767,488 | ---- | C] () -- C:\Windows\System32\drivers\jqmghmj.sys
    [2010.05.29 16:16:33 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.6.lnk
    [2010.04.24 14:30:42 | 000,000,486 | ---- | C] () -- C:\Users\user\Documents\message-delivery-status-attachment
    [2009.09.11 18:21:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009.04.21 18:39:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009.04.21 18:39:10 | 000,000,025 | ---- | C] () -- C:\Windows\CSES20.ini
    [2008.09.30 06:48:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2008.09.30 06:48:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
    [2008.08.21 08:05:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008.05.21 00:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
    [2008.05.21 00:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
    [2008.05.20 23:20:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2008.05.20 23:15:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2008.05.20 22:59:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
    [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
    [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
    [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

    ========== LOP Check ==========

    [2008.05.20 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer GameZone Console
    [2010.07.09 16:31:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Axazeg
    [2009.04.23 16:16:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eSobi
    [2010.07.22 19:09:39 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\lowsec
    [2009.04.21 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
    [2010.07.06 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xaum
    [2010.07.23 04:25:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008.05.21 08:34:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008.09.30 07:55:19 | 000,000,020 | ---- | M] () -- C:\Medion.ini
    [2010.07.23 04:26:41 | 3768,049,664 | -HS- | M] () -- C:\pagefile.sys
    [2008.09.30 07:49:28 | 000,000,060 | ---- | M] () -- C:\Partition.txt
    [2008.05.20 23:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008.07.08 17:26:16 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
    [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
    [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010.07.23 04:55:04 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\jqmghmj.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 64 bytes -> C:\Users\user\Documents\TruckersinPolen.mpg:TOC.WMV
    @Alternate Data Stream - 64 bytes -> C:\Users\user\Documents\tier-sex.mpeg:TOC.WMV
    < End of report >
     
  8. eos
    eos
    Hier die Extras
    OTL Extras logfile created on: 23.07.2010 04:51:57 - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Desktop\AntiMalware
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
    7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 144,04 Gb Total Space | 115,56 Gb Free Space | 80,22% Space Free | Partition Type: NTFS
    Drive D: | 140,50 Gb Total Space | 140,39 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USER-PC
    Current User Name: user
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- %1 %*
    cmdfile [open] -- %1 %*
    comfile [open] -- %1 %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
    exefile [open] -- %1 %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML %1
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
    piffile [open] -- %1 %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- %1 /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /k takeown /f %1 /r /d j && icacls %1 /grant administratoren:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1
    AntiVirusDisableNotify = 0
    AntiVirusOverride = 0
    UpdatesDisableNotify = 0
    FirstRunDisabled = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    DisableMonitoring = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    AntiVirusOverride = 0
    AntiSpywareOverride = 0
    FirewallOverride = 0
    VistaSp1 = Reg Error: Unknown registry data type -- File not found
    VistaSp2 = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-772419714-465867292-1252962964-1000]
    EnableNotifications = 0
    EnableNotificationsRef = 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    EnableFirewall = 1
    DisableNotifications = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    {0FBDCDB9-F380-4520-A8CB-C034C7CA4A63} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    {10B8FC8B-1E2A-474F-88B5-1D185C009437} = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    {13DE1542-C1CE-4DFF-94F0-BD704E111E66} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    {1A3B5D4C-0CDF-4ECE-8B17-25AC4CB85BF7} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    {24DC5CB8-203B-407E-B201-F1546FEC58DA} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    {26894E16-EA26-4AB5-90C4-D77BBAC908C7} = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    {2BE4001C-57D3-4D7D-A865-0522CD79E0F0} = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    {34E8E5D4-6F8B-44F8-8086-B96DFA171DAD} = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    {3676BA2E-F21A-4965-8B37-EA9A16A27B7F} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    {48EFE0A7-2A72-4172-BEA8-6CC6577F73B6} = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    {5CE31F69-2E47-464F-B52F-AE4E6145DBAF} = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\3lfc1uzr\sweetimsetup[1].exe |
    {5D09B968-7EAF-4953-851F-98A48440CDD1} = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    {616C5AD6-1C20-44B2-8968-3BB3D5A67497} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    {639E9FA3-F1A9-4B1B-B4D8-96F3FC2ABB2C} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    {6F79610E-F3A4-4FB3-8B9D-CAE11FBE57F7} = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\3lfc1uzr\sweetimsetup[1].exe |
    {70776BD7-A543-477E-A80B-847500D0180D} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    {957512EE-4688-470F-86D8-6C2353D8ED56} = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    {B83EE49C-839E-4A26-A4FD-7525A3FF049C} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    {C5C32A12-689F-430F-B7BF-BCD7CEF536A6} = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    {CB2E9942-304A-47DA-81ED-BAD46CCB22BF} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    {DFC6D5F5-FAC5-488E-9F33-E359CDA82BC7} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    {E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    {F3F36A31-F98F-4C57-B103-8C1BC24C5C5D} = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    {F92615D4-AA45-49CC-8CD2-2AF59A36BD7C} = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    TCP Query User{392177FB-F1B3-41D8-AF34-73BAA44266CC}C:\windows\explorer.exe = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    TCP Query User{39788365-BB78-44D5-8C69-5725A5999871}C:\windows\explorer.exe = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    UDP Query User{73B75E14-51A7-4614-96B4-5DDE8943008E}C:\windows\explorer.exe = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    UDP Query User{DF91BF52-6E6C-410D-929C-8CAF170F933F}C:\windows\explorer.exe = protocol=17 | dir=in | app=c:\windows\explorer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
  9. eos
    eos
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    {000BDCDA-F41C-0D45-3B1A-936F0B4ACE5B} = CCC Help Hungarian
    {052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    {06006FA0-1195-3E80-7C71-9F45F6CCDE6A} = CCC Help Greek
    {07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1} = hpWLPGInstaller
    {11316260-6666-467B-AC34-183FCB5D4335} = Acer Mobility Center Plug-In
    {12EFA1A4-AC3B-443C-8143-237EDE760403} = NTI Backup Now Standard
    {13D85C14-2B85-419F-AC41-C7F21E68B25D} = Acer eSettings Management
    {17D46D1F-97F3-9557-23F3-E799D7AB1594} = ccc-core-static
    {17E12C4B-7822-18E7-9901-E56B71100454} = ccc-utility
    {203E564A-51E6-44E5-9DF9-8D0AD66E401D} = DJ_SF_05_D2600_Software_Min
    {21A2F5EE-1DC5-488A-BE7E-E526F8C61488} = DeviceDiscovery
    {2413930C-8309-47A6-BC61-5EF27A4222BC} = NTI Media Maker 8
    {2637C347-9DAD-11D6-9EA2-00055D0CA761} = Acer Arcade Deluxe
    {26604C7E-A313-4D12-867F-7C6E7820BE4C} = JMicron JMB38X Flash Media Controller
    {26A24AE4-039D-4CA4-87B4-2F83216021FF} = Java(TM) 6 Update 21
    {2DA19D59-E9B9-ABF5-A7CB-EA1BEDF2C0FC} = Catalyst Control Center Localization Thai
    {2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C} = BufferChm
    {318B26D1-46E8-A84F-2758-521C3C32346E} = Catalyst Control Center Graphics Light
    {31A9C52D-8663-55B3-B22F-D5721F7666D9} = Catalyst Control Center Localization Danish
    {3C3901C5-3455-3E0A-A214-0B093A5070A6} = Microsoft .NET Framework 4 Client Profile
    {40FAE967-C659-865C-0030-74A8280CE48E} = Catalyst Control Center Localization Swedish
    {41E9864B-785A-D312-7030-FB20B14F9246} = Catalyst Control Center Graphics Full Existing
    {43361F3E-430A-B80D-248B-76B62C8D5384} = CCC Help Portuguese
    {43CDF946-F5D9-4292-B006-BA0D92013021} = WebReg
    {45193025-C4C4-967C-7D09-085E2C678B12} = CCC Help German
    {494FE3AD-6A66-7607-C29A-E4B8A817F281} = CCC Help Czech
    {4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
    {4A1B7E9B-6C41-8EE8-B55F-264DEC2BF22C} = Catalyst Control Center Localization Dutch
    {4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} = SolutionCenter
    {4ABA5E02-4580-3A2D-18C9-19D93978F04E} = Catalyst Control Center Localization Korean
    {4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} = Microsoft Works
    {5179AAED-D78F-E989-801A-7825F97AB674} = CCC Help Russian
    {5444EA18-A034-0B0D-37EA-6AE8DFA131EC} = CCC Help Spanish
    {56DC1BB7-D46A-2F8D-7AC9-E4D68AA8DF02} = Catalyst Control Center Localization Turkish
    {57265292-228A-41FA-9AEC-4620CBCC2739} = Acer eAudio Management
    {58E5844B-7CE2-413D-83D1-99294BF6C74F} = Acer ePower Management
    {5EC85130-EB97-3602-400F-6029B629F7A0} = Catalyst Control Center Localization German
    {63FF21C9-A810-464F-B60A-3111747B1A6D} = GPBaseService2
    {68A10D12-0D0F-4212-BDE6-D87FAD32A8FA} = SmartWebPrinting
    {6A9E4582-7BDB-AD2C-8A04-0CDD0FE29637} = CCC Help French
    {6BBA26E9-AB03-4FE7-831A-3535584CA002} = Toolbox
    {6CCDCF6B-7BB2-022F-ACEB-9649CE0C3C9E} = CCC Help English
    {7059BDA7-E1DB-442C-B7A1-6144596720A4} = HP Update
    {72DCCB90-294C-FBCA-824B-49D54A0090B4} = Catalyst Control Center Graphics Full New
    {73072CA1-5B40-21BB-47DC-38F64589EBA3} = CCC Help Italian
    {73EFC5C1-2926-54F0-43FD-3D88076A7DFC} = CCC Help Finnish
    {775290AD-C54E-418C-9564-A10836F42C1C} = D2600
    {79BE93D6-4043-8914-BC76-6C8A6FE2F400} = CCC Help Swedish
    {7F0696F2-39F5-DA17-7501-6C6D37BD50E4} = CCC Help Thai
    {7F811A54-5A09-4579-90E1-C93498E230D9} = Acer eRecovery Management
    {802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6} = Catalyst Control Center - Branding
    {80D3CFFD-4CB5-47A1-8779-11A720A9ADB2} = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
    {81CB77FF-9789-4337-A46E-185F7876AC40} = Adobe Photoshop Lightroom 2.6
    {85DDD70F-2EAE-550C-1F09-8CADFB2F7BD4} = Catalyst Control Center Localization Polish
    {8949C868-DCE2-8D4F-8BF3-441031F8B4BF} = Catalyst Control Center Localization Greek
    {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
    {8F1B6239-FEA0-450A-A950-B05276CE177C} = Acer Empowering Technology
    {8FE6FD04-1F8D-2132-3178-C7C71C1980C5} = Catalyst Control Center Localization Japanese
    {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} = 32 Bit HP CIO Components Installer
    {98834478-C82D-687B-36DB-E9B15C48C7C3} = CCC Help Polish
    {9D521657-32BD-5C20-D739-D6A28EC21004} = Catalyst Control Center Localization Chinese Standard
    {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} = ALPS Touch Pad Driver
    {A3AB35FA-943E-4799-99DC-46EFD59E998F} = AMD USB Audio Driver Filter
    {A3AE2198-5EC2-1C86-3DF3-24FB352A22CC} = CCC Help Japanese
    {A5633652-3795-4829-BB0B-644F0279E279} = Acer eDataSecurity Management
    {A6F830C0-50C5-E5FE-4B6B-B285178E9139} = Catalyst Control Center Localization Czech
    {A77255C4-AFCB-44A3-BF0F-2091A71FFD9E} = Acer Crystal Eye Webcam 2.0.8
    {ABAD548B-C77B-0DD7-3533-17BF30EEFA4D} = CCC Help Korean
    {AE8705FB-E13C-40A9-8A2D-68D6733FBFC2} = Status
    {B512B38C-6391-F0A3-DC04-5E9006280619} = Catalyst Control Center Localization French
    {B7273DAD-1972-0971-C126-B54B63D7F207} = Catalyst Control Center InstallProxy
    {B9B2088C-3629-FC4E-9AB4-AA6A832C070B} = Catalyst Control Center Localization Hungarian
    {BA94B209-9B88-C24E-1A11-0AE1D82768CF} = CCC Help Chinese Standard
    {BDBED9FE-66E4-30D2-91FB-9EF360926B07} = Catalyst Control Center Localization Italian
    {C10AA441-5EF2-1A5A-CD1A-002A49C32DFD} = CCC Help Dutch
    {C1935A92-CCFC-17A5-7DE5-3961F2A987A1} = Catalyst Control Center Localization Russian
    {C43326F5-F135-4551-8270-7F7ABA0462E1} = HPProductAssistant
    {C6AC8645-DE33-5563-60D2-27E83AA6BADF} = CCC Help Turkish
    {C70C0EE6-4A66-0442-0EE4-F8A6BBFF8956} = Catalyst Control Center Localization Finnish
    {C73AA7F7-0ACA-327B-B15F-B5199F44CBBF} = Catalyst Control Center Localization Spanish
    {C75CDBA2-3C86-481e-BD10-BDDA758F9DFF} = hpPrintProjects
    {C78EAC6F-7A73-452E-8134-DBB2165C5A68} = QuickTime
    {CAE4213F-F797-439D-BD9E-79B71D115BE3} = HPPhotoGadget
    {CB099890-1D5F-11D5-9EA9-0050BAE317E1} = PowerDirector
    {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
    {CE386A4E-D0DA-4208-8235-BCE43275C694} = LightScribe 1.4.142.1
    {D36DD326-7280-11D8-97C8-000129760CBE} = PhotoNow!
    {D9534EEA-F733-F153-BA56-8B0ACDAD827D} = CCC Help Norwegian
    {DC0A5F99-FD66-433F-9D3A-05DCBA64BE42} = TrayApp
    {DC137490-B154-9DAE-DC95-3C6A9E3BE802} = Catalyst Control Center Localization Norwegian
    {DE62F674-72FA-841A-10BD-2FC04844BB07} = Catalyst Control Center Localization Chinese Traditional
    {DF320EE9-D279-0B91-A036-7707D653672A} = Catalyst Control Center Core Implementation
    {E23131B3-2465-9263-CCFF-E40C52B5AAF0} = CCC Help Danish
    {ECE1EE17-9068-A1ED-BEAE-26F54EF14F83} = ATI Catalyst Install Manager
    {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
    {F750C986-5310-3A5A-95F8-4EC71C8AC01C} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    {F8B97782-A1EE-4292-D3A1-6413144FF450} = Catalyst Control Center Localization Portuguese
    {FAE73242-6582-B839-0E5C-199AE2B72C40} = CCC Help Chinese Traditional
    5D38134BF8A10D640B30E6B014EECDBC5F881E3D = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    7-Zip = 7-Zip 4.65
    Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
    Antivir Solution Basic = Antivir Solution Basic
    CNXT_MODEM_HDA_HSF = HDAUDIO Soft Data Fax Modem with SmartCP
    GridVista = Acer GridVista
    HP Imaging Device Functions = HP Imaging Device Functions 13.0
    HP Print Projects = HP Print Projects 1.0
    HP Smart Web Printing = HP Smart Web Printing 4.5
    HP Solution Center & Imaging Support Tools = HP Solution Center 13.0
    InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403} = NTI Backup Now 5
    InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} = NTI Media Maker 8
    InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} = Acer Arcade Deluxe
    InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} = PowerDirector
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    Mobile Partner = Mobile Partner
    Unlocker = Unlocker 1.9.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 19.07.2010 10:37:38 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 19.07.2010 11:45:50 | Computer Name = user-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19.07.2010 11:45:53 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 19.07.2010 11:45:54 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 19.07.2010 11:45:54 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 20.07.2010 11:26:38 | Computer Name = user-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20.07.2010 11:26:41 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 20.07.2010 11:26:42 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 20.07.2010 11:26:42 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 20.07.2010 12:54:44 | Computer Name = user-PC | Source = EventSystem | ID = 4621
    Description =

    [ System Events ]
    Error - 22.07.2010 17:26:00 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 22.07.2010 17:26:00 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22.07.2010 17:46:49 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 22.07.2010 17:47:11 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22.07.2010 19:01:24 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 22.07.2010 19:02:06 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22.07.2010 20:02:45 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 22.07.2010 20:03:01 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 22.07.2010 22:27:59 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description =

    Error - 22.07.2010 22:28:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    Und nun rennt Gmer - und läuft und läuft und läuft........
     
Die Seite wird geladen...

Malware entfernen? - Ähnliche Themen

Forum Datum
Viren/Malware: Browserweiterleitungen Windows 10 Forum 1. Juli 2016
Spybot meldet: Win32.Downloader.gen - Malware, Avast findet nichts Viren, Trojaner, Spyware etc. 1. Juni 2013
PC nach Malware-Befall neu aufsetzen? Windows XP Forum 17. Mai 2013
Malwarebytes meint Befall - was meinen die Spezialisten? Viren, Trojaner, Spyware etc. 4. Nov. 2012
Malwarebytes Anti-Malware meldet aus- u. eingehenden verdächtigen Verkehr Viren, Trojaner, Spyware etc. 6. Mai 2012