Wonderfulsearchsystem ( dot ) com Hack/Virus - Systemausfall und Internetverbindung

Goldensunset · 03.11.2011, 20:35

Hallo Ihr Lieben,

ich habe ein mir nicht selbst zu helfendes Problem. Seid gestern leitet mein Brwoser bzw der Virus alle über google eingebenen Suchbegriffe über den Link wonderfulsearchsystem, dazu kommt es das er selbst komplett neue Seiten aufmacht, teilweise gibts errormeldung oder ich werde auf irgendwelche payseiten geklockt, ich dachte mir OK machste den halt raus, aber Antivir ist von ihm deaktiviert worden.,

ich kann über meinen Schleppi nichts mehr laden, jede Spysoftware kann ich nicht aktivieren, ich hab offline über einen anderen Rechner Spy/malware und etliche auf meine platte gezogen, einen RootVirus ect findet er nicht, Malwarebuytes hatte vorhin Malware gefunden, ich habe es in der quarantäne gelöscht, es war irgendwas mit shell...nunhjka nach dem

Neustart ist das system nun noch schlechter, internetverbindung geht gar nicht mehr, Firefox, opera stürzen bereits beim öffnen ab, programme lässt es mich gar nicht mehr öffnen, bin ich offline gehts so, aber auch mit kampf! ich will wirklich nicht forat C machen da mein laufwerk nicht so OK ist, könnte mir einer vielleicht helfen und mal sagen, in welche Richtung ich versuchen kann das Ding zu eleminieren? Gruss Karina

markusg · 03.11.2011, 20:38

hi
also, irgendwas ist nichts, womit wir arbeiten können.
muss mir nachher das log ansehen.
gelöscht wird jetzt bitte nichts mehr ohne anleitung
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade

OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.

Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Bebilderte Anleitung: OTLpe-Scan

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

Goldensunset · 03.11.2011, 20:51

Ok, warte...ich machs mal eben

Goldensunset · 03.11.2011, 21:32

Hi, also hier der LogOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11/3/2011 10:20:42 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51.38 Gb Total Space | 7.68 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 97.67 Gb Total Space | 4.79 Gb Free Space | 4.91% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 2.15 Gb Free Space | 28.85% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/02/15 11:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/28 06:02:02 | 001,117,624 | ---- | M] (PC Tools) [Auto] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2011/10/27 16:49:32 | 000,402,336 | ---- | M] (PC Tools) [Auto] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/10/25 08:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/10/20 08:40:48 | 002,072,896 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/18 16:36:53 | 003,552,856 | ---- | M] () [Auto] -- C:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
SRV - [2011/04/28 07:48:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/17 10:21:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 13:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 05:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/18 12:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/30 07:24:18 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010/04/12 12:03:44 | 000,329,168 | ---- | M] () [Auto] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/03 19:56:41 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/27 12:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/16 07:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/08/07 06:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/07/04 06:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/09/28 08:14:02 | 000,070,760 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2011/09/06 16:39:11 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/15 11:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/02/13 20:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/13 20:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/13 20:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/12/07 08:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 08:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 08:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 08:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/22 13:09:05 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/05/15 11:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/03/02 07:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2009/08/05 17:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 20:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\irda.sys -- (irda)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 17:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/02/17 14:40:26 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009/01/09 11:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/30 05:59:02 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2008/12/13 05:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008/12/01 17:15:04 | 005,000,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/05/20 13:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/19 01:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2007/08/08 20:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2007/04/30 22:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/18 08:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdpx64.sys -- (rismxdp)
DRV - [2011/10/20 06:48:16 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\karina_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\karina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKU\karina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\karina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\karina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 DE 9C D5 1F 0E CB 01  [binary data]
IE - HKU\karina_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - Reg Error: Key error. File not found
IE - HKU\karina_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\karina_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found
IE - HKU\karina_ON_C\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - Reg Error: Key error. File not found
IE - HKU\karina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\karina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:4.0.0.0
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\karina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/11/02 23:16:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/03 13:37:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2011/11/03 13:37:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/06 08:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/06 08:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/07/06 17:51:26 | 000,000,000 | ---D | M]
 
[2010/05/07 16:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karina\AppData\Roaming\Mozilla\Extensions
[2011/11/03 15:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions
[2010/10/26 17:06:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/09/11 20:48:47 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010/09/03 19:20:40 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/09/03 22:12:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/11/02 22:02:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/11/03 13:37:28 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/19 13:29:47 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/11/03 13:37:28 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011/06/30 19:10:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\engine@conduit.com
[2011/06/30 19:10:19 | 000,000,000 | ---D | M] (preisspion.de) -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\extensions\finder@meingutscheincode.de
[2010/05/08 18:38:58 | 000,000,557 | ---- | M] () -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\searchplugins\bing.xml
[2011/10/25 15:52:54 | 000,000,943 | ---- | M] () -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\searchplugins\conduit.xml
[2011/03/19 13:29:42 | 000,003,915 | ---- | M] () -- C:\Users\karina\AppData\Roaming\Mozilla\Firefox\Profiles\s4qjjj12.default\searchplugins\sweetim.xml
[2011/11/03 15:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/11 21:49:05 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010/11/02 10:28:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/11/03 13:37:32 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES (X86)\PC TOOLS\PC TOOLS SECURITY\BDT\FIREFOX
[2011/11/03 13:37:29 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
[2010/03/30 07:19:50 | 000,111,960 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npww.dll
[2010/07/28 11:11:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/07/28 11:11:15 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/07/28 11:11:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/28 11:11:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/07/28 11:11:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found.
O3 - HKU\karina_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\karina_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SNM] D:\SpyNoMore\SNM.exe (Illysoft LLC)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\karina_ON_C..\Run: [RESTART_STICKY_NOTES]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\karina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\karina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\karina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\karina\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - karina_ON_C\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15:64bit: - karina_ON_C\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15:64bit: - karina_ON_C\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15:64bit: - karina_ON_C\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15:64bit: - karina_ON_C\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15:64bit: - karina_ON_C\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\karina_ON_C Winlogon: Shell - (C:\Users\karina\AppData\Local\d9bc9002\X) - C:\Users\karina\AppData\Local\d9bc9002\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/14 23:14:18 | 000,403,028 | ---- | M] () - D:\auto3.jpg -- [ NTFS ]
O32 - AutoRun File - [2011/09/14 23:17:27 | 001,088,299 | ---- | M] () - D:\auto4.jpg -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 07:36:54 | 000,025,214 | ---- | M] () - D:\Autorun.ico -- [ NTFS ]
O32 - AutoRun File - [2011/09/14 22:58:39 | 000,109,734 | ---- | M] () - D:\autotuer.jpg -- [ NTFS ]
O32 - AutoRun File - [2011/09/14 23:01:23 | 000,401,769 | ---- | M] () - D:\autotuer2.jpg -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0d60d968-cdda-11e0-91ae-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{0d60d968-cdda-11e0-91ae-001e101f63cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{0d60d96f-cdda-11e0-91ae-001e101f63cf}\Shell - "" = AutoRun
O33 - MountPoints2\{0d60d96f-cdda-11e0-91ae-001e101f63cf}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{420f5dbe-849c-11df-8167-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{420f5dbe-849c-11df-8167-001a9279f8b3}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{43f32c53-d592-11e0-bfc8-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{43f32c53-d592-11e0-bfc8-001a9279f8b3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ce7face9-bc89-11e0-96e8-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7face9-bc89-11e0-96e8-001a9279f8b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ce7facf6-bc89-11e0-96e8-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ce7facf6-bc89-11e0-96e8-001a9279f8b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d8ac6f9f-d3c2-11e0-ac3b-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac6f9f-d3c2-11e0-ac3b-001a9279f8b3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d8ac6fad-d3c2-11e0-ac3b-001a9279f8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{d8ac6fad-d3c2-11e0-ac3b-001a9279f8b3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/03 15:10:16 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\karina\Desktop\TDSSKiller.exe
[2011/11/03 14:03:06 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA64.sys
[2011/11/03 14:03:04 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS64.sys
[2011/11/03 14:03:03 | 000,367,912 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore64.sys
[2011/11/03 13:46:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/11/03 13:46:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/11/03 00:42:58 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/11/03 00:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/11/03 00:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyNoMore
[2011/11/02 23:49:11 | 000,070,760 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD64.sys
[2011/11/02 23:49:10 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/11/02 23:49:10 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/11/02 23:49:10 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/11/02 23:48:49 | 000,336,512 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi64.sys
[2011/11/02 23:48:49 | 000,141,312 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter64.sys
[2011/11/02 23:48:40 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix64.sys
[2011/11/02 23:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/11/02 23:48:35 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg64.sys
[2011/11/02 23:43:40 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Roaming\QuickScan
[2011/11/02 23:33:53 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD64.sys
[2011/11/02 23:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2011/11/02 23:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/11/02 23:33:05 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Roaming\TestApp
[2011/11/02 23:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/02 22:53:41 | 000,000,000 | ---D | C] -- C:\Users\karina\Documents\ForceField Shared Files
[2011/11/02 22:53:39 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Roaming\CheckPoint
[2011/11/02 22:53:01 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Local\Conduit
[2011/11/02 22:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit
[2011/11/02 22:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/02 22:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/11/02 22:52:24 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2011/11/02 22:52:20 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011/11/02 22:52:02 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/11/02 22:51:33 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011/11/02 22:51:33 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011/11/02 22:51:28 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011/11/02 22:51:26 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011/11/02 22:51:25 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011/11/02 22:51:24 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011/11/02 22:51:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011/11/02 22:51:23 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011/11/02 22:51:21 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011/11/02 22:51:15 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys
[2011/11/02 22:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/11/02 22:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/11/02 22:50:47 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011/11/02 22:50:47 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011/11/02 22:50:47 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/11/02 21:45:53 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/11/02 21:45:53 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/11/02 21:45:53 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/11/02 21:45:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011/11/02 21:45:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011/11/02 21:15:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/02 20:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/02 20:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/02 20:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/02 20:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/02 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/02 20:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/02 20:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/02 19:13:44 | 000,000,000 | -HSD | C] -- C:\Users\karina\AppData\Local\d9bc9002
[2011/10/18 08:42:53 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/10/14 23:12:33 | 000,000,000 | ---D | C] -- C:\Users\karina\AppData\Roaming\PathToSuccess
[2011/10/14 23:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/10/14 23:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/14 23:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011/10/14 23:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
[2011/10/13 21:01:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/10/13 21:01:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 21:01:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 21:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 21:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 21:01:14 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/13 21:01:14 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011/10/13 21:01:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/13 21:01:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 21:01:13 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/10/13 16:59:25 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 16:59:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 16:59:25 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/13 16:59:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/13 16:59:25 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 16:59:25 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 16:59:25 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 16:59:25 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 16:59:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/13 16:59:24 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/13 16:59:21 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2011/10/13 16:59:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/11/03 16:01:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/03 16:01:50 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 16:01:50 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 16:00:37 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/03 15:22:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/03 15:10:58 | 000,702,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/11/03 15:10:58 | 000,657,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/03 15:10:58 | 000,150,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/11/03 15:10:58 | 000,123,028 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/03 14:03:06 | 000,816,016 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctEFA64.sys
[2011/11/03 14:03:04 | 000,452,872 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctDS64.sys
[2011/11/03 14:03:03 | 000,367,912 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore64.sys
[2011/11/03 13:37:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/11/03 13:37:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/11/03 13:37:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/11/03 13:37:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/03 00:45:14 | 000,001,152 | ---- | M] () -- C:\Windows\SysWow64\windrv.sys
[2011/11/02 23:34:13 | 001,801,132 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/02 22:54:01 | 000,420,800 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/11/02 22:52:26 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2011/11/02 21:49:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011/11/02 21:45:50 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/11/02 21:45:50 | 000,002,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/11/02 21:45:50 | 000,002,153 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/11/02 21:45:50 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011/11/02 20:36:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/02 20:28:52 | 000,002,519 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/02 17:55:51 | 000,018,736 | ---- | M] () -- C:\Users\karina\Desktop\cc_20111102_225544.reg
[2011/10/28 06:12:06 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\karina\Desktop\TDSSKiller.exe
[2011/10/28 06:03:24 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg64.sys
[2011/10/28 06:03:00 | 000,230,952 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD64.sys
[2011/10/28 06:01:36 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix64.sys
[2011/10/28 05:41:16 | 000,141,312 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter64.sys
[2011/10/28 05:41:12 | 000,336,512 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi64.sys
[2011/10/25 08:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011/10/25 08:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011/10/25 08:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011/10/25 08:38:08 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2011/10/20 08:40:56 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/10/20 08:40:32 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/10/20 08:40:32 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/10/14 23:07:34 | 000,002,203 | ---- | M] () -- C:\Users\karina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/14 23:07:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/13 21:27:55 | 005,116,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 21:09:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/11/03 00:45:14 | 000,001,152 | ---- | C] () -- C:\Windows\SysWow64\windrv.sys
[2011/11/02 23:49:11 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011/11/02 23:49:10 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2011/11/02 23:49:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011/11/02 23:49:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011/11/02 23:49:10 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011/11/02 23:33:59 | 001,801,132 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/02 22:52:25 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2011/11/02 22:51:22 | 000,420,800 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2011/11/02 21:45:50 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/11/02 21:45:50 | 000,002,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/11/02 21:45:50 | 000,002,153 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/11/02 17:55:48 | 000,018,736 | ---- | C] () -- C:\Users\karina\Desktop\cc_20111102_225544.reg
[2011/10/14 23:07:34 | 000,002,203 | ---- | C] () -- C:\Users\karina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/14 23:07:10 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 23:07:09 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/13 16:07:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/07/13 16:07:06 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/03/07 07:52:56 | 000,004,608 | ---- | C] () -- C:\Users\karina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 17:38:30 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2010/12/31 03:41:49 | 000,149,504 | ---- | C] () -- C:\Users\karina\AppData\Roaming\SharedSettings.ccs
[2010/11/03 23:53:58 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/11/02 10:29:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/24 22:37:54 | 000,001,456 | ---- | C] () -- C:\Users\karina\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010/07/12 22:08:51 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/07/12 22:08:51 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010/07/12 22:08:51 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010/06/09 09:14:00 | 000,007,604 | ---- | C] () -- C:\Users\karina\AppData\Local\Resmon.ResmonCfg
[2010/06/05 21:50:30 | 001,597,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/25 15:47:20 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/05/25 15:47:20 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/05/25 15:47:20 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/05/25 15:47:20 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/05/25 15:47:20 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/05/25 15:47:20 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/05/25 15:47:20 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/05/25 15:47:20 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/05/25 15:47:20 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/05/25 15:47:20 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010/05/25 15:47:20 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/05/25 15:47:20 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/05/25 15:47:20 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/05/25 15:47:20 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/05/25 15:47:20 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/05/25 15:47:20 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010/05/25 15:47:20 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010/05/25 15:47:20 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/05/25 15:47:20 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/05/08 19:06:05 | 000,000,760 | ---- | C] () -- C:\Users\karina\AppData\Eudora.lnk
[2010/01/04 20:49:17 | 000,033,061 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2009/11/03 18:34:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/12/01 15:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/06/23 07:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/05/23 11:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2010/07/12 21:39:11 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Bump Technologies, Inc
[2009/11/26 16:14:53 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\cerasus.media
[2011/11/02 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\CheckPoint
[2010/07/12 22:09:18 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\concept design
[2011/04/07 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011/02/28 23:45:10 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/07/09 10:45:11 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Epson
[2011/11/03 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\GetRightToGo
[2010/07/24 11:09:52 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\install
[2009/11/17 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Meridian93
[2011/02/18 17:38:39 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\MOVAVI
[2009/12/21 14:20:33 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\News File Grabber
[2011/03/27 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Nik Software
[2009/11/10 15:32:50 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Nvu
[2011/03/19 13:29:10 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\OpenCandy
[2010/05/19 10:10:22 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\OpenOffice.org
[2011/08/28 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Opera
[2011/10/14 23:12:57 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\PathToSuccess
[2011/02/19 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\proDAD
[2011/02/21 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Publish Providers
[2010/05/08 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Qualcomm
[2011/11/02 23:43:48 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\QuickScan
[2010/11/04 00:02:45 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Research In Motion
[2011/03/30 17:06:27 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Sony
[2010/08/24 22:52:19 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/02 23:33:05 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\TestApp
[2011/07/06 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Thunderbird
[2011/11/02 21:45:37 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\TuneUp Software
[2010/05/11 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Uniblue
[2010/11/30 21:48:28 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Unity
[2011/08/23 19:10:50 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Vodafone
[2010/09/20 10:22:33 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\Windows Live Writer
[2011/09/14 16:03:37 | 000,000,000 | ---D | M] -- C:\Users\karina\AppData\Roaming\XSManager
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2011/11/02 22:50:48 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2010/12/31 03:41:50 | 000,000,000 | ---D | M] -- C:\ProgramData\CoffeeCup Software
[2011/09/02 16:42:43 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/05/25 15:46:58 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2009/11/15 22:26:24 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy3
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/06/14 09:33:22 | 000,000,000 | ---D | M] -- C:\ProgramData\G Data
[2009/11/03 22:59:06 | 000,000,000 | ---D | M] -- C:\ProgramData\IM
[2009/11/03 22:58:21 | 000,000,000 | ---D | M] -- C:\ProgramData\IncrediMail
[2011/07/13 16:22:00 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2010/06/10 15:29:16 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2011/02/19 00:17:26 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2009/11/17 22:12:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2011/08/01 18:05:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Mobile Partner
[2010/11/27 13:55:26 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/12/05 22:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/11/03 23:53:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/02/20 13:44:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Studio14Trial
[2011/11/03 16:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2011/11/02 21:45:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2010/11/27 13:55:47 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2010/05/25 16:02:20 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2011/08/23 19:09:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2009/11/03 18:26:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/06/26 19:19:42 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2010/12/23 08:18:13 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/11/02 21:15:59 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/07/02 22:25:30 | 000,000,000 | -H-D | M] -- C:\ProgramData\{9039A196-DFD7-4170-A430-5725E825AEB7}
[2010/06/04 16:33:50 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/25 11:13:22 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/07/28 17:30:00 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\karina\Documents\Unbenannt 1.xls:Roxio EMC Stream
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2E0A12A9
< End of report >

--- --- ---

markusg · 03.11.2011, 21:36

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:

Code:

ATTFilter

:OTL
O20 - HKU\karina_ON_C Winlogon: Shell - (C:\Users\karina\AppData\Local\d9bc9002\X) - C:\Users\karina\AppData\Local\d9bc9002\X ()
:Files
C:\Users\karina\AppData\Local\d9bc9002
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls windows normal startet:
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Goldensunset · 03.11.2011, 22:16

Hi, es geht nicht der Rechner frirrte sich beim ersten mal ein und nach einem neustart des systems, wieder das Problem, das ich nach dem load der fix.txt die taste run fix nicht mehr drücken kann...mhhh... userfehler oder ? was kann ich machen um die fix ins Otl reinzubekommen?

Goldensunset · 04.11.2011, 05:42

habs hinbekommen, der rechner war gnädig und ich habe die OTL datei exe so runtergeladen und aus windows direkt gefixt! die Datei liegt bei euch auf dem Server.

ich hab mir die app data mal angeschaut das ist doch direkt vom emailprogramm, somit liegt es nahe das der übeltäter in den mails ist ? ich hoffe nicht, ich habe gerade den ganzen pack auf den anderen rechner transportiert, falls das system doch ein format c bekommen muss, ...ich danke nochmals für die zügige hilfe, das verdient eine spende!

markusg · 04.11.2011, 08:23

hi, nein da ist nicht nur das mail programm drinn.
aber formatieren ist für dieses system wirklich angesagt, da du ein rootkit an board hast.deaktiviere autorun:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
sichere wichtige daten, dann sag bescheid ob du ne anleitung zum formatieren benötigst, bekommst du natürlich.
dann zeige ich dir, wie du das system richtig absicherst.
dann musst du alle passwörter endern.
und, danke für die spende!

Wonderfulsearchsystem ( dot ) com Hack/Virus - Systemausfall und Internetverbindung

Plagegeister aller Art und deren Bekämpfung: Wonderfulsearchsystem ( dot ) com Hack/Virus - Systemausfall und Internetverbindung