|
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.11.2011, 17:51 | #1 |
| Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... Hallo liebes Trojanerboard-Team, ich hatte schonmal Probleme mit meinem Vista-PC Anfang des Jahres. Hier bekam ich wirklich gute Hilfe! Nochmal vielen Dank dafür! Seit zwei Monaten gibt's schonwieder Virenalarm. Ich hätte schon längst mal bei Euch nachfragen sollen. Aber seit gestern auch noch der Bundespolizei-Virus. Aber der Reihe nach! In unserer Quarantäne von Antivir schlummern (oder schlummern eben doch nicht) EXP/Pdfka.LW, Java/Exdoer.BE.2, JS/Agent.akm, EXP/Java.BN, EXP/2010-0840.H, TR/Gendal.6725309.1, EXP/Java.Dldr.A und TR/Mahmud.200704! Bis vor etwa 2 Wochen gab es aber keine auffälligen Probleme. Dann plötzlich hat der Computer beim Hochfahren gestreikt, soll heißen: Computer fährt hoch, unterdessen (manchmal noch vor dem Anmelden als user, manchmal aber auch erst wenn ich schon die Antivir Systemprüfung laufen habe) plötzlich 1/2 Sekunde lang blauer Bildschirm mit einer ganzen Latte Meldungen und der PC schaltet sich aus und fährt erneut hoch. Beim x-ten Mal klappt es dann doch. Manchmal bleibt der PC auch einfach nur hängen (nichts geht mehr; dies aber auch nur am Anfang, d.h. wenn er mal geht, dann geht er eben auch). Die Meldungen auf dem blauen Bildschirm konnte ich nur einmal lesen, als er sich gerade in diesem Moment aufgehängt hatte. Der Inhalt war etwa so: Windows fährt sicherheitshalber den Rechner runter um Schaden abzuwenden. DRIVER_IRQL_NOT_LESS_OR EQUAL Und dann Hinweise auf möglicherweise in letzter Zeit nicht ordentlich installierte Hardware oder Software. Technical Information: ... tcpip.sys - Address 88699EBE base at 8862F000, Datestamp 47919120 Auf dem Rechner wurde von uns zuletzt aber nichts neues installiert. Also vermutete ich doch einen Zusammenhang mit Viren. Seit gestern nun auch noch der Bundespolizei-Virus wenn ich mich als user anmelde! Wenn ich mich als zweiter Benutzer anmelde (extra für unsere Kinder eingerichtet) läuft es soweit (noch!?). Tips auf der Internetseite von Chip zum Beseitigen dieses Virus halfen nicht weiter (Unscheinbare .exe-Datei in der Registry entfernen; habe keine entsprechende Datei gefunden und auch nix entfernt). http://www.trojaner-board.de/images/smilies/balla.gif Ich bin Laie und wende mich hilfesuchend an Euch! Inzwischen habe ich defogger durchgeführt. Am Ende kam keine Neustart-Aufforderung, aber Probleme gab's keine. Dennoch hier das Logfile: defogger_disable by jpshortstuff (23.02.10.1) Log created at 22:27 on 11/11/2011 (Familie Ratai) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Dann OTL: Code:
ATTFilter OTL logfile created on: 11.11.2011 22:56:24 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kinder\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,44% Memory free 3,13 Gb Paging File | 2,03 Gb Available in Paging File | 64,98% Paging File free Paging file location(s): c:\pagefile.sys 200 200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 15,67 Gb Free Space | 20,62% Space Free | Partition Type: NTFS Drive D: | 380,97 Gb Total Space | 297,51 Gb Free Space | 78,09% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kinder\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\HDDlife\HDDlifePro.exe (BinarySense, Inc.) PRC - C:\Programme\Common Files\BinarySense\hldasvc.exe (BinarySense, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () PRC - C:\Programme\Google\Google EULA\GoogleEULALauncher.exe ( ) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation) PRC - C:\Programme\Process Explorer\procexp.exe (Sysinternals) PRC - C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\ExitWin\ew.exe (Mirko Böer) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\HDDlife\CrashRpt.dll () MOD - C:\Programme\FinePixViewer\wia_register_event.dll () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (HDDlife HDD Access service) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe (BinarySense, Inc.) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) -- c:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe () SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (SaibVd32) -- C:\Windows\System32\drivers\SaibVd32.sys (Sonic Solutions) DRV - (SahdIa32) -- C:\Windows\System32\Drivers\SahdIa32.sys (Sonic Solutions) DRV - (SaibIa32) -- C:\Windows\System32\Drivers\SaibIa32.sys (Sonic Solutions) DRV - (SysCow) -- C:\Windows\system32\drivers\syscow32v.sys (Sonic Solutions) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 2A 5A 32 96 A0 CC 01 [binary data] IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 12:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 10:15:24 | 000,000,000 | ---D | M] [2008.11.23 21:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Ratai\AppData\Roaming\mozilla\Extensions [2011.03.24 17:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Familie Ratai\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions [2010.04.04 22:54:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Familie Ratai\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.03.15 16:33:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Familie Ratai\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.12.20 22:04:43 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Familie Ratai\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.04.14 12:34:30 | 000,001,196 | ---- | M] () -- C:\Users\Familie Ratai\AppData\Roaming\Mozilla\Firefox\Profiles\mjjf476y.default\searchplugins\winamp-search.xml [2011.03.30 14:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.30 14:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.30 14:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.01 12:28:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.30 14:42:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\NetTransport\NTIEHelper.dll (Xi) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Alles mit Net Transport herunterladen - C:\Programme\NetTransport\NTAddList.html () O8 - Extra context menu item: Mit Net Transport herunterladen - C:\Programme\NetTransport\NTAddLink.html () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29D38C5F-FC59-4F18-B2C5-DC457B07DCEC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32254DAA-0277-4E43-B0A9-188143275102}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.11 22:54:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.11 22:27:03 | 000,000,000 | ---- | M] () -- C:\Users\Familie Ratai\defogger_reenable [2011.11.11 22:09:55 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.11 22:09:55 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.11 22:09:55 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.11 22:09:55 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.11 22:02:40 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.11 22:02:31 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\BackOnTrack Instant Restore Idle.job [2011.11.11 22:02:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 22:02:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 18:13:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2011.10.31 23:00:52 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.14 14:14:39 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B9E6E98-4E29-4FD2-B730-EA3C4D5ADEF7}.job [2011.10.13 17:22:43 | 000,453,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.13 16:41:43 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.10.13 16:41:43 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.10.13 16:40:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.11 22:27:03 | 000,000,000 | ---- | C] () -- C:\Users\Familie Ratai\defogger_reenable [2011.10.13 16:41:43 | 000,008,798 | ---- | C] () -- C:\Windows\System32\icrav03.rat [2011.10.13 16:41:42 | 000,001,988 | ---- | C] () -- C:\Windows\System32\ticrf.rat [2011.10.13 16:40:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.03.23 10:55:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.23 10:55:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.23 10:55:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.23 10:55:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.23 10:55:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.05.08 06:23:07 | 000,000,055 | ---- | C] () -- C:\Windows\Rabe_1.ini [2010.03.15 16:08:25 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2009.10.21 17:51:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 17:51:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.12 14:44:15 | 000,000,269 | ---- | C] () -- C:\Windows\LilliS.ini [2009.05.10 10:29:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.01.25 11:47:25 | 000,025,088 | ---- | C] () -- C:\Users\Familie Ratai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 10:59:02 | 000,000,389 | ---- | C] () -- C:\Windows\DIXI4.ini [2009.01.10 16:57:48 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2009.01.10 16:57:48 | 000,003,451 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ri-li.dat [2008.12.21 18:07:34 | 000,023,888 | ---- | C] () -- C:\Users\Familie Ratai\AppData\Roaming\UserTile.png [2008.12.20 22:06:49 | 000,000,133 | ---- | C] () -- C:\Users\Familie Ratai\AppData\Roaming\burnaware.ini [2008.12.20 10:15:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.12.20 10:15:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.12.20 10:15:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.12.20 10:15:13 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.12.20 10:15:13 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.12.20 10:15:13 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.12.20 10:15:13 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.12.20 10:15:13 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.12.20 10:15:13 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.12.20 10:15:13 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.12.20 10:15:13 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.12.20 10:15:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.12.20 10:15:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.12.20 10:15:12 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.12.20 10:15:12 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.12.20 10:15:12 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.12.20 10:15:12 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.12.20 10:15:12 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.12.20 10:13:33 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw66.bin [2008.12.20 10:13:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V10V100V350EFGD.ini [2008.11.30 16:45:40 | 000,002,618 | ---- | C] () -- C:\Windows\mozver.dat [2008.11.24 21:41:58 | 000,000,067 | ---- | C] () -- C:\Windows\LilliP.ini [2008.11.23 21:48:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.11.22 15:34:42 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.09.30 11:26:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.09.30 11:26:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.09.30 11:23:06 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.09.30 10:59:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 08:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:47:37 | 000,453,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.06 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\BinarySense [2008.12.20 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\EPSON [2011.03.30 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\Foxit [2008.11.23 11:33:27 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\FUJIFILM [2009.06.16 10:35:29 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\NCH Swift Sound [2011.06.24 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\Opera [2008.12.21 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\PeerNetworking [2009.06.16 11:00:02 | 000,000,000 | ---D | M] -- C:\Users\Familie Ratai\AppData\Roaming\Recordpad [2009.01.10 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\EPSON [2009.07.25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\NCH Swift Sound [2009.07.25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Recordpad [2010.04.03 10:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Wildlife Park 2 [2009.07.25 12:37:20 | 000,000,000 | ---D | M] -- C:\Users\Kinder\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.08.11 15:11:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\elsterformular [2009.02.10 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EPSON [2008.11.23 13:38:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUJIFILM [2011.09.18 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0 [2008.11.23 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2009.06.16 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound [2009.05.10 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Panasonic [2011.03.21 12:05:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pnpcodec [2009.06.16 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Recordpad [2008.11.24 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Serif [2009.10.26 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wildlife Park 2 [2010.02.04 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.11.11 22:02:31 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\BackOnTrack Instant Restore Idle.job [2011.11.11 21:27:39 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.14 14:14:39 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B9E6E98-4E29-4FD2-B730-EA3C4D5ADEF7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE9FEFC < End of report > Außerdem habe ich GMER durchgeführt. Gmer.txt ebenfalls im Anhang. So, ich hoffe alles einigermaßen ordentlich beschrieben zu haben. Vielleicht könnt Ihr mir ja helfen, die Viecherei wieder in den Griff zu bekommen. Im voraus schonmal vielen Dank, und liebe Grüße, Elke. |
13.11.2011, 08:56 | #2 | ||||
/// Helfer-Team | Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. deinstalliere: Zitat:
2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..Trusted Ranges: GD ([http] in Local intranet) [2011.11.11 22:54:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.11 22:02:40 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE9FEFC :Commands [purity] [emptytemp] [resethosts]
4. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 5. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ Geändert von kira (13.11.2011 um 09:02 Uhr) |
14.11.2011, 09:53 | #3 |
| Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... Hallo Kira,
__________________danke erstmal, dass Du Dich meines Problems annimmst. Ich habe inzwischen Deine Punkte abgearbeitet: 1. Spybot ist weg 2. Malwarebytes logfile hier: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8152 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 13.11.2011 16:23:48 mbam-log-2011-11-13 (16-23-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 359353 Laufzeit: 1 Stunde(n), 19 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter 15:02:44 * MESSAGE Protection started successfully 15:02:47 * MESSAGE IP Protection started successfully Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully. C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0124123D-61B4-456f-AF86-78C53A0790C5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124123D-61B4-456f-AF86-78C53A0790C5}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully. File C:\Programme\AskBarDis\bar\bin\askBar.dll not found. Registry value HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. File C:\Programme\AskBarDis\bar\bin\askBar.dll not found. Registry value HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found. File C:\Programme\AskBarDis\bar\bin\askBar.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found. Registry key HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully. Registry key HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. ADS C:\ProgramData\TEMP:24051EFF deleted successfully. ADS C:\ProgramData\TEMP:2BE9FEFC deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 136 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 558608 bytes ->Java cache emptied: 4039 bytes ->FireFox cache emptied: 6862882 bytes ->Opera cache emptied: 240 bytes ->Flash cache emptied: 4121 bytes User: *** ->Temp folder emptied: 4792 bytes ->Temporary Internet Files folder emptied: 933089 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 98570300 bytes ->Flash cache emptied: 770 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 812 bytes ->Temporary Internet Files folder emptied: 15404680 bytes ->Java cache emptied: 6143535 bytes ->FireFox cache emptied: 49563806 bytes ->Google Chrome cache emptied: 6555417 bytes ->Opera cache emptied: 741573 bytes ->Flash cache emptied: 470 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 159075 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 42839740 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 218,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11142011_071106 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\TMP0000005D09C29B9B212DDEC3 not found! File\Folder C:\Windows\temp\TMP0000066B2C34117488490426 not found! Registry entries deleted on Reboot... Code:
ATTFilter 7-Zip 9.11 beta 21.03.2011 3,34MB ABBYY FineReader 6.0 Sprint ABBYY Software House 19.12.2008 119,5MB 6.00.1395.4512 AbiWord 2.6.8 AbiSource Developers 23.06.2009 24,2MB 2.6.8 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 16.07.2011 10.3.181.26 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 13.08.2011 10.3.183.5 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 24.06.2011 165,3MB 10.1.0 Apple Software Update Apple Computer, Inc. 22.11.2008 2,38MB 1.0.0.7 Applian FLV Player Applian Technologies Inc. 20.12.2008 1,98MB 2.0.24 ArcSoft PhotoImpression 5 ArcSoft 19.12.2008 164,6MB ArcSoft Software Suite ArcSoft 09.05.2009 141,5MB 1.0 Ask Toolbar Ask.com 19.12.2008 1,17MB 4.1.0.5 Avira AntiVir Personal - Free Antivirus Avira GmbH 12.10.2011 107,8MB 10.2.0.704 AVM FRITZ!WLAN AVM Berlin 14.03.2010 AVS Disc Creator version 3.4 Online Media Technologies Ltd. 19.12.2008 6,22MB AVS4YOU Software Navigator 1.2 Online Media Technologies Ltd. 19.12.2008 2,21MB BurnAware Free 2.2.0 Burnaware Technologies 19.12.2008 12,4MB CCleaner Piriform 13.11.2011 3,55MB 3.12 Coole Schule! 1. und 2. Klasse 01.08.2010 4,73MB 1.1 Corel Home Office Corel 29.11.2008 191,0MB 5 ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 10.08.2011 146,0MB 12.3.2.6814p EPSON Attach To Email SEIKO EPSON 19.12.2008 0,93MB 1.01.0000 EPSON Copy Utility 3 19.12.2008 61,0MB 3.2.0.0 EPSON Event Manager 19.12.2008 4,25MB 1.73.00 EPSON File Manager 19.12.2008 36,7MB 1.1.0.0 EPSON Scan 19.12.2008 71,5MB EPSON Scan Assistant 19.12.2008 3,80MB 1.10.00 Express Rip NCH Swift Sound 15.06.2009 0,80MB File Recover 7.0 PC Tools 07.05.2009 12,5MB 7.0 FinePix Studio 22.11.2008 1,54MB FinePixViewer Resource FUJIFILM Corporation 22.11.2008 166,1MB 1.2 FinePixViewer Ver.5.3 FUJIFILM Corporation 22.11.2008 166,1MB 5.3 Firebird SQL Server - MAGIX Edition MAGIX AG 29.09.2008 6,06MB 2.0.1.13 FSCLounge Fujitsu Siemens Computers 21.11.2008 8,47MB 1.0.0 GIMP 2.6.6 27.06.2009 85,0MB Google Chrome Google Inc. 21.03.2011 346MB 15.0.874.120 Google Desktop Google 21.10.2010 6,65MB 5.9.1005.12335 Google Toolbar for Internet Explorer Google Inc. 16.07.2011 11,1MB HDDlifePro 3.1 BinarySense Inc. 05.06.2009 6,87MB 3.1.165 Java(TM) 6 Update 24 Oracle 29.03.2011 96,9MB 6.0.240 MAGIX Foto Manager 2008 5.0.3.351 (D) MAGIX AG 29.09.2008 91,7MB 5.0.3.351 MAGIX Online Druck Service 2.3.2.0 (D) MAGIX AG 29.09.2008 8,98MB 2.3.2.0 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 12.11.2011 4,80MB 1.51.2.1300 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 22.08.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.08.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 21.01.2010 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.07.2010 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 05.07.2010 0,59MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.11.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Mozilla Firefox 4.0.1 (x86 de) Mozilla 30.04.2011 30,9MB 4.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 NCH Toolbox NCH Software 15.06.2009 0,46MB Net Transport 1.90.267 Xi 05.06.2009 3,56MB NVIDIA Drivers 29.09.2008 PerfV10_V100 Ben.handbuch 19.12.2008 4,88MB PHOTOfunSTUDIO -viewer- Panasonic 09.05.2009 59,0MB 2.01.000 Picasa 2 Google, Inc. 21.11.2008 35,3MB 2.0 PowerPro 4.9 (remove only) 05.06.2009 7,07MB QuickTime Apple Computer, Inc. 22.11.2008 70,1MB 7.1.3.100 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 29.09.2008 Revo Uninstaller 1.92 VS Revo Group 23.06.2011 6,60MB 1.92 Ri-li 09.01.2009 135,8MB Roxio BackOnTrack Roxio 21.11.2008 430MB 1.3.0 Roxio Central Audio Roxio 29.09.2008 1,95MB 3.7.0 Roxio Central Copy Roxio 29.09.2008 1,04MB 3.7.0 Roxio Central Core Roxio 29.09.2008 21,2MB 3.7.0 Roxio Central Data Roxio 29.09.2008 1,34MB 3.7.0 Roxio Central Tools Roxio 29.09.2008 0,59MB 3.7.0 Roxio Express Labeler 3 Roxio 29.09.2008 18,4MB 3.2.1 Roxio WinOnCD LE 10 Roxio 29.09.2008 82,7MB 1.1.043 Steel Run-As 1.2 05.06.2009 0,90MB SUPERAntiSpyware SUPERAntiSpyware.com 23.03.2011 49,9MB 4.50.1002 SystemDiagnostics Fujitsu Siemens Computers 21.11.2008 13,6MB 2.01.0004 Tivola Maus 3 18.01.2009 41,6MB WavePad Sound Editor NCH Software 15.06.2009 2,89MB Wildlife Park 2 Horses Deep Silver 24.07.2009 1.024MB 2.00 Winamp Nullsoft, Inc 03.04.2010 36,1MB 5.572 Winamp Erkennungs-Plug-in Nullsoft, Inc 03.04.2010 0,13MB 1.0.0.1 Winamp Toolbar 03.04.2010 2,20MB Windows Vista Demo Screen Saver Ventuz Technology 29.09.2008 47,8MB 1.1.5 Code:
ATTFilter OTL logfile created on: 14.11.2011 09:19:06 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,78% Memory free 3,12 Gb Paging File | 1,85 Gb Available in Paging File | 59,40% Paging File free Paging file location(s): c:\pagefile.sys 200 200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 9,72 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Drive D: | 380,97 Gb Total Space | 297,51 Gb Free Space | 78,09% Space Free | Partition Type: NTFS Computer Name: FAMILIE***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2011.11.11 22:31:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.29 13:43:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.27 09:32:02 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 13:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.08.25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.13 23:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2009.04.24 15:10:52 | 002,252,440 | ---- | M] (BinarySense, Inc.) -- C:\Programme\HDDlife\HDDlifePro.exe PRC - [2009.04.24 15:03:32 | 000,818,840 | ---- | M] (BinarySense, Inc.) -- C:\Programme\Common Files\BinarySense\hldasvc.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.05 02:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe PRC - [2008.08.27 16:55:20 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.08.01 11:59:26 | 000,125,424 | ---- | M] () -- c:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe PRC - [2008.05.28 12:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Programme\Google\Google EULA\GoogleEULALauncher.exe PRC - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.01.30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Programme\FinePixViewer\QuickDCF2.exe PRC - [2006.11.01 13:07:34 | 003,623,736 | ---- | M] (Sysinternals) -- C:\Programme\Process Explorer\procexp.exe PRC - [2006.03.17 10:30:26 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe PRC - [2005.02.22 22:00:00 | 000,850,432 | ---- | M] (Mirko Böer) -- C:\Programme\ExitWin\ew.exe ========== Modules (No Company Name) ========== MOD - [2011.10.13 17:34:58 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll MOD - [2011.10.13 17:27:49 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.13 17:27:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.13 17:26:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.13 17:25:01 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2007.03.09 12:40:28 | 000,130,560 | ---- | M] () -- C:\Programme\HDDlife\CrashRpt.dll MOD - [2007.02.16 20:01:00 | 000,081,920 | ---- | M] () -- C:\Programme\FinePixViewer\wia_register_event.dll MOD - [2002.07.04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.29 13:43:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 09:32:02 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.04.24 15:03:32 | 000,818,840 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2008.09.05 02:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2008.08.01 11:59:26 | 000,125,424 | ---- | M] () [Auto | Running] -- c:\Programme\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.29 13:43:14 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 13:43:14 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 13:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2008.09.05 02:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2008.09.05 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2008.08.01 01:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32) DRV - [2008.08.01 01:00:00 | 000,020,464 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SahdIa32.sys -- (SahdIa32) DRV - [2008.08.01 01:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SaibIa32.sys -- (SaibIa32) DRV - [2008.07.30 09:31:42 | 000,078,320 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\Windows\system32\drivers\syscow32v.sys -- (SysCow) DRV - [2008.07.22 09:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.07.08 07:37:00 | 007,468,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.08 02:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008.05.27 12:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2007.11.08 00:52:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter) DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2003.09.19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 2A 5A 32 96 A0 CC 01 [binary data] IE - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.selectedEngine: "Winamp Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.01 12:28:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.25 10:15:24 | 000,000,000 | ---D | M] [2008.11.23 21:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.24 17:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions [2010.04.04 22:54:28 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.03.15 16:33:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008.12.20 22:04:43 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.04.14 12:34:30 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mjjf476y.default\searchplugins\winamp-search.xml [2011.03.30 14:43:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.30 14:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.30 14:43:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.01 12:28:50 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.03.30 14:42:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2011.11.14 07:12:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (NTIECatcher Class) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programme\NetTransport\NTIEHelper.dll (Xi) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Alles mit Net Transport herunterladen - C:\Programme\NetTransport\NTAddList.html () O8 - Extra context menu item: Mit Net Transport herunterladen - C:\Programme\NetTransport\NTAddLink.html () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29D38C5F-FC59-4F18-B2C5-DC457B07DCEC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32254DAA-0277-4E43-B0A9-188143275102}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2011.11.14 07:11:06 | 000,000,000 | ---D | C] -- C:\_OTL [2011.10.13 16:40:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.10.13 16:40:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.13 16:40:48 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.10.13 16:40:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.10.13 16:40:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.10.13 16:40:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.10.13 16:40:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.13 16:40:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.10.13 16:40:36 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.10.13 16:40:35 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.10.13 16:40:34 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.10.13 16:40:31 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.10.13 16:40:31 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.10.13 16:40:29 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.10.13 16:40:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.10.13 16:40:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.10.13 16:40:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.13 16:40:25 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.10.13 16:40:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.10.13 16:40:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.10.13 16:40:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.10.13 16:40:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.10.13 16:40:16 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.10.13 16:40:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.10.13 16:40:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.13 16:40:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.10.13 16:40:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.10.13 16:40:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.10.13 16:40:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.10.13 16:40:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.10.13 16:40:02 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.13 16:39:59 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.10.13 16:39:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.10.13 16:39:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.10.13 16:39:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.10.13 16:39:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.10.13 16:39:49 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.10.13 16:06:47 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.13 16:06:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.13 16:06:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.13 16:06:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2011.10.13 16:06:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2011.10.13 16:05:16 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.10.13 16:05:15 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2011.08.24 15:31:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll ========== Files - Modified Within 90 Days ========== [2011.11.14 09:13:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.14 09:13:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.14 07:30:56 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.14 07:19:10 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.14 07:19:10 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.14 07:19:10 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.14 07:19:10 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.14 07:13:57 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\BackOnTrack Instant Restore Idle.job [2011.11.14 07:12:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2011.11.14 04:55:24 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.11.13 14:58:59 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.12 18:13:01 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job [2011.11.11 22:27:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.10.14 14:14:39 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2B9E6E98-4E29-4FD2-B730-EA3C4D5ADEF7}.job [2011.10.13 17:22:43 | 000,453,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.13 16:41:43 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.10.13 16:41:43 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.10.13 16:40:53 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.10.13 16:40:50 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.13 16:40:48 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.10.13 16:40:45 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.10.13 16:40:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.10.13 16:40:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.10.13 16:40:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.13 16:40:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.10.13 16:40:36 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.10.13 16:40:35 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.10.13 16:40:34 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.10.13 16:40:31 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.10.13 16:40:31 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.10.13 16:40:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.10.13 16:40:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.10.13 16:40:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.10.13 16:40:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.10.13 16:40:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.13 16:40:25 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.10.13 16:40:23 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.10.13 16:40:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.10.13 16:40:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.10.13 16:40:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.10.13 16:40:16 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.10.13 16:40:16 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.10.13 16:40:09 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.13 16:40:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.10.13 16:40:08 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.10.13 16:40:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.10.13 16:40:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.10.13 16:40:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.10.13 16:40:02 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.13 16:39:59 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.10.13 16:39:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.10.13 16:39:54 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.10.13 16:39:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.10.13 16:39:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.10.13 16:39:49 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.09.06 14:30:12 | 002,043,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.25 17:15:04 | 000,555,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2011.08.25 14:31:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll ========== Files Created - No Company Name ========== [2011.11.14 07:30:56 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.13 14:58:59 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.11 22:27:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.10.13 16:41:43 | 000,008,798 | ---- | C] () -- C:\Windows\System32\icrav03.rat [2011.10.13 16:41:42 | 000,001,988 | ---- | C] () -- C:\Windows\System32\ticrf.rat [2011.10.13 16:40:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.03.23 10:55:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.23 10:55:01 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.23 10:55:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.23 10:55:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.23 10:55:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.05.08 06:23:07 | 000,000,055 | ---- | C] () -- C:\Windows\Rabe_1.ini [2010.03.15 16:08:25 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2009.10.21 17:51:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.21 17:51:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.12 14:44:15 | 000,000,269 | ---- | C] () -- C:\Windows\LilliS.ini [2009.05.10 10:29:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.01.25 11:47:25 | 000,025,088 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.19 10:59:02 | 000,000,389 | ---- | C] () -- C:\Windows\DIXI4.ini [2009.01.10 16:57:48 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2009.01.10 16:57:48 | 000,003,451 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-Ri-li.dat [2008.12.21 18:07:34 | 000,023,888 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.12.20 22:06:49 | 000,000,133 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2008.12.20 10:15:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.12.20 10:15:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.12.20 10:15:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.12.20 10:15:13 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.12.20 10:15:13 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.12.20 10:15:13 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.12.20 10:15:13 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.12.20 10:15:13 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.12.20 10:15:13 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.12.20 10:15:13 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.12.20 10:15:13 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.12.20 10:15:12 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.12.20 10:15:12 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.12.20 10:15:12 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.12.20 10:15:12 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.12.20 10:15:12 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.12.20 10:15:12 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.12.20 10:15:12 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.12.20 10:13:33 | 000,065,793 | ---- | C] () -- C:\Windows\System32\esfw66.bin [2008.12.20 10:13:24 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V10V100V350EFGD.ini [2008.11.30 16:45:40 | 000,002,618 | ---- | C] () -- C:\Windows\mozver.dat [2008.11.24 21:41:58 | 000,000,067 | ---- | C] () -- C:\Windows\LilliP.ini [2008.11.23 21:48:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.11.22 15:34:42 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.09.30 11:26:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.09.30 11:26:57 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.09.30 11:23:06 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.09.30 10:59:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 08:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:47:37 | 000,453,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.06.06 17:41:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BinarySense [2008.12.20 10:44:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011.03.30 11:03:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit [2008.11.23 11:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FUJIFILM [2009.06.16 10:35:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound [2011.06.24 08:38:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2008.12.21 18:07:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2009.06.16 11:00:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Recordpad [2009.01.10 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2009.07.25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound [2009.07.25 12:17:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Recordpad [2010.04.03 10:16:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wildlife Park 2 [2009.07.25 12:37:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.08.11 15:11:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\elsterformular [2009.02.10 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EPSON [2008.11.23 13:38:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUJIFILM [2011.09.18 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0 [2008.11.23 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2009.06.16 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NCH Swift Sound [2009.05.10 10:54:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Panasonic [2011.03.21 12:05:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Pnpcodec [2009.06.16 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Recordpad [2008.11.24 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Serif [2009.10.26 16:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wildlife Park 2 [2010.02.04 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2011.11.14 07:13:57 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\BackOnTrack Instant Restore Idle.job [2011.11.14 07:12:29 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.10.14 14:14:39 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2B9E6E98-4E29-4FD2-B730-EA3C4D5ADEF7}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE9FEFC < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.11.2011 09:19:06 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,78% Memory free 3,12 Gb Paging File | 1,85 Gb Available in Paging File | 59,40% Paging File free Paging file location(s): c:\pagefile.sys 200 200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 9,72 Gb Free Space | 12,80% Space Free | Partition Type: NTFS Drive D: | 380,97 Gb Total Space | 297,51 Gb Free Space | 78,09% Space Free | Partition Type: NTFS Computer Name: FAMILIE***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{11EB8978-A679-4F32-98EE-8D6F0AF2263F}" = rport=138 | protocol=17 | dir=out | app=system | "{22D9FF51-5042-490B-A8AA-117912C93523}" = rport=139 | protocol=6 | dir=out | app=system | "{3A082803-E73D-4123-9C70-261668BC7879}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{48FCCFFF-DF46-484D-82F6-CF0A391952F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{570C05D3-5146-4ED8-8760-DE4437344F9E}" = lport=139 | protocol=6 | dir=in | app=system | "{68DE2B93-E145-4D14-8049-E0C98AB8098A}" = lport=445 | protocol=6 | dir=in | app=system | "{7E813012-8692-4FBB-BC96-DF7D8471DDF8}" = rport=137 | protocol=17 | dir=out | app=system | "{D48CD0EB-677E-4BB5-B3C6-4F8C1C92C234}" = lport=138 | protocol=17 | dir=in | app=system | "{E36C9F5D-852B-424E-9152-4A34247D099F}" = rport=445 | protocol=6 | dir=out | app=system | "{F6BBFD50-419A-4173-8DB5-B736587FE35C}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{391BB7EC-DC85-4939-A275-FC105B0B6983}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{49C36B0F-09BC-440C-A7B6-217F1B705306}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\programs\opera\opera.exe | "{4FEC74AE-C18F-4FB5-AD5C-D9D9DEE14CF6}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{586E6AEA-5511-4511-A192-99F7544896A2}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\programs\opera\opera.exe | "{59802272-E6A0-47E4-B1F2-0AE0DB303481}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5F74F4D4-A06A-4B65-90C1-B05CFEF499EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{601594EA-AF30-4E92-89C6-F090B4576578}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{90C4ED0B-0C68-4A47-885C-862A70D0BA30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{BF5A3E66-8B27-421F-96AA-4463EA95306D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{C62989C5-6180-4EA8-87C3-00F755795987}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0517F875-BBB2-4812-A63E-733B33CEF215}" = Roxio Instant Restore "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office "{08CECB87-1410-43D0-86E4-C55617B16F90}" = HDDlifePro 3.1 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2B682751-E749-441C-A4B3-1F538E26E56E}" = Roxio Instant Restore Recovery Disk "{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F879E56-2A84-44FB-8EEA-854BF079ED4D}" = Coole Schule! 1. und 2. Klasse "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{55FA89BD-21D3-42F7-9249-C94C0094A83C}" = Apple Software Update "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79AE264A-7DEA-49AF-AFAF-7A2D8F706F51}" = Roxio WinOnCD LE 10 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87A83C6F-F53C-448A-B078-FF00E3EAEB29}" = Roxio Disaster Recovery "{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer- "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5 "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio "{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "7-Zip" = 7-Zip 9.11 beta "AbiWord2" = AbiWord 2.6.8 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Applian FLV Player2.0.24" = Applian FLV Player "Ask Toolbar_is1" = Ask Toolbar "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "AVS Disc Creator_is1" = AVS Disc Creator version 3.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "BurnAware Free_is1" = BurnAware Free 2.2.0 "CCleaner" = CCleaner "ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender "EPSON Scanner" = EPSON Scan "ExpressRip" = Express Rip "File Recover_is1" = File Recover 7.0 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "Net Transport_is1" = Net Transport 1.90.267 "NVIDIA Drivers" = NVIDIA Drivers "PerfV10_V100 Ben.handbuch" = PerfV10_V100 Ben.handbuch "Picasa2" = Picasa 2 "Revo Uninstaller" = Revo Uninstaller 1.92 "Ri-li" = Ri-li "Steel Run-AS 1.2_is1" = Steel Run-As 1.2 "Tivola Maus 3" = Tivola Maus 3 "ToolBox" = NCH Toolbox "WavePad" = WavePad Sound Editor "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinGimp-2.0_is1" = GIMP 2.6.6 "WinPowerPro" = PowerPro 4.9 (remove only) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4221722840-285674823-3773879148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.11.2011 13:49:22 | Computer Name = Familie***-PC | Source = Perflib | ID = 1008 Description = Error - 12.11.2011 14:59:49 | Computer Name = Familie***-PC | Source = RstIdle | ID = 0 Description = Error - 13.11.2011 07:55:58 | Computer Name = Familie***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.11.2011 08:01:34 | Computer Name = Familie***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.11.2011 08:10:24 | Computer Name = Familie***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.11.2011 09:42:42 | Computer Name = Familie***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.11.2011 15:11:06 | Computer Name = Familie***-PC | Source = RstIdle | ID = 0 Description = Error - 13.11.2011 17:05:24 | Computer Name = Familie***-PC | Source = RstIdle | ID = 0 Description = Error - 13.11.2011 17:44:53 | Computer Name = Familie***-PC | Source = RstIdle | ID = 0 Description = Error - 14.11.2011 02:15:12 | Computer Name = Familie***-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.11.2011 08:09:43 | Computer Name = Familie***-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 13.11.2011 09:40:57 | Computer Name = Familie***-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 13.11.2011 09:41:03 | Computer Name = Familie***-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 13.11.2011 15:11:06 | Computer Name = Familie***-PC | Source = DCOM | ID = 10001 Description = Error - 13.11.2011 19:14:54 | Computer Name = Familie***-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 13.11.2011 19:14:57 | Computer Name = Familie***-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 13.11.2011 19:15:00 | Computer Name = Familie***-PC | Source = disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0. Error - 14.11.2011 02:11:06 | Computer Name = Familie***-PC | Source = Service Control Manager | ID = 7034 Description = Error - 14.11.2011 02:13:28 | Computer Name = Familie***-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 14.11.2011 02:13:34 | Computer Name = Familie***-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. < End of report > Gruß, Elke |
14.11.2011, 14:32 | #4 | |
/// Helfer-Team | Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... 1. deinstalliere falls unter `Systemsteuerung -->Software -->Ändern/Entfernen...` existieren: Code:
ATTFilter Adware -Toolbar: Ask Toolbar Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren 2. Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! Zitat:
Fixen mit OTL
Code:
ATTFilter :OTL [2008.12.20 22:04:43 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2BE9FEFC :Commands [purity] [emptytemp]
4. reinige dein System mit Ccleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
15.11.2011, 07:49 | #5 |
| Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... Guten Morgen Kira, Ask Toolbar ist jetzt deinstalliert und neues Java ist auch auf dem PC. Hier der angefragte OTL Fix Code:
ATTFilter All processes killed ========== OTL ========== Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mjjf476y.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found. C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. ADS C:\ProgramData\TEMP:2BE9FEFC deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: *** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 53021 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 6807205 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: **** ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 279610 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 61973570 bytes ->Flash cache emptied: 566 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44674632 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 470 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 109,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11142011_203730 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Über Nacht habe ich SUPERAntiSpyware laufen lassen. Hier die scan-log Datei Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 11/14/2011 at 11:44 PM Application Version : 5.0.1136 Core Rules Database Version : 7940 Trace Rules Database Version: 5752 Scan type : Complete Scan Total Scan Time : 02:07:24 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 664 Memory threats detected : 0 Registry items scanned : 38646 Registry threats detected : 0 File items scanned : 349015 File threats detected : 136 Adware.Tracking Cookie C:\USERS\****\AppData\Roaming\Microsoft\Windows\Cookies\0OW4HIQ7.txt [ Cookie:****@atdmt.com/ ] C:\USERS\****\Cookies\0OW4HIQ7.txt [ Cookie:****@atdmt.com/ ] C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\BAJIZ44B.txt [ Cookie:user@adultfriendfinder.com/ ] C:\USERS\USER\AppData\Roaming\Microsoft\Windows\Cookies\Low\GDZTKBTX.txt [ Cookie:user@niceyoungteens.com/ ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADS.WHALEADS[1].TXT [ /ADS.WHALEADS ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@CHOKERTRAFFIC[2].TXT [ /CHOKERTRAFFIC ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@OPENX.SEXSEARCHCOM[1].TXT [ /OPENX.SEXSEARCHCOM ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@RTS.PGMEDIASERVE[1].TXT [ /RTS.PGMEDIASERVE ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@RUDEFINDER[1].TXT [ /RUDEFINDER ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@TRACKING.QUISMA[1].TXT [ /TRACKING.QUISMA ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.RUDEFINDER[1].TXT [ /WWW.RUDEFINDER ] ZIP ARCHIVE( D:\*****-PC\BACKUP SET 2011-02-10 155629\BACKUP FILES 2011-07-02 172741\BACKUP FILES 32.ZIP )/C\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000120\00000119\14\TARGET\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.TEENJILL[1].TXT [ /WWW.TEENJILL ] .atdmt.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .atdmt.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .apmebf.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] adx.chip.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .specificclick.net [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adviva.net [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .questionmarket.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .bs.serving-sys.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .advertising.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .microsoftsto.112.2o7.net [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad1.adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] tracking.mlsat02.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .hightraffic.hugoboss.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adtech.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adxpose.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] www.zanox-affiliate.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .zanox-affiliate.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad3.adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.yieldmanager.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad2.adfarm1.adition.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] ad.zanox.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .traffictrack.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .ad.adnet.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .smartadserver.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .mediaplex.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .webmasterplan.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tracking.quisma.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] de.sitestat.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] statse.webtrendslive.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] www.etracker.de [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .tradedoubler.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .serving-sys.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] www.googleadservices.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .zanox.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .doubleclick.net [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] .questionmarket.com [ C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0BTOGYMS.DEFAULT\COOKIES.SQLITE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@TRAFFICHOLDER[2].TXT [ /TRAFFICHOLDER ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.6PORNTUBE[2].TXT [ /WWW.6PORNTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.PORNOLUNCH[1].TXT [ /WWW.PORNOLUNCH ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.BOOMPORNTUBE[3].TXT [ /WWW.BOOMPORNTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@SUNPORNO[2].TXT [ /SUNPORNO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.DK-PORN[2].TXT [ /WWW.DK-PORN ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.BOOMPORNTUBE[2].TXT [ /WWW.BOOMPORNTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.ZOOSEXSHOW[2].TXT [ /WWW.ZOOSEXSHOW ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.ZOOSEXSHOW[3].TXT [ /WWW.ZOOSEXSHOW ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADXPANSION[1].TXT [ /ADXPANSION ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.HARDSEXTUBE[1].TXT [ /WWW.HARDSEXTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADS.CRAKMEDIA[2].TXT [ /ADS.CRAKMEDIA ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADBRITE[1].TXT [ /ADBRITE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.ALLADULTTUBES[2].TXT [ /WWW.ALLADULTTUBES ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ERO-ADVERTISING[1].TXT [ /ERO-ADVERTISING ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.SUNPORNO[2].TXT [ /WWW.SUNPORNO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADSERVER.HARDSEXTUBE[2].TXT [ /ADSERVER.HARDSEXTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@ADV.DRTUBER[1].TXT [ /ADV.DRTUBER ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@DEV.HARDSEXTUBE[1].TXT [ /DEV.HARDSEXTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@FREEANIMALSEXTUBE[1].TXT [ /FREEANIMALSEXTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@NICEYOUNGTEENS[1].TXT [ /NICEYOUNGTEENS ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@HARDSEXTUBE[1].TXT [ /HARDSEXTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@LOOKFORPORN[2].TXT [ /LOOKFORPORN ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@MOMMYFUCKTUBE[1].TXT [ /MOMMYFUCKTUBE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@TOPLIST[2].TXT [ /TOPLIST ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@PORNOLUNCH[2].TXT [ /PORNOLUNCH ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@PORNOXO[2].TXT [ /PORNOXO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@STATIC.SUNPORNO[1].TXT [ /STATIC.SUNPORNO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@TRAFFICHOLDER[1].TXT [ /TRAFFICHOLDER ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.PORNOXO[1].TXT [ /WWW.PORNOXO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@WWW.TEENJILL[1].TXT [ /WWW.TEENJILL ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@XXXLINKSFORFREE[2].TXT [ /XXXLINKSFORFREE ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@YADRO[2].TXT [ /YADRO ] C:\USERS\USER\APPDATA\LOCAL\TEMP\LOW\COOKIES\USER@YOUNGLEGALPORN[1].TXT [ /YOUNGLEGALPORN ] Nun habe ich unsere externe Festplatte und einen USB-Stick angeschlossen, aber trotz Shift-Taste ging das Autorun-Fenster auf. Habe ich sofort geschlossen. Wo kann ich das Autorun generell abschalten? Tut mir Leid, aber bei einigen Deiner Links lande ich nur bei Euren 7 goldenen Regeln. So auch Eset Online-scanner, wo finde ich den? LG Elke |
16.11.2011, 15:50 | #6 |
/// Helfer-Team | Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... -> kannst ja alle Funde löschen lassen -> Autorun abschalten -> habe Dir den Link hier angegeben:-> Eset Online Scanner (NOD32)Kostenlose Online Scanner
__________________ --> Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... |
21.11.2011, 11:55 | #7 |
| Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... So, habe nun endlich ESET online-scanner ausgeführt. Der hatte nichts gefunden! Dummerweise habe ich beim Beenden gleich das Deinstallieren mit angehakt. Das ist wohl der Grund, warum jetzt die log.txt-Datei nichtmehr da ist. Alle anderen Schritte zur Beseitigung des Scanners habe ich ebenfalls durchgeführt. Probleme mit dem Rechner hochfahren sind jetzt nichtmehr aufgetreten. Und Virenfunde gab es nur einmal auf der externen Festplatte (JAVA/ClassLoader.BO; hatte Avira Antivir gefunden noch bevor ich den ESET Scanner gestartet hatte). Auch vom Bundespolizei-Virus habe ich nichtsmehr gesehen. So scheint alles in Ordnung! War es das? Noch eine Frage: Toolbars werden oft als überflüssig / schädlich beschrieben. Avira hatte kürzlich eine für Firefox bzw. IE angeboten. Empfiehlt sich das? LG, und schonmal ein riesengroßes DANKE! Ohne Euch wäre zumindest ich aufgeschmissen. Elke |
21.11.2011, 12:59 | #8 | ||
/// Helfer-Team | Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ...Zitat:
BHO`s & Toolbars,Start bzw Suchseite die nicht absichtlich von Dir zugefügt wurden...: Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, ICQ usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne... - meiste wollen sich doch nur wichtig machen 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes: Alle Systemwiederherstellungspunkte löschen, auch den Letzten 4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
23.11.2011, 10:20 | #9 |
| Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... Hallo Kira, Danke für die vielen Tips. Alles läuft wieder glatt! Ihr seid große Klasse! Liebe Grüße Elke |
Themen zu Bundespolizei Virus und Antivir findet Exp/Java.Dldr.A, TR/Gendal.6725309.1 ... |
adobe, alternate, anfang, antivir, askbar, avira, bho, bildschirm, computer, defender, entfernen, error, explorer, firefox, google, home, hängen, intranet, langs, logfile, nodrives, nvidia, nvlddmkm.sys, picasa, programme, realtek, registry, safer networking, scan, schaltet sich aus, sched.exe, sicherheitshalber, stick, superantispyware, usb, virus |