| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mediashifting.com oder 95p.com als Anzeige beim googelnWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.01.2012, 22:27
| #16 |
 |  mediashifting.com oder 95p.com als Anzeige beim googeln Guten Abend, im laufe des tages habe ich eine neue virussoftware (avira internet security 2012) installiert und einmal durchlaufen lassen. es wurden 5 dateien gefunden und entsprechend verschoben. kann der virus jetzt vielleicht schon weg sein? ich habe über das otl-programm mit dem button quick-scan noch einmal ein otl.txt erstellt. diesen füge ich dir noch einmal bei ... hat sich jetzt alles erledigt? und ist der virus weg? oder muss ich immer noch einen neuaufbau machen? VG Nancy OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.01.2012 21:57:44 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Andreas & Nancy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 41,17% Memory free 6,22 Gb Paging File | 4,46 Gb Available in Paging File | 71,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 198,08 Gb Free Space | 68,70% Space Free | Partition Type: NTFS Computer Name: PC_ALLGEMEIN | User Name: Andreas & Nancy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Andreas & Nancy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Iminent\IMBooster\IMBooster.exe (Iminent) PRC - C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Users\ANDREA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Programme\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Windows.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Workflow.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Services.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Business.TinyUrl.dll () MOD - C:\Programme\Iminent\IMBooster\Iminent.Booster.UI.dll () MOD - C:\Programme\Google\Google Desktop Search\gzlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3314.38784__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3314.38856__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3314.38823__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3314.38769__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3314.38785__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3314.38856__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3314.38857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3314.38823__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3314.38836__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3314.38776__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3314.38817__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3314.38822__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3314.38855__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3314.38781__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3314.38805__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3314.38776__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3314.38808__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3314.38777__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3314.38786__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3314.38803__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3314.38806__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3314.38831__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3314.38816__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3314.38789__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3314.38785__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3314.38815__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3314.38807__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3314.38806__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3314.38789__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3314.38807__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3314.38815__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3314.38816__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3314.38881__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3314.38851__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3314.38864__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3294.18784__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3314.38766__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3314.38773__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3314.38846__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3314.38780__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3314.38768__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3314.38767__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3314.38849__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3314.38767__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3314.38769__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3314.38766__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3314.38850__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Win32 Services (SafeList) ========== SRV - (NTISchedulerSvc) -- File not found SRV - (NTI IScheduleSvc) -- File not found SRV - (iPod Service) -- File not found SRV - (gusvc) -- File not found SRV - (gupdatem) Google Update-Dienst (gupdatem) -- File not found SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (ePowerSvc) -- File not found SRV - (clr_optimization_v4.0.30319_32) -- File not found SRV - (CLHNService) -- File not found SRV - (Bonjour Service) -- File not found SRV - (Ati External Event Utility) -- File not found SRV - (Apple Mobile Device) -- File not found SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- File not found SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH) DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys () DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0609&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - default_search_provider: Iminent (Enabled) CHR - default_search_provider: search_url = hxxp://search.iminent.com/?appId=3FB14E6C-1020-4D55-9E07-AC55E2FAF198&ref=toolbox&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Andreas & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: D'Fusion @Home Web Plug-In (3.00.13209) (Enabled) = C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Andreas & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Andreas & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Click to call with Skype = C:\Users\Andreas & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\ CHR - Extension: Google Mail = C:\Users\Andreas & Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [EPSON SX125 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Andreas & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe (CDFusionActiveXCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F16D96F8-3B4B-4A96-9ADE-F5F859FDCC9C}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.07 17:01:33 | 000,000,000 | ---D | C] -- C:\_C [2012.01.07 15:43:41 | 000,000,000 | ---D | C] -- C:\Users\Andreas & Nancy\AppData\Roaming\Avira [2012.01.07 15:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.01.07 15:42:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.01.07 15:42:57 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.01.07 15:42:57 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys [2012.01.07 15:42:57 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys [2012.01.07 15:42:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.01.07 15:42:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.01.06 19:17:03 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.01.06 17:08:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.01.06 17:08:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.01.06 17:08:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.01.06 16:51:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.01.06 16:39:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.01.06 16:39:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.01.06 16:35:31 | 004,374,153 | R--- | C] (Swearware) -- C:\Users\Andreas & Nancy\Desktop\ComboFix.exe [2012.01.06 10:35:35 | 000,000,000 | ---D | C] -- C:\avrescue [2012.01.06 06:30:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Andreas & Nancy\Desktop\OTL.exe [2012.01.05 20:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2012.01.05 20:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2012.01.05 20:54:05 | 000,000,000 | ---D | C] -- C:\Users\Andreas & Nancy\AppData\Roaming\1&1 Mail & Media GmbH [2012.01.05 20:54:04 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar [2011.12.29 18:03:30 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.12.29 17:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Andreas & Nancy\AppData\Local\54ba14f1 [2011.12.25 11:28:24 | 000,000,000 | ---D | C] -- C:\Users\Andreas & Nancy\AppData\Roaming\RavensburgerTipToi [2011.12.25 11:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi [2011.12.25 11:28:07 | 000,000,000 | ---D | C] -- C:\Users\Andreas & Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager [2011.12.25 11:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ravensburger tiptoi [2011.12.20 23:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.20 23:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.20 23:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.20 23:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.12.20 23:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.12.20 22:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.12.20 22:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2011.12.10 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Andreas & Nancy\AppData\Local\Proxure [2011.12.10 19:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk [2009.06.13 11:45:49 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.04.04 12:40:30 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll [2007.04.04 12:39:22 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll [2007.04.04 12:32:50 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll [2007.04.04 12:31:40 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll [2007.04.04 12:29:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll [2007.04.04 12:28:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll [2007.04.04 12:28:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll [2007.04.04 12:22:26 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll [2007.04.04 12:21:52 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll [2007.04.04 12:18:20 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Andreas & Nancy\AppData\Local\*.tmp files -> C:\Users\Andreas & Nancy\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.01.07 21:14:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.07 20:12:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 20:12:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.07 18:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.07 16:59:10 | 000,028,039 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\2012-01-07 - avira.pdf [2012.01.07 16:58:28 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.01.07 15:46:07 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.07 15:45:23 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys [2012.01.07 15:43:32 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.01.07 14:28:36 | 000,007,512 | ---- | M] () -- C:\Users\Andreas & Nancy\AppData\Local\d3d9caps.dat [2012.01.06 19:10:29 | 000,002,633 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\Microsoft Office Excel 2007.lnk [2012.01.06 16:35:40 | 004,374,153 | R--- | M] (Swearware) -- C:\Users\Andreas & Nancy\Desktop\ComboFix.exe [2012.01.06 13:58:20 | 000,000,222 | ---- | M] () -- C:\Windows\ulead32.ini [2012.01.06 11:24:56 | 927,572,072 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.01.06 06:30:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas & Nancy\Desktop\OTL.exe [2012.01.05 20:54:05 | 000,002,055 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\Amazon.lnk [2012.01.05 20:54:05 | 000,002,053 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\WEB.DE.lnk [2012.01.05 20:54:05 | 000,002,047 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\eBay.lnk [2012.01.03 10:55:11 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.03 10:55:11 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.03 10:55:11 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.03 10:55:11 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.03 10:14:53 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.12.25 11:29:16 | 000,000,873 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\tiptoi.lnk [2011.12.24 12:44:39 | 000,000,356 | ---- | M] () -- C:\Users\Andreas & Nancy\Öffentlich - Verknüpfung.lnk [2011.12.23 16:05:43 | 000,002,631 | ---- | M] () -- C:\Users\Andreas & Nancy\Desktop\Microsoft Office Word 2007.lnk [2011.12.22 12:13:57 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2011.12.20 23:20:34 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.20 23:04:43 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.12.20 23:00:58 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.12.16 16:45:15 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.12.15 06:17:10 | 000,357,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.10 19:08:38 | 000,000,272 | ---- | M] () -- C:\Users\Andreas & Nancy\AppData\Roaming\.backup.dm [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Andreas & Nancy\AppData\Local\*.tmp files -> C:\Users\Andreas & Nancy\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.07 16:59:10 | 000,028,039 | ---- | C] () -- C:\Users\Andreas & Nancy\Desktop\2012-01-07 - avira.pdf [2012.01.07 15:43:32 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.01.06 20:00:17 | 3215,814,656 | -HS- | C] () -- C:\hiberfil.sys [2012.01.06 17:08:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.01.06 17:08:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.01.06 17:08:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.01.06 17:08:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.01.06 17:08:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.01.05 20:54:05 | 000,002,055 | ---- | C] () -- C:\Users\Andreas & Nancy\Desktop\Amazon.lnk [2012.01.05 20:54:05 | 000,002,053 | ---- | C] () -- C:\Users\Andreas & Nancy\Desktop\WEB.DE.lnk [2012.01.05 20:54:05 | 000,002,047 | ---- | C] () -- C:\Users\Andreas & Nancy\Desktop\eBay.lnk [2011.12.25 11:28:07 | 000,000,873 | ---- | C] () -- C:\Users\Andreas & Nancy\Desktop\tiptoi.lnk [2011.12.24 12:44:39 | 000,000,356 | ---- | C] () -- C:\Users\Andreas & Nancy\Öffentlich - Verknüpfung.lnk [2011.12.20 23:20:34 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.20 23:04:43 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.12.10 19:08:38 | 000,000,272 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Roaming\.backup.dm [2011.01.28 16:31:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.10.08 10:17:15 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.21 11:26:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.21 11:26:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.21 11:25:38 | 000,185,856 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys [2009.08.30 20:10:27 | 000,193,712 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Roaming\mdbu.bin [2009.08.30 19:57:46 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.27 10:16:09 | 000,000,103 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Local\fusioncache.dat [2009.08.27 09:14:02 | 000,019,656 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Local\internal.grp [2009.08.10 10:49:50 | 000,000,222 | ---- | C] () -- C:\Windows\ulead32.ini [2009.08.07 20:44:57 | 000,027,136 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.18 08:21:45 | 000,007,512 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Local\d3d9caps.dat [2009.07.16 14:33:40 | 000,000,642 | ---- | C] () -- C:\Windows\lexstat.ini [2009.07.16 13:34:47 | 000,000,134 | ---- | C] () -- C:\Users\Andreas & Nancy\AppData\Roaming\wklnhst.dat [2009.06.13 11:35:47 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.13 11:35:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.06.13 11:35:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.06.13 11:35:47 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.06.13 11:35:47 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.06.13 11:35:47 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.06.13 03:10:43 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.06.13 03:03:07 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.06.13 03:03:07 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.06.13 03:03:07 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.06.13 03:03:07 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.06.13 03:01:14 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.06.13 03:01:14 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.06.13 03:01:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.06.13 03:01:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.06.13 03:01:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.06.13 03:01:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.06.13 02:55:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.03.12 11:47:51 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 11:47:51 | 000,146,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,357,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.09.13 17:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll ========== LOP Check ========== [2009.08.18 12:33:07 | 000,000,000 | -HSD | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\.# [2012.01.05 20:54:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\1&1 Mail & Media GmbH [2009.03.12 04:07:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\Acer GameZone Console [2010.01.21 19:56:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\EA [2011.07.09 10:21:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\Epson [2009.08.04 20:10:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\eSobi [2010.02.20 15:32:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\FileZilla [2009.07.17 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\iWin [2010.09.01 05:29:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\LG Electronics [2009.08.30 20:00:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\MAGIX [2011.07.07 13:13:59 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\PhotoScape [2009.10.16 19:07:48 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\PlayFirst [2010.06.03 06:10:03 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\PowerCinema [2011.12.25 11:28:24 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\RavensburgerTipToi [2009.10.24 20:24:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas & Nancy\AppData\Roaming\SoftDMA [2012.01.07 15:44:21 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8750DCE4 < End of report > |
|
09.01.2012, 14:18
| #17 |
| /// Malware-holic   | mediashifting.com oder 95p.com als Anzeige beim googeln warum lässt du irgendwelche programme durchlaufen, die einschätzung wird sich nicht endern, und du würdest erheblich zeit sparen wenn du mit den anweisungen startest die gepostet wurden
__________________
__________________ |
|
09.01.2012, 17:53
| #18 |
| | mediashifting.com oder 95p.com als Anzeige beim googeln OK, dann werde ich mich mal an deine anweisungen machen und diese nach und nach abarbeiten. bis wann bist du heute online? falls ich noch fragen habe?
__________________ |
|
09.01.2012, 17:54
| #19 |
| /// Malware-holic | mediashifting.com oder 95p.com als Anzeige beim googeln 21-22 uhr in etwa.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu mediashifting.com oder 95p.com als Anzeige beim googeln |
| 95d.com, alternate, antivir, autorun, avg, avira, bho, bonjour, branding, browser, error, excel.exe, flash player, format, google, google earth, helper, home, iexplore.exe, iminent, install.exe, intranet, launch, logfile, mediashifting.com, microsoft office word, monitor.exe, office 2007, plug-in, problem, realtek, registry, rundll, scan, security, senden, software, svchost.exe, version=1.0, vista |
Linear-Darstellung
