| |
| |||||||
Log-Analyse und Auswertung: searchnu.com/406 als StartseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.04.2012, 15:05
| #1 |
 |  searchnu.com/406 als Startseite Hallo, nachdem meine Freundin einen Trojaner von irgend einer Ausländischen Seite runtergeladen und auf ihrem Laptop installiert hat  ,wurde statt Google immer ...searchnu.com/406 angezeigt. Jegliche Versuche eine andere Startseite einzustellen ist fehlgeschlagen. Ich habe mich hier im Board umgesehen und vor einiger Zeit mit folgenden Tools erfolgreich (?) gescannt Malwarebytes, OTL und SUPERAntiSpyware (logs s.u.). Anschließend konnte ich zwar wieder eine andere Startseite einstellen, aber das Laptop läuft seitdem eher schlecht als recht. Entweder habe ich was beschädigt, oder der/die Trojaner sind noch aktiv. Das Gerät läuft extrem lahm und oft reagieren einzele Fenster (IE8, Win-Explorer, Firefox) nicht mehr. Beim Abspielen von Videos online stürzt der Flash-Player sowohl bei IE8, als auch bei Firefox oft ab. Was meint ihr, kann man noch was retten, oder muss ich die Kiste neu installieren? Ich habe permanent eine aktuelle Vollversion von Kapersky drauf laufen. Eigentlich hatte ich den Eindruck, dass Kapersky gut ist, aber der prüft wohl nicht auf Malware? Soll ich neben Kapersky noch was zusätzlich speziell gegen Malware installieren, und wenn Ja was? So, das waren jetzt viele Fragen. Möchte mich vorab schon mal vorab bedanken, dass ihr eure Freizeit opfert, um anderen zu helfen!  *************************************************************************** Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.14.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 xxxxxx:: XXX-PC [Administrator] Schutz: Aktiviert 14.04.2012 17:49:38 mbam-log-2012-04-14 (17-49-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 363210 Laufzeit: 2 Stunde(n), 37 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\xxxxxxx\Desktop\SoftonicDownloader_fuer_photo-slideshow-maker.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) *************************************************************************** OTL logfile created on: 15.04.2012 08:55:52 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free 3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.) PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll () MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL () MOD - C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () MOD - C:\Program Files\WinRAR\rarext.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Guard.Mail.ru) -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe () O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.14 18:26:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.04.14 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.14 17:46:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.04.14 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV [2012.04.11 20:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.11 19:46:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2012.04.11 19:46:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2012.04.10 19:23:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012.04.10 19:23:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.04.10 19:23:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.04.10 19:23:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.04.10 19:23:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.04.07 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Formulare [2012.04.05 14:25:42 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.03.30 18:35:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\FernStudiumILS [2012.03.28 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.28 10:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.28 10:05:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2012.03.28 10:05:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2012.03.28 10:05:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2012.03.28 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.03.28 09:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.03.28 09:11:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI [2012.03.28 08:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.03.28 08:53:26 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012.03.28 08:53:23 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2012.03.28 08:52:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll [2012.03.28 08:52:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll [2012.03.28 08:52:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe [2012.03.28 08:51:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.15 08:52:31 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.04.15 08:52:31 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.04.15 08:52:31 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.04.15 08:52:31 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.04.15 08:44:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.04.15 08:44:48 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys [2012.04.14 22:58:33 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.04.14 21:59:55 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat [2012.04.14 18:21:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.04.14 17:46:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.14 17:34:59 | 000,000,165 | ---- | M] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url [2012.04.07 17:50:57 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat [2012.04.05 14:25:42 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.04.05 14:25:42 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.03.30 18:54:22 | 000,000,162 | -H-- | M] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf [2012.03.28 10:42:49 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.28 10:05:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2012.03.28 10:05:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2012.03.28 09:58:02 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.28 09:53:55 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.28 09:35:33 | 000,267,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.03.28 08:57:37 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.14 21:59:55 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat [2012.04.14 17:46:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.14 17:34:59 | 000,000,165 | ---- | C] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url [2012.04.07 17:50:57 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat [2012.04.05 14:25:44 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.03.30 18:54:22 | 000,000,162 | -H-- | C] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf [2012.03.28 10:42:49 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.28 09:58:02 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.03.28 09:53:55 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.28 08:57:37 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.03.28 08:57:37 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat [2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat [2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat [2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe [2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe [2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll [2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin [2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys < End of report > ******************************************************* OTL Extras logfile created on: 15.04.2012 08:55:52 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free 3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2 "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar "{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook "{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi "{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95E03739-5775-4D41-B0B9-D99DFDFE2DED}" = ALLNET Powerline Configuration Utility "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console "{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J "{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "Catan - Staedte und Ritter" = Catan - Städte und Ritter "CCleaner" = CCleaner "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader "Diashow XL_is1" = Diashow XL "Eee Docking_is1" = Eee Docking 3.8.1 "Guard.Mail.ru" = Guard.Mail.ru "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer "InstallShield_{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee "InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010 "MailRuSputnik" = Mail.Ru Спутник 2.4.0.491 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA.Updatus" = NVIDIA Updatus "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OOBERegBackup_is1" = OOBERegBackup "ScreenSaverPatch_is1" = ScreenSaverPatch "Secunia PSI" = Secunia PSI (2.0.0.4003) "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > *********************************************************************************** SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/15/2012 at 11:51 AM Application Version : 5.0.1146 Core Rules Database Version : 8458 Trace Rules Database Version: 6270 Scan type : Complete Scan Total Scan Time : 02:03:34 Operating System Information Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601) UAC On - Limited User Memory items scanned : 788 Memory threats detected : 0 Registry items scanned : 34151 Registry threats detected : 0 File items scanned : 68156 File threats detected : 80 Adware.Tracking Cookie C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.yieldmanager[1].txt [ /ad.yieldmanager ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adx.chip[1].txt [ /adx.chip ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[1].txt [ /content.yieldmanager ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@smartadserver[1].txt [ /smartadserver ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\6CYWLSF9.txt [ /oracle.112.2o7.net ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\8GCSFJF1.txt [ /partypoker.com ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\9NGMIKBL.txt [ /apmebf.com ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\AAO8IUL9.txt [ /yadro.ru ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\T4MFWIHQ.txt [ /doubleclick.net ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@rambler[2].txt [ /rambler.ru ] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.rambler[2].txt [ /www.rambler.ru ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JIJUOZ5.txt [ Cookie:xxx@media.gan-online.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1C2X7Q3.txt [ Cookie:xxx@zanox.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGQIAIT1.txt [ Cookie:xxx@ru4.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O44QGWP.txt [ Cookie:xxx@ad2.adfarm1.adition.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ9SALUI.txt [ Cookie:xxx@apmebf.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO4DEG5L.txt [ Cookie:xxx@ww251.smartadserver.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2ZF1XGS.txt [ Cookie:xxx@dyntracker.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PE0U3OF9.txt [ Cookie:xxx@invitemedia.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJ1PIX8D.txt [ Cookie:xxx@specificclick.net/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8B0CVIXG.txt [ Cookie:xxx@webmasterplan.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7R3BELP4.txt [ Cookie:xxx@yadro.ru/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\63UWFZNI.txt [ Cookie:xxx@s4.trafficmaxx.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\WS3HK8M4.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/1066329064/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WFCTKA3.txt [ Cookie:xxx@www.zanox-affiliate.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QVLZQNJ.txt [ Cookie:xxx@spylog.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\60SU4UMG.txt [ Cookie:xxx@urbia.wwe-media.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQPB23N2.txt [ Cookie:xxx@tns-counter.ru/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTZ5SH6X.txt [ Cookie:xxx@loyaltypartner.122.2o7.net/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTIUF68G.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/949381375/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEB9JHFJ.txt [ Cookie:xxx@smartadserver.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYP6PVSB.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/985119181/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VME6JXM.txt [ Cookie:xxx@directadvert.ru/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0K1UZ9I5.txt [ Cookie:xxx@c.atdmt.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRPVURIW.txt [ Cookie:xxx@cunda.122.2o7.net/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\LLGQ7KK9.txt [ Cookie:xxx@doubleclick.net/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2KBXRLU.txt [ Cookie:xxx@hightraffic.hugoboss.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRT1219B.txt [ Cookie:xxx@zbox.zanox.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0LYWNYF.txt [ Cookie:xxx@quartermedia.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WS96SOF.txt [ Cookie:xxx@ad.zanox.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4JX1UHW2.txt [ Cookie:xxx@revsci.net/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GDM568CB.txt [ Cookie:xxx@data.coremetrics.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\00NQXIBY.txt [ Cookie:xxx@clickfuse.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERW47DCZ.txt [ Cookie:xxx@ad3.adfarm1.adition.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T80RRPAP.txt [ Cookie:xxx@adtech.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0NZ5HBV.txt [ Cookie:xxx@ad.dyntracker.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUXQCWYM.txt [ Cookie:xxx@statcounter.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX6OH6BM.txt [ Cookie:xxx@atdmt.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X761QGE.txt [ Cookie:xxx@fl01.ct2.comclick.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YSO4WXW.txt [ Cookie:xxx@tradedoubler.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCJEOE0J.txt [ Cookie:xxx@tracking.quisma.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\R30O10HL.txt [ Cookie:xxx@questionmarket.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VV3UO376.txt [ Cookie:xxx@www.directadvert.ru/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALJJZF59.txt [ Cookie:xxx@www.etracker.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YT9V7Y07.txt [ Cookie:xxx@zanox-affiliate.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\05ICXGAZ.txt [ Cookie:xxx@traffictrack.de/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9YNF6C5.txt [ Cookie:xxx@adsyst.biz/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQXLD10I.txt [ Cookie:xxx@in.getclicky.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\OG0R27IV.txt [ Cookie:xxx@bs.serving-sys.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\D2VZ8XTJ.txt [ Cookie:xxx@ad1.adfarm1.adition.com/ ] C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJ9SAQMG.txt [ Cookie:xxx@track.webtrekk.de/390100023909110/ ] C:\USERS\xxx\Cookies\6CYWLSF9.txt [ Cookie:xxx@oracle.112.2o7.net/ ] C:\USERS\xxx\Cookies\8GCSFJF1.txt [ Cookie:xxx@partypoker.com/ ] C:\USERS\xxx\Cookies\9NGMIKBL.txt [ Cookie:xxx@apmebf.com/ ] C:\USERS\xxx\Cookies\AAO8IUL9.txt [ Cookie:xxx@yadro.ru/ ] C:\USERS\xxx\Cookies\xxx@smartadserver[1].txt [ Cookie:xxx@smartadserver.com/ ] C:\USERS\xxx\Cookies\xxx@adx.chip[1].txt [ Cookie:xxx@adx.chip.de/ ] C:\USERS\xxx\Cookies\T4MFWIHQ.txt [ Cookie:xxx@doubleclick.net/ ] C:\USERS\xxx\Cookies\xxx@content.yieldmanager[1].txt [ Cookie:xxx@content.yieldmanager.com/ ] C:\USERS\xxx\Cookies\xxx@www.rambler[2].txt [ Cookie:xxx@www.rambler.ru/ ] C:\USERS\xxx\APPDATA\LOCAL\TEMP\LOW\COOKIES\xxx@TNS-COUNTER[1].TXT [ /TNS-COUNTER ] aka-cdn-ns.adtech.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] allserials.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] delivery.ibanner.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] media.kyte.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] s0.2mdn.net [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] vht.tradedoubler.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] www.secmedia.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] www.sexsmotri.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] wwwstatic.megaporn.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ] ENDE ____________________________________________ |
| Themen zu searchnu.com/406 als Startseite |
| 32 bit, ad.yieldmanager, applaus, avp.exe, bho, bingbar, browser, dateisystem, defender, desktop, dsl, eeepc, error, firefox, flash player, flash-player, format, frage, google, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, installation, kaspersky, kis, logfile, microsoft office starter 2010, nvpciflt.sys, plug-in, pup.bundleoffer.downloader.s, rambler, realtek, registry, rundll, searchnu.com/406, searchscopes, secunia psi, security, software, taskhost.exe, tastatur, trojaner, version=1.0 |
Baum-Darstellung