| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.06.2012, 10:10
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.06.2012, 19:40
| #17 |
 | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Hallo,
__________________anbei die neuesten Daten. Danke + Grüße Helmut [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-25.03 - Helmut 25.06.2012 20:16:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.49.1031.18.958.336 [GMT 2:00]
ausgeführt von:: c:\users\Helmut\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helmut.Helmut-PC\Desktop\Internet Explorer.lnk
c:\windows\system32\explorer.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 18:27 . 2012-06-25 18:27 -------- d-----w- c:\users\Rita\AppData\Local\temp
2012-06-25 18:27 . 2012-06-25 18:27 -------- d-----w- c:\users\Helmut.Helmut-PC\AppData\Local\temp
2012-06-25 18:27 . 2012-06-25 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:43 . 2012-06-21 19:43 -------- d-----w- c:\program files\ESET
2012-06-18 16:48 . 2012-06-18 16:48 -------- d-----w- c:\users\Helmut\AppData\Roaming\Malwarebytes
2012-06-18 16:48 . 2012-06-18 16:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 16:48 . 2012-06-18 16:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-18 16:48 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-18 12:52 . 2012-06-18 12:52 -------- d-----w- C:\T-Online
2012-06-11 21:32 . 2012-06-11 21:32 -------- d-----w- c:\users\Rita\AppData\Roaming\PC Suite
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 15:45 . 2012-03-28 13:49 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:45 . 2012-03-28 13:49 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2008-04-08 11:59 . 2008-04-08 11:59 2808832 ----a-w- c:\program files\Common FilesDDBACSetup.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-28 171448]
"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-12 293376]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-09-01 966712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]
.
c:\users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ctfmon.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.drehscheibe-online.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: drehscheibe-online.de\www
Trusted Zone: olb.de\www
Trusted Zone: privatbahnforum.de\www
TCP: DhcpNameServer = 192.168.2.1
DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} - hxxps://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-25 20:28
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-06-25 20:33:17
ComboFix-quarantined-files.txt 2012-06-25 18:33
.
Vor Suchlauf: 8 Verzeichnis(se), 71.704.715.264 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 72.238.333.952 Bytes frei
.
- - End Of File - - B1E25AE2AA6D036C6B9830D03E94A5EC
|
|
25.06.2012, 20:50
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
25.06.2012, 22:05
| #19 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Hallo, so, Gmer habe ich schon mal parat... Grüße Helmut [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-25 23:00:12
Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000047 WDC_WD16 rev.05.0
Running: vnwfey1h.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pwlyrpoc.sys
---- System - GMER 1.0.15 ----
SSDT 8968350C ZwClose
SSDT 89683516 ZwCreateSection
SSDT 89683507 ZwDuplicateObject
SSDT 896834A8 ZwOpenProcess
SSDT 896834AD ZwOpenThread
SSDT 89683520 ZwRequestWaitReplyPort
SSDT 8968351B ZwSetContextThread
SSDT 89683525 ZwSetSecurityObject
SSDT 8968352A ZwSystemDebugControl
SSDT 896834B7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 368 81C80874 4 Bytes CALL E9FD14FA
.text ntkrnlpa.exe!ZwCallbackReturn + 3D4 81C808E0 4 Bytes JMP E9FD1F66
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes CALL E9FD27CE
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x88DC8340, 0x28B977, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74A3FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A0B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [749FA31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749FCBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [749F8AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A0CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [749F7D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [749F7CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749F6A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A8C1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A17F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [749F90CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A02179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A021A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A07F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A07D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2456] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74A383D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Hallo, so, Osam auch noch, nun ist erst mal Feierabend - muss in die Koje - morgen arbeiten. GN8 Helmut Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:23:56 on 25.06.2012 OS: Windows Vista Home Basic Edition (Build 6000), 32-bit Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.16386 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl "ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Helmut\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS "pwlyrpoc" (pwlyrpoc) - ? - C:\Users\Helmut\AppData\Local\Temp\pwlyrpoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {271A3CF5-5A54-447B-A08F-BE805F0DA60B} "B+S Banksysteme AG DDBAC Plug-In" - "B+S Banksysteme AG" - C:\Windows\system32\AXFOAM.DLL / https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - ? - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX (File not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar2.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray "swg" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup "OpwareSE4" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" "ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart "WrtMon.exe" - ? - C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe "Adobe Active File Monitor V5" (AdobeActiveFileMonitor5.0) - ? - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe (File found, but it contains no detailed information) "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-25 23:43:21
-----------------------------
23:43:21.766 OS Version: Windows 6.0.6000
23:43:21.766 Number of processors: 1 586 0x4F02
23:43:21.766 ComputerName: HELMUT-PC UserName: Helmut
23:44:08.633 Initialize success
23:45:02.660 AVAST engine defs: 12062500
23:45:19.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000048
23:45:19.574 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 8
23:45:19.602 Disk 0 MBR read successfully
23:45:19.612 Disk 0 MBR scan
23:45:19.704 Disk 0 Windows VISTA default MBR code
23:45:19.729 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 2049 MB offset 12678
23:45:19.792 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 150569 MB offset 4212732
23:45:19.847 Disk 0 scanning sectors +312579760
23:45:20.015 Disk 0 scanning C:\Windows\system32\drivers
23:45:51.365 Service scanning
23:46:33.717 Modules scanning
23:46:47.758 Disk 0 trace - called modules:
23:46:47.797 ntkrnlpa.exe CLASSPNP.SYS disk.sys hal.dll acpi.sys storport.sys nvstor.sys partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys dxgkrnl.sys nvlddmkm.sys
23:46:48.162 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ca2818]
23:46:48.173 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x836ef978]
23:46:48.185 5 acpi.sys[804d632a] -> nt!IofCallDriver -> \Device\00000048[0x836f19d0]
23:46:48.197 7 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x836ef978]
23:46:48.208 9 acpi.sys[804d632a] -> nt!IofCallDriver -> \Device\00000048[0x836f19d0]
23:46:48.221 Scan finished successfully
23:47:11.855 Disk 0 MBR has been saved successfully to "C:\Users\Helmut\Desktop\MBR.dat"
23:47:11.867 The log file has been saved successfully to "C:\Users\Helmut\Desktop\aswMBR.txt"
|
|
26.06.2012, 11:32
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 17:58
| #21 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Hallo, anbei die Superspyware. Habe als Bild noch die run.dll beigefügt. DANKE + Malewarebytes folgt. Gruß Helmut Code:
ATTFilter Core Rules Database Version : 8798
Trace Rules Database Version: 6610
Scan type : Quick Scan
Total Scan Time : 00:07:01
Operating System Information
Windows Vista Home Basic 32-bit (Build 6.00.6000)
UAC On - Limited User (Administrator User)
Memory items scanned : 698
Memory threats detected : 0
Registry items scanned : 26854
Registry threats detected : 0
File items scanned : 7133
File threats detected : 108
Adware.Tracking Cookie
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\helmut@atdmt[1].txt [ Cookie:helmut@atdmt.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\helmut@windowsmedia[1].txt [ Cookie:helmut@windowsmedia.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@doubleclick[2].txt [ Cookie:helmut@doubleclick.net/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@imrworldwide[2].txt [ Cookie:helmut@imrworldwide.com/cgi-bin ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@mediaplex[1].txt [ Cookie:helmut@mediaplex.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@casalemedia[2].txt [ Cookie:helmut@casalemedia.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@2o7[2].txt [ Cookie:helmut@2o7.net/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@adultfriendfinder[1].txt [ Cookie:helmut@adultfriendfinder.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@partners.webmasterplan[1].txt [ Cookie:helmut@partners.webmasterplan.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@komtrack[2].txt [ Cookie:helmut@komtrack.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zedo[2].txt [ Cookie:rita@zedo.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tribalfusion[2].txt [ Cookie:rita@tribalfusion.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@accounts.google[1].txt [ Cookie:rita@accounts.google.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.active-tracking[1].txt [ Cookie:rita@www.active-tracking.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@track.effiliation[2].txt [ Cookie:rita@track.effiliation.com/servlet/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@fastclick[1].txt [ Cookie:rita@fastclick.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adfarm1.adition[1].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@track.adform[2].txt [ Cookie:rita@track.adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adformdsp[1].txt [ Cookie:rita@adformdsp.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tacoda.at.atwola[1].txt [ Cookie:rita@tacoda.at.atwola.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tradedoubler[2].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.google[1].txt [ Cookie:rita@www.google.de/accounts ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@server.adform[2].txt [ Cookie:rita@server.adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@smartadserver[2].txt [ Cookie:rita@smartadserver.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@apmebf[2].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@advertising[1].txt [ Cookie:rita@advertising.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ar.atwola[1].txt [ Cookie:rita@ar.atwola.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ad2.adfarm1.adition[1].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adform[1].txt [ Cookie:rita@adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@webmasterplan[2].txt [ Cookie:rita@webmasterplan.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@revsci[2].txt [ Cookie:rita@revsci.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@content.yieldmanager[2].txt [ Cookie:rita@content.yieldmanager.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@rotator.adjuggler[1].txt [ Cookie:rita@rotator.adjuggler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@2o7[1].txt [ Cookie:rita@2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adfarm1.adition[2].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@de.sitestat[1].txt [ Cookie:rita@de.sitestat.com/ing-diba/de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@unitymedia[1].txt [ Cookie:rita@unitymedia.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@tradedoubler[1].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@weborama[1].txt [ Cookie:rita@weborama.fr/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@vdwp.solution.weborama[2].txt [ Cookie:rita@vdwp.solution.weborama.fr/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@microsoftwlsearchcrm.112.2o7[1].txt [ Cookie:rita@microsoftwlsearchcrm.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad.adition[1].txt [ Cookie:rita@ad.adition.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adsrv.admediate[1].txt [ Cookie:rita@adsrv.admediate.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad2.adfarm1.adition[2].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@webmasterplan[1].txt [ Cookie:rita@webmasterplan.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@apmebf[1].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\Cookies\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\Cookies\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\Cookies\rita@zedo[2].txt [ Cookie:rita@zedo.com/ ]
C:\USERS\RITA\Cookies\rita@tribalfusion[2].txt [ Cookie:rita@tribalfusion.com/ ]
C:\USERS\RITA\Cookies\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\Cookies\rita@accounts.google[1].txt [ Cookie:rita@accounts.google.com/ ]
C:\USERS\RITA\Cookies\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\Cookies\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\Cookies\rita@www.active-tracking[1].txt [ Cookie:rita@www.active-tracking.de/ ]
C:\USERS\RITA\Cookies\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\Cookies\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\Cookies\rita@track.effiliation[2].txt [ Cookie:rita@track.effiliation.com/servlet/ ]
C:\USERS\RITA\Cookies\rita@fastclick[1].txt [ Cookie:rita@fastclick.net/ ]
C:\USERS\RITA\Cookies\rita@adfarm1.adition[1].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@track.adform[2].txt [ Cookie:rita@track.adform.net/ ]
C:\USERS\RITA\Cookies\rita@adformdsp[1].txt [ Cookie:rita@adformdsp.net/ ]
C:\USERS\RITA\Cookies\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\Cookies\rita@tacoda.at.atwola[1].txt [ Cookie:rita@tacoda.at.atwola.com/ ]
C:\USERS\RITA\Cookies\rita@tradedoubler[2].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\Cookies\rita@www.google[1].txt [ Cookie:rita@www.google.de/accounts ]
C:\USERS\RITA\Cookies\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\Cookies\rita@server.adform[2].txt [ Cookie:rita@server.adform.net/ ]
C:\USERS\RITA\Cookies\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\Cookies\rita@smartadserver[2].txt [ Cookie:rita@smartadserver.com/ ]
C:\USERS\RITA\Cookies\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\Cookies\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@apmebf[2].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\Cookies\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\Cookies\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\Cookies\rita@advertising[1].txt [ Cookie:rita@advertising.com/ ]
C:\USERS\RITA\Cookies\rita@ar.atwola[1].txt [ Cookie:rita@ar.atwola.com/ ]
C:\USERS\RITA\Cookies\rita@ad2.adfarm1.adition[1].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@adform[1].txt [ Cookie:rita@adform.net/ ]
C:\USERS\RITA\Cookies\rita@webmasterplan[2].txt [ Cookie:rita@webmasterplan.com/ ]
|
|
26.06.2012, 18:21
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?Code:
ATTFilter Scan type : Quick Scan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 19:02
| #23 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? OK, mache ich. Nach Superspyware Anleitung sollte es ein Quickscan sein, Du wolltest Vollscan. Männer können nur eines gleichzeitig ;-) ... ...anbei MWB Scan. Grüße Helmut Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.17037 Helmut :: HELMUT-PC [Administrator] Schutz: Aktiviert 26.06.2012 19:03:16 mbam-log-2012-06-26 (19-03-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239245 Laufzeit: 5 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von 012 055-0 (26.06.2012 um 19:08 Uhr) |
|
26.06.2012, 19:22
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Ich wollte vollständig Kontrollscans sehen! Mit SUPERAntiSpyware und Malwarebytes! Was soll ich denn jetzt mit dem Quickscan von Malwarebytes? Mit beiden Programmen bitte Vollscans machen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2012, 21:10
| #25 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Ja, sorry, hatte es einfach überlesen und nach den Einzelanleitungen gearbeitet; da steht Quickscan. Hier schon mal einer Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/26/2012 at 10:06 PM
Application Version : 5.1.1002
Core Rules Database Version : 8798
Trace Rules Database Version: 6610
Scan type : Complete Scan
Total Scan Time : 02:01:05
Operating System Information
Windows Vista Home Basic 32-bit (Build 6.00.6000)
UAC On - Limited User (Administrator User)
Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 33118
Registry threats detected : 0
File items scanned : 111106
File threats detected : 219
Adware.Tracking Cookie
C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Cookies\helmut@apmebf[1].txt [ /apmebf ]
C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Cookies\helmut@doubleclick[1].txt [ /doubleclick ]
C:\USERS\HELMUT\Cookies\helmut@doubleclick[1].txt [ Cookie:helmut@doubleclick.net/ ]
C:\USERS\HELMUT\Cookies\helmut@apmebf[1].txt [ Cookie:helmut@apmebf.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\helmut@atdmt[1].txt [ Cookie:helmut@atdmt.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\helmut@windowsmedia[1].txt [ Cookie:helmut@windowsmedia.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@doubleclick[2].txt [ Cookie:helmut@doubleclick.net/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@imrworldwide[2].txt [ Cookie:helmut@imrworldwide.com/cgi-bin ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@mediaplex[1].txt [ Cookie:helmut@mediaplex.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@casalemedia[2].txt [ Cookie:helmut@casalemedia.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@2o7[2].txt [ Cookie:helmut@2o7.net/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@adultfriendfinder[1].txt [ Cookie:helmut@adultfriendfinder.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@partners.webmasterplan[1].txt [ Cookie:helmut@partners.webmasterplan.com/ ]
C:\USERS\HELMUT.HELMUT-PC\AppData\Roaming\Microsoft\Windows\Cookies\Low\helmut@komtrack[2].txt [ Cookie:helmut@komtrack.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zedo[2].txt [ Cookie:rita@zedo.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tribalfusion[2].txt [ Cookie:rita@tribalfusion.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@accounts.google[1].txt [ Cookie:rita@accounts.google.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.active-tracking[1].txt [ Cookie:rita@www.active-tracking.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@track.effiliation[2].txt [ Cookie:rita@track.effiliation.com/servlet/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@fastclick[1].txt [ Cookie:rita@fastclick.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adfarm1.adition[1].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@track.adform[2].txt [ Cookie:rita@track.adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adformdsp[1].txt [ Cookie:rita@adformdsp.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tacoda.at.atwola[1].txt [ Cookie:rita@tacoda.at.atwola.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@tradedoubler[2].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.google[1].txt [ Cookie:rita@www.google.de/accounts ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@server.adform[2].txt [ Cookie:rita@server.adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@smartadserver[2].txt [ Cookie:rita@smartadserver.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@apmebf[2].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@advertising[1].txt [ Cookie:rita@advertising.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ar.atwola[1].txt [ Cookie:rita@ar.atwola.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@ad2.adfarm1.adition[1].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@adform[1].txt [ Cookie:rita@adform.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\rita@webmasterplan[2].txt [ Cookie:rita@webmasterplan.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@revsci[2].txt [ Cookie:rita@revsci.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@content.yieldmanager[2].txt [ Cookie:rita@content.yieldmanager.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@rotator.adjuggler[1].txt [ Cookie:rita@rotator.adjuggler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@2o7[1].txt [ Cookie:rita@2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adfarm1.adition[2].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@de.sitestat[1].txt [ Cookie:rita@de.sitestat.com/ing-diba/de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@unitymedia[1].txt [ Cookie:rita@unitymedia.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@tradedoubler[1].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@weborama[1].txt [ Cookie:rita@weborama.fr/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@vdwp.solution.weborama[2].txt [ Cookie:rita@vdwp.solution.weborama.fr/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@microsoftwlsearchcrm.112.2o7[1].txt [ Cookie:rita@microsoftwlsearchcrm.112.2o7.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad.adition[1].txt [ Cookie:rita@ad.adition.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@adsrv.admediate[1].txt [ Cookie:rita@adsrv.admediate.net/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@ad2.adfarm1.adition[2].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@webmasterplan[1].txt [ Cookie:rita@webmasterplan.com/ ]
C:\USERS\RITA\AppData\Roaming\Microsoft\Windows\Cookies\Low\rita@apmebf[1].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\Cookies\rita@adtech[1].txt [ Cookie:rita@adtech.de/ ]
C:\USERS\RITA\Cookies\rita@bs.serving-sys[2].txt [ Cookie:rita@bs.serving-sys.com/ ]
C:\USERS\RITA\Cookies\rita@zedo[2].txt [ Cookie:rita@zedo.com/ ]
C:\USERS\RITA\Cookies\rita@tribalfusion[2].txt [ Cookie:rita@tribalfusion.com/ ]
C:\USERS\RITA\Cookies\rita@zanox-affiliate[2].txt [ Cookie:rita@zanox-affiliate.de/ ]
C:\USERS\RITA\Cookies\rita@accounts.google[1].txt [ Cookie:rita@accounts.google.com/ ]
C:\USERS\RITA\Cookies\rita@atdmt[2].txt [ Cookie:rita@atdmt.com/ ]
C:\USERS\RITA\Cookies\rita@imrworldwide[2].txt [ Cookie:rita@imrworldwide.com/cgi-bin ]
C:\USERS\RITA\Cookies\rita@www.active-tracking[1].txt [ Cookie:rita@www.active-tracking.de/ ]
C:\USERS\RITA\Cookies\rita@serving-sys[2].txt [ Cookie:rita@serving-sys.com/ ]
C:\USERS\RITA\Cookies\rita@tracking.quisma[2].txt [ Cookie:rita@tracking.quisma.com/ ]
C:\USERS\RITA\Cookies\rita@track.effiliation[2].txt [ Cookie:rita@track.effiliation.com/servlet/ ]
C:\USERS\RITA\Cookies\rita@fastclick[1].txt [ Cookie:rita@fastclick.net/ ]
C:\USERS\RITA\Cookies\rita@adfarm1.adition[1].txt [ Cookie:rita@adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@track.adform[2].txt [ Cookie:rita@track.adform.net/ ]
C:\USERS\RITA\Cookies\rita@adformdsp[1].txt [ Cookie:rita@adformdsp.net/ ]
C:\USERS\RITA\Cookies\rita@microsoftwllivemkt.112.2o7[1].txt [ Cookie:rita@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\RITA\Cookies\rita@tacoda.at.atwola[1].txt [ Cookie:rita@tacoda.at.atwola.com/ ]
C:\USERS\RITA\Cookies\rita@tradedoubler[2].txt [ Cookie:rita@tradedoubler.com/ ]
C:\USERS\RITA\Cookies\rita@www.google[1].txt [ Cookie:rita@www.google.de/accounts ]
C:\USERS\RITA\Cookies\rita@www.zanox-affiliate[1].txt [ Cookie:rita@www.zanox-affiliate.de/ ]
C:\USERS\RITA\Cookies\rita@server.adform[2].txt [ Cookie:rita@server.adform.net/ ]
C:\USERS\RITA\Cookies\rita@h.atdmt[2].txt [ Cookie:rita@h.atdmt.com/ ]
C:\USERS\RITA\Cookies\rita@smartadserver[2].txt [ Cookie:rita@smartadserver.com/ ]
C:\USERS\RITA\Cookies\rita@invitemedia[2].txt [ Cookie:rita@invitemedia.com/ ]
C:\USERS\RITA\Cookies\rita@ad1.adfarm1.adition[2].txt [ Cookie:rita@ad1.adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@apmebf[2].txt [ Cookie:rita@apmebf.com/ ]
C:\USERS\RITA\Cookies\rita@msnportal.112.2o7[1].txt [ Cookie:rita@msnportal.112.2o7.net/ ]
C:\USERS\RITA\Cookies\rita@zanox[2].txt [ Cookie:rita@zanox.com/ ]
C:\USERS\RITA\Cookies\rita@advertising[1].txt [ Cookie:rita@advertising.com/ ]
C:\USERS\RITA\Cookies\rita@ar.atwola[1].txt [ Cookie:rita@ar.atwola.com/ ]
C:\USERS\RITA\Cookies\rita@ad2.adfarm1.adition[1].txt [ Cookie:rita@ad2.adfarm1.adition.com/ ]
C:\USERS\RITA\Cookies\rita@adform[1].txt [ Cookie:rita@adform.net/ ]
C:\USERS\RITA\Cookies\rita@webmasterplan[2].txt [ Cookie:rita@webmasterplan.com/ ]
C:\USERS\HELMUT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HELMUT@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\HELMUT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HELMUT@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\HELMUT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HELMUT@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\HELMUT\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\HELMUT@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
banners.securedataimages.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
bc.youporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
bigtitsporn.sluthaven.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
cdn.pornsharia.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
cdn1.static1.pornrabbit.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
chat.hornypharaoh.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
data-ero-advertising.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
delivery.ibanner.de [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
eu.flash.xxxbunker.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
files.youporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
flash.xxxbunker.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
flv.pornhoc.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
flvtools.spacash.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
fuckvidzpro.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
googleads.g.doubleclick.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
img.porncitadel.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
ledfuck.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
macromedia.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
media.adxpansion.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
media.tattomedia.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
media1.shufuni.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
s.hotpornshow.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
static.eporner.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
static.youporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
staticedge.hardsextube.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
theclassicporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
videos.allelitepass.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
vidii.hardsextube.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
watch2porn.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.adserv3.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.adservercentral.info [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.ahairytube.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.azpornstars.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.bangpornvideos.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.dearsex.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.deutschsexfilme.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.directporntube.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.free-pornvideo.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.freepornsexx.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.germansexvideo.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.germanypornos.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.hdgratisporno.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.homesexdaily.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.hornypharaoh.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.lozporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.maxpornsite.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.mofosex.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.naiadsystems.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.nakedonthestreets.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.oosex.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.plug-media.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornative.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornbangs.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornerbros.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornkiste.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornme.in [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornscreen.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornstv.org [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.porntubefeed.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornvideowatch.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornvix.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornxix.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.pornyeah.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.realgfporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.sextube.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.theclassicporn.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.tubexxxtra.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.worldsexvideos.net [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.xxxpornoworld.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.xxxymovies.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.youpornvid.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
www.yourpornjizz.com [ C:\USERS\HELMUT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\TBFEBB9Y ]
C:\USERS\HELMUT.HELMUT-PC\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HELMUT@SEXLIST[1].TXT [ /SEXLIST ]
imagesrv.adition.com [ C:\USERS\RITA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QCFC4PDH ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD.WSOD[2].TXT [ /AD.WSOD ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RITA@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@AD.DYNTRACKER[1].TXT [ /AD.DYNTRACKER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@AD.ZANOX[1].TXT [ /AD.ZANOX ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@C.ATDMT[2].TXT [ /C.ATDMT ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@SERVER.ADFORMDSP[1].TXT [ /SERVER.ADFORMDSP ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
C:\USERS\RITA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\RITA@TRACKING.MLSAT02[1].TXT [ /TRACKING.MLSAT02 ]
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.17037 Helmut :: HELMUT-PC [Administrator] Schutz: Aktiviert 26.06.2012 22:12:32 mbam-log-2012-06-26 (22-12-32).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 339573 Laufzeit: 50 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
27.06.2012, 12:33
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Sieht ok aus, da wurden nur Cookies gefunden. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2012, 14:18
| #27 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Hallo, bis auf die "run.dll" (siehe Bild) kann ich nichts Weiteres feststellen. Vielen Dank schon mal. Was soll ich denn mit der ganzen Software, die ich jetzt geladen habe, weiterhin machen? MWB läuft ja in 5 Tagen ab. Eines ist klar, Antivir alleine reicht nach der Erfahrung ja nicht aus... ...und wenns möglich ist, die run.dll nervt halt ein bisschen, andererseits ist sie eine gute Mahnung, also.... Viele Grüße Helmut |
|
28.06.2012, 09:36
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Das ist nur ein verwaister Eintrag, machen wir mit OTL weg Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.06.2012, 21:32
| #29 |
| | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Hallo, so, hier ist das OTL Log. Was mache ich denn mit den Schädlingen, die bei einigen Programmen in Quarantäne geschickt wurden? Noch mal danke + Grüße Helmut OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 21:51:46 - Run 3 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Helmut\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 958,06 Mb Total Physical Memory | 214,92 Mb Available Physical Memory | 22,43% Memory free 2,12 Gb Paging File | 1,07 Gb Available in Paging File | 50,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,04 Gb Total Space | 65,82 Gb Free Space | 44,76% Space Free | Partition Type: NTFS Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 21:48:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe PRC - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:45:46 | 000,613,328 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\update.exe PRC - [2012.05.08 17:45:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:45:46 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 17:45:46 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\updrgui.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.09.01 14:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.06.16 14:09:48 | 000,135,168 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.06.08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.03.28 15:39:26 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe PRC - [2007.02.15 11:04:56 | 000,282,624 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:34:59 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ========== Modules (No Company Name) ========== MOD - [2011.09.01 14:38:32 | 000,931,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.09.01 14:37:50 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.09.01 14:37:50 | 000,913,920 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.09.01 14:37:50 | 000,416,256 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll MOD - [2011.09.01 14:37:50 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll MOD - [2011.09.01 14:37:50 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll MOD - [2011.09.01 14:37:48 | 008,166,912 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.09.01 14:37:48 | 002,551,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.09.01 14:37:48 | 002,282,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.09.01 14:37:48 | 002,246,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.09.01 14:37:48 | 001,288,192 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.09.01 14:37:48 | 000,676,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.09.01 14:37:48 | 000,340,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.09.01 14:37:48 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.09.01 14:37:48 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.09.01 14:08:58 | 000,508,416 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.09.01 14:08:56 | 000,109,568 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.09.01 14:08:18 | 000,378,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtCore.dll MOD - [2011.09.01 14:08:18 | 000,159,232 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtWeb.dll MOD - [2011.09.01 14:08:16 | 000,089,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\qjson.dll MOD - [2011.09.01 14:08:14 | 000,392,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.09.01 14:08:14 | 000,387,976 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.09.01 14:08:14 | 000,058,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.09.01 14:07:04 | 000,727,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.01.02 23:31:09 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Helmut\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 17:45:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:45:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.05.09 17:33:00 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drehscheibe-online.de/ IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.09.08 20:25:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.09.08 20:25:51 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012.06.25 20:28:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O3 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe () O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: drehscheibe-online.de ([www] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: privatbahnforum.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E45CACCA-FE12-4220-A739-E4ECD74A176F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 16:33:58 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\SUPERAntiSpyware.com [2012.06.26 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.06.26 16:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.06.26 16:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.06.26 16:31:40 | 017,963,072 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Helmut\Desktop\SUPERAntiSpyware.exe [2012.06.25 23:40:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.06.25 23:28:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Helmut\Desktop\aswMBR.exe [2012.06.25 23:18:24 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable [2012.06.25 23:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.06.25 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.06.25 20:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.25 20:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.25 20:12:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.25 20:12:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.25 20:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012.06.25 20:12:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.25 20:12:25 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.06.25 20:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.25 20:11:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.25 20:08:08 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe [2012.06.24 20:23:57 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Helmut\Desktop\tdsskiller.exe [2012.06.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.18 20:16:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.06.18 18:48:48 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2012.06.18 18:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.18 18:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.18 18:48:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.18 18:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.18 14:52:54 | 000,000,000 | ---D | C] -- C:\T-Online [2009.01.04 18:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Helmut\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.06.28 21:48:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.06.28 21:44:30 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 21:44:29 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 21:44:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 21:44:15 | 1005,244,416 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 15:21:36 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.27 15:21:36 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.27 15:21:36 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.27 15:21:36 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.26 16:33:48 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.26 16:32:17 | 017,963,072 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Helmut\Desktop\SUPERAntiSpyware.exe [2012.06.26 16:25:38 | 000,002,517 | ---- | M] () -- C:\Users\Helmut\Desktop\Microsoft Office Picture Manager.lnk [2012.06.25 23:47:11 | 000,000,512 | ---- | M] () -- C:\Users\Helmut\Desktop\MBR.dat [2012.06.25 23:40:45 | 269,741,338 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.06.25 23:28:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Helmut\Desktop\aswMBR.exe [2012.06.25 23:07:06 | 004,272,474 | ---- | M] () -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable.rar [2012.06.25 20:28:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.25 20:08:09 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe [2012.06.24 20:24:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Helmut\Desktop\tdsskiller.exe [2012.06.22 12:44:29 | 000,002,609 | ---- | M] () -- C:\Users\Helmut\Desktop\Microsoft Office Word 2003.lnk [2012.06.18 20:44:51 | 000,302,592 | ---- | M] () -- C:\Users\Helmut\Desktop\vnwfey1h.exe [2012.06.18 20:14:08 | 000,000,000 | ---- | M] () -- C:\Users\Helmut\defogger_reenable [2012.06.18 18:48:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 18:31:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.06.18 15:30:07 | 000,000,680 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.06.18 13:39:09 | 000,001,722 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ========== Files Created - No Company Name ========== [2012.06.26 16:33:48 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.06.25 23:47:11 | 000,000,512 | ---- | C] () -- C:\Users\Helmut\Desktop\MBR.dat [2012.06.25 23:39:54 | 269,741,338 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.06.25 23:06:32 | 004,272,474 | ---- | C] () -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable.rar [2012.06.25 20:12:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.25 20:12:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.25 20:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.25 20:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.25 20:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.18 20:44:50 | 000,302,592 | ---- | C] () -- C:\Users\Helmut\Desktop\vnwfey1h.exe [2012.06.18 20:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Helmut\defogger_reenable [2012.06.18 18:48:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 18:28:44 | 1005,244,416 | -HS- | C] () -- C:\hiberfil.sys [2012.06.18 13:43:00 | 000,000,680 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.06.18 13:39:09 | 000,001,722 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.18 13:39:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2010.10.01 20:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.29 15:23:21 | 000,008,313 | ---- | C] () -- C:\Users\Helmut\.recently-used.xbel [2009.05.28 20:30:32 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW [2009.02.25 16:01:54 | 022,200,867 | ---- | C] () -- C:\Users\Helmut\Streckenkarte_A0_Rastedt.jpg [2009.02.25 16:00:53 | 000,235,911 | ---- | C] () -- C:\Users\Helmut\Streckenkarte NW.jpg [2009.01.11 21:48:08 | 000,087,608 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\inst.exe [2009.01.04 18:54:39 | 000,087,608 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\ezpinst.exe [2009.01.04 18:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\pcouffin.cat [2009.01.04 18:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\pcouffin.inf [2008.05.24 11:01:49 | 000,049,152 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.08 13:59:15 | 002,808,832 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi [2008.01.01 20:18:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.01.01 19:56:20 | 000,000,094 | ---- | C] () -- C:\Users\Helmut\AppData\Local\fusioncache.dat ========== LOP Check ========== [2009.05.28 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon [2008.01.01 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DataDesign [2009.11.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\gtk-2.0 [2009.07.12 19:50:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Lasersoft Imaging [2009.08.25 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\NewSoft [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia Ovi Suite [2009.05.28 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Opera [2011.10.15 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Packnet [2011.09.08 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\PC Suite [2009.05.28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ScanSoft [2008.01.01 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\T-Online [2009.01.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Vso [2009.05.11 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Zoner [2008.01.01 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\DataDesign [2007.12.29 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\PeerNetworking [2008.01.01 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\T-Online [2011.06.12 02:24:46 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\DataDesign [2009.07.29 11:03:30 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\NewSoft [2012.06.11 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\PC Suite [2009.07.29 11:02:46 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\T-Online [2012.06.27 15:46:30 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.07.01 15:24:06 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Adobe [2009.05.28 20:27:46 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ArcSoft [2012.03.31 20:10:50 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Avira [2009.01.11 18:10:42 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\AVS4YOU [2009.05.28 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon [2008.01.01 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DataDesign [2008.01.01 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Google [2009.11.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\gtk-2.0 [2008.01.01 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Identities [2009.07.12 19:50:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Lasersoft Imaging [2008.01.01 20:02:36 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Macromedia [2012.06.18 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2011.01.09 00:11:50 | 000,000,000 | --SD | M] -- C:\Users\Helmut\AppData\Roaming\Microsoft [2009.08.25 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\NewSoft [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia [2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia Ovi Suite [2009.05.28 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Opera [2011.10.15 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Packnet [2011.09.08 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\PC Suite [2009.05.28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ScanSoft [2010.10.15 15:39:23 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Skype [2010.10.15 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\skypePM [2012.06.26 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\SUPERAntiSpyware.com [2008.01.01 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\T-Online [2008.07.29 17:29:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\vlc [2009.01.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Vso [2009.05.11 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2009.01.04 18:54:39 | 000,087,608 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\ezpinst.exe [2009.01.11 21:48:08 | 000,087,608 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\inst.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\erdnt\cache\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.05.30 18:21:58 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\erdnt\cache\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 22:48:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\erdnt\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\erdnt\cache\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys < MD5 for: NVSTOR32.SYS > [2006.12.22 21:07:10 | 000,093,696 | ---- | M] (NVIDIA Corporation) MD5=5FBF62A83B551F757112B4A0C27432EC -- C:\Fujitsu Siemens Computers\Driver Pool\3\nvstor32.sys < MD5 for: SCECLI.DLL > [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\erdnt\cache\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll < MD5 for: USER32.DLL > [2008.01.02 23:12:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\erdnt\cache\user32.dll [2008.01.02 23:12:59 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.02 23:12:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.02 23:12:58 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll < MD5 for: USERINIT.EXE > [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\erdnt\cache\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\erdnt\cache\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\erdnt\cache\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Hallo, die "run.dll" ist nach Neustart immer noch da. Grüße Helmut |
|
29.06.2012, 12:03
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?Zitat:
So richtig seh ich den entsrpechenden Eintrag nicht, mach aber nochmal hiermit einen OTL-Fix Code:
ATTFilter :OTL
[2012.06.18 13:39:09 | 000,001,722 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.18 13:39:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2009.05.28 20:30:32 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? |
| antivir, autorun, avira, bho, browser.exe, bundestrojaner eingefangen, computer, converter, downloader, error, excel, firefox, flash player, format, google, home, iexplore.exe, install.exe, logfile, mp3, plug-in, registry, rundll, scan, searchscopes, security, sicherheit, software, udp, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
