| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernung von diverser AdwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2010, 11:22
| #1 |
 |  Entfernung von diverser Adware Hallo, ich brauche Hilfe beim Entfernen von Adware. Über das Netz und das Forum habe ich schon Einiges erledigt, aber vielleicht könnten die Profis mal darüberschauen und mir weiterhelfen. Hier ist der ursprüngliche Malwarebytes-Log: Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 16 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 7 Infizierte Dateien: 349 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{0493d0d7-f8e0-42ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{015da6c9-189f-423a-88cd-06cfe51cff20} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall (Adware.MyWaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown.1 (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup.1 (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin.1 (Adware.MyWaySearch) -> No action taken. HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0454d0d1-f8e0-41ad-91a3-14164ece70ac} (Adware.MyWaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd27d-3a98-4e15-973d-dc8492744b1d} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fg27d-3a88-4e13-963d-dc8492724b1d} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0294d0d9-f8e0-41ad-92a3-14164ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0294d0d9-f8e0-41ad-92a3-14164ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0294d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: C:\Programme\MyWay (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\History (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Settings (Adware.MyWebSearch) -> No action taken. C:\WINDOWS\system32\AdCache (AdWare.Cydoor) -> No action taken. Infizierte Dateien: C:\Programme\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\0050A397.yxMCQ (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\0050B59F.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\0050B898.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\0050BA83.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\021BF7F8 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\064B4075 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\History\search (Adware.MyWebSearch) -> No action taken. C:\Programme\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken. C:\WINDOWS\system32\AdCache\B_107600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_256000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_261300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_261600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_298500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_105300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_177800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_177800.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_263700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_298000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_341200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_380400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_380600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_382100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_382500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_397300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_446700.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_446800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_446900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_0_477900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_341300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_363400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_426700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_500500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_504200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_505600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_509700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_513200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_519800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_550200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_550300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_585400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_585700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_586100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_620100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_620100.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_625600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_625900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_626100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_638700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_638900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_645900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_1_645900.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_106300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_115100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_132500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_132600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_157600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_165200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_165200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_508500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_519200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_524300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_524600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_532000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_539200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_539200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_552700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_552800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_554300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_554700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_568300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_568600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_568700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_590900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_591400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_601700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_634400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_2_665400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_3_177900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_3_363100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_3_363500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_3_508900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_0_4_552000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_1_0_449200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_1_0_449600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_1_0_454300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_105300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_177800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_177800.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_263700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_281200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_382500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_397300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_446700.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_446800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_446900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_0_477900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_341300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_426700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_500500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_504200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_505600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_509700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_513200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_519800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_550200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_550300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_550400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_550800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_583000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_583500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_585400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_585700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_586100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_620100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_620100.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_625600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_625900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_626100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_626600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_629100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_630000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_630500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_638700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_638900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_645900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_1_645900.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_106300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_115100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_132500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_132600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_157600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_165200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_165200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_501700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_508500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_518600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_518600.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_519200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_519700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_524300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_524600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_532000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_539200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_539200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_550200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_552700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_552800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_553300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_554300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_554700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_557000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_558700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_568300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_568600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_568700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_569200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_590900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_591400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_594400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_601700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_633900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_634400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_634600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_634800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_2_665400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_177900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_363100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_363500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_508900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_559100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_3_559100.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_2_4_552000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_105300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_177800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_177800.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_263700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_397300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_446700.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_446800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_446900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_0_477900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_341300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_363400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_426700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_500500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_504200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_505600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_509700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_513200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_519800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_550200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_550300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_585400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_585700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_620100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_620100.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_625600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_625900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_626100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_638700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_638900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_645900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_1_645900.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_106300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_115100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_132500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_132600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_157600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_165200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_165200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_508500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_519200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_524300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_524600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_532000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_539200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_539200.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_552700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_552800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_554300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_554700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_568300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_568600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_568700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_569200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_569400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_590900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_591400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_601700.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_2_665400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_3_177900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_3_363100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_3_363500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_3_508900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_3_4_552000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_148900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_148900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_152400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_155300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_0_164100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_179100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_179100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_510100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_510100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_515600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_533700.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_563000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_563000.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_604500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_614000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_614000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_620300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_620300.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_626800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_626800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_645500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_645500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_652100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_652100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_652300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_652300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_652500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_653100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_653100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_655700.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_1_669600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_426800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_426800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_501000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_501000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_508400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_521400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_521400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_526600.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_526600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_528800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_528800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_543600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_543600.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_558500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_592400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_592400.jpg (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_592800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_592800.jpg (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_612400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_612400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_647500.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_647500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_648900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_648900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_652100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_652100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_652300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_652300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_653100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_653100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710300.jpg (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_2_710400.jpg (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_3_132300.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_3_132300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_3_371800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_176900.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_176900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_191400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_191400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_263800.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_263800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_274900.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_278000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_278000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_302400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_302400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_311000.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_311000.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_344400.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_344400.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_368200.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_368200.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_500300.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_500300.swf (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_601100.gif (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_329_4_4_601100.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_370500.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_379600.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\system32\AdCache\B_379800.htm (AdWare.Cydoor) -> No action taken. C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken. MyWebSearch, MyWay war zwar über die Systemsteuerung vorhanden, ließ sich aber nicht deinstallieren, da ein Modul fehlte oder so ähnlich. Daraufhin habe ich alles von MywebSearch auch diesen Cache-Ordner etc. gelöscht und alle sonstigen Toolbars etc. ICQ und ähnliches deinstalliert. Jetzt habe ich folgende Ergebnisse: Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapeshutdown.1 (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.netscapestartup.1 (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\mywaytoolbar.settingsplugin.1 (Adware.MyWaySearch) -> No action taken. HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall (Adware.MyWaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyWay (Adware.MyWaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWaySearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0494d0d1-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Wie soll ich jetzt am besten vorgehen? |
|
25.07.2010, 16:09
| #2 |
| /// Selecta Jahrusso   | Entfernung von diverser Adware Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
__________________ |
|
25.07.2010, 17:38
| #3 |
| | Entfernung von diverser Adware Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
__________________Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 278,00 Mb Available Physical Memory | 54,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,29 Gb Total Space | 13,04 Gb Free Space | 28,16% Space Free | Partition Type: NTFS Drive D: | 36,88 Gb Total Space | 22,80 Gb Free Space | 61,82% Space Free | Partition Type: NTFS Drive E: | 9,86 Gb Total Space | 3,15 Gb Free Space | 31,98% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded ========== Processes (SafeList) ========== PRC - [2010.07.09 12:09:41 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgtray.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.06.23 15:26:17 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\OTL.exe PRC - [2009.08.28 13:59:50 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe PRC - [2009.08.28 13:59:48 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.28 13:59:40 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe PRC - [2009.08.28 13:59:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe PRC - [2009.08.28 13:59:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2005.01.11 19:18:40 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2005.01.01 20:31:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2004.12.01 16:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004.11.26 19:49:54 | 000,081,920 | ---- | M] (Wistron Corporation) -- C:\Programme\Wistron\AVManager\AVManager.exe PRC - [2004.11.23 17:01:28 | 000,073,728 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2004.11.11 16:13:44 | 000,049,152 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2004.10.05 17:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.06 15:04:10 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2004.07.26 15:52:34 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe PRC - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2001.10.25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe ========== Modules (SafeList) ========== MOD - [2010.04.25 03:43:16 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\OTL.exe MOD - [2008.04.14 04:22:14 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2004.10.01 11:44:30 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2004.08.04 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2004.06.04 10:14:24 | 000,032,768 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\KBHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009.08.28 13:59:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.08.28 13:59:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2008.03.23 14:44:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.08.06 10:44:44 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2001.10.25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2) ========== Driver Services (SafeList) ========== DRV - [2009.08.28 13:59:49 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.28 13:59:49 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.05.19 13:29:17 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009.05.01 01:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2008.04.13 21:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2005.05.19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005.04.18 16:15:54 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2005.01.10 17:54:02 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k) DRV - [2004.12.21 15:33:00 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.12.01 21:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004.11.29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2004.11.29 20:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2004.11.29 20:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2004.11.29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2004.11.29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.10.06 15:10:46 | 000,945,152 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2004.10.05 17:17:32 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004.07.22 15:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.05.27 00:07:30 | 000,067,584 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.05.26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox [2009.12.22 14:55:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 10:36:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.25 10:36:01 | 000,000,000 | ---D | M] [2009.02.16 12:53:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Extensions [2010.07.25 12:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\1hak71f9.Hannah\extensions [2010.07.11 08:02:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\1hak71f9.Hannah\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.04 13:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions [2009.12.21 20:32:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.06.30 18:55:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.12.21 20:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\staged-xpis [2010.02.04 13:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\cvfdj0j6.Hannah\extensions [2010.02.04 13:49:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\cvfdj0j6.Hannah\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.02.12 21:23:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplugin-1.xml [2008.07.16 22:53:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplugin-2.xml [2008.09.17 21:05:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplugin-3.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplugin.xml [2010.07.25 12:03:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.25 11:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.25 11:08:35 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.25 10:35:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.07.29 19:43:32 | 000,001,674 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml [2008.07.29 19:43:32 | 000,000,908 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml [2008.07.29 19:43:32 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml [2010.07.25 10:35:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.25 10:35:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.07.29 19:43:32 | 000,000,942 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml [2008.07.29 19:43:32 | 000,002,015 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml [2008.07.29 19:43:32 | 000,001,918 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml [2008.07.29 19:43:32 | 000,000,653 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml [2008.07.29 19:43:32 | 000,001,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml [2006.10.25 21:13:53 | 000,000,983 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webde-websuche.xml [2008.07.29 19:43:32 | 000,002,440 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webnews.xml [2010.07.25 10:35:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 10:35:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O2 - BHO: (PreispiratenSearchURL) - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (InstaFinderK) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll File not found O2 - BHO: (metaspinner GmbH) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll File not found O3 - HKLM\..\Toolbar: (My &Search Bar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O3 - HKCU\..\Toolbar\ShellBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O3 - HKCU\..\Toolbar\WebBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVManager] C:\Programme\Wistron\AVManager\AVManager.exe (Wistron Corporation) O4 - HKLM..\Run: [CMESys] C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe File not found O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [EPSON Stylus Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE File not found O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE File not found O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104261081168 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263639379544 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtevent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.01.10 02:31:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{426eb960-9bb0-11dd-8e71-00038a000015}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.07.25 11:08:56 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.25 11:08:55 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.25 11:08:54 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.25 11:08:54 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.25 11:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Java [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.07.25 12:24:35 | 062,475,682 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.07.25 12:00:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.25 11:59:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.25 11:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.25 11:11:26 | 012,320,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\ntuser.dat [2010.07.25 11:11:26 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hannah\ntuser.ini [2010.07.25 11:08:34 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.25 11:08:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.25 11:08:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.25 11:08:34 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.25 11:08:33 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.24 19:00:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010.07.23 22:04:31 | 000,034,925 | ---- | M] () [2010.07.21 22:14:22 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.12 16:08:29 | 000,115,404 | ---- | M] () -- C:\VETlog.dmp [2010.07.12 16:04:27 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.09 23:38:48 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.09 23:35:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.01 20:48:36 | 000,201,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.10 22:38:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.05.09 12:59:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.09 12:59:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.05.04 17:21:32 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB [2010.05.03 18:34:56 | 000,000,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\default.pls [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.02.20 17:29:02 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.09.27 09:59:03 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2007.09.27 09:55:27 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2007.07.22 22:18:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2006.08.13 11:52:07 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2006.08.13 11:52:04 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.04.20 17:15:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.04.14 12:30:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005.02.27 11:24:24 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.01.12 13:22:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2005.01.12 13:22:50 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2005.01.11 06:42:35 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.01.10 17:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2005.01.10 00:03:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.09 22:46:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.01.02 17:43:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.01.02 12:31:16 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.01.02 12:31:16 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\571AC95229.sys [2005.01.01 20:40:37 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.12.29 01:59:56 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.12.28 21:02:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004.12.28 21:00:02 | 000,007,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\VolDName.sys [2004.12.28 20:58:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2004.12.28 20:49:15 | 000,000,955 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.11.29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.01.14 08:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2008.03.24 16:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2008.07.15 09:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen [2008.07.01 18:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2005.01.02 11:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.2.0133 [2005.01.10 02:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2006.05.21 20:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\River Past G4 [2007.09.27 10:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2005.01.02 10:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.07.22 10:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2008.07.15 09:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\FileOpen [2008.07.01 18:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQ [2007.09.02 16:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQ Toolbar [2005.02.24 19:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQLite [2008.11.01 23:20:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Miranda [2006.08.06 10:50:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Opera [2006.05.21 20:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\River Past G4 [2007.09.27 09:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Ulead Systems [2008.08.03 12:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Viewpoint ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\image.jpg: SummaryInformation < End of report > |
|
25.07.2010, 17:47
| #4 |
| /// Selecta Jahrusso | Entfernung von diverser Adware Mir fehlt noch die Extras.txt. Bitte die Logfiles komplett posten
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.07.2010, 17:52
| #5 |
| | Entfernung von diverser Adware ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== "%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "%ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe" = %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe:*:enabled:BTTray -- (Broadcom Corporation.) "%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation) "%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found "%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found "%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found "%ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe" = %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe:*:enabled:BTTray -- (Broadcom Corporation.) "C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.) "C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found "C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005 "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2 "{261D0486-9127-4071-BA1D-FE784310752E}" = videon "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{27EB5747-9CE3-4F83-96C3-B2FF212CD1A6}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader® "{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10 "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10 "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "{52E42344-1C48-453D-B80C-081C431F4E08}" = AVManager V1.1.1.2 "{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema "{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05 "{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}" = MSN Messenger 6.2 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works "{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update "{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word "{C9D90376-50C8-4907-AFA2-CA77364A8D51}" = TIxx21/x515 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.2.9 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2 "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "AVG8Uninstall" = AVG 8.5 "bghst.nfo" = BGHSt CD-ROM - Grundwerk Band 1-46 "Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem "EPSON Printer and Utilities" = EPSON-Drucker-Software "FreeRIP_is1" = FreeRIP v2.942 "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "INSTAFINK" = InstaFinderK "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller "InstallShield_{C9D90376-50C8-4907-AFA2-CA77364A8D51}" = Texas Instruments PCIxx21/x515 drivers. "IrfanView" = IrfanView (remove only) "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Miranda IM" = Miranda IM 0.7.8 "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19) "My Way Speedbar Uninstall" = My Search Bar "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PCFriendly" = PCFriendly "PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10 "RealPlayer 6.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player "Weight Watchers FlexPoints" = Weight Watchers FlexPoints "Winamp" = Winamp (remove only) "Windows Media Connect" = Windows Media Connect "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR Archivierer "Works2005Setup" = Setup-Start von Microsoft Works 2005 "X10Hardware" = X10 Hardware(TM) "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 06.05.2009 09:49:28 | Computer Name = WORK| Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung miranda32.exe, Version 0.7.8.3, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x25015d2d. [ System Events ] Error - 24.07.2010 10:32:56 | Computer Name = WORK| Source = Service Control Manager | ID = 7000 Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.07.2010 10:32:56 | Computer Name = WORK| Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "IrDA-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 24.07.2010 10:01:01 | Computer Name = WORK| Source = Service Control Manager | ID = 7000 Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 24.07.2010 10:01:01 | Computer Name = WORK| Source = Service Control Manager | ID = 7001 Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "IrDA-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%2 Error - 23.07.2010 21:55:03 | Computer Name = WORK| Source = Service Control Manager | ID = 7000 Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
|
25.07.2010, 18:24
| #6 |
| /// Selecta Jahrusso | Entfernung von diverser Adware Öffne die OTL.txt. Klick in das Textdokument--> nun auf strg+ A (damit wird alles markiert)--> mit strg+ C wird das vorher markierte kopiert--> nun gehst Du hier in deinen Thread auf Antworten Mit strg+ V wird die Logfile hier eingefügt  Das selbe nochmal mit der Extras.txt
__________________ --> Entfernung von diverser Adware |
|
25.07.2010, 18:55
| #7 |
| | Entfernung von diverser Adware OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.07.2010 17:47:14 - Run 1 OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\Hannah Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 278,00 Mb Available Physical Memory | 54,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 46,29 Gb Total Space | 13,04 Gb Free Space | 28,16% Space Free | Partition Type: NTFS Drive D: | 36,88 Gb Total Space | 22,80 Gb Free Space | 61,82% Space Free | Partition Type: NTFS Drive E: | 9,86 Gb Total Space | 3,15 Gb Free Space | 31,98% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WORK Current User Name: Hannah Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.07.09 12:09:41 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgtray.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.06.23 15:26:17 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\OTL.exe PRC - [2009.08.28 13:59:50 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe PRC - [2009.08.28 13:59:48 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe PRC - [2009.08.28 13:59:40 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe PRC - [2009.08.28 13:59:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe PRC - [2009.08.28 13:59:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2005.01.11 19:18:40 | 000,737,379 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe PRC - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe PRC - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe PRC - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2005.01.01 20:31:20 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2004.12.01 16:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2004.11.26 19:49:54 | 000,081,920 | ---- | M] (Wistron Corporation) -- C:\Programme\Wistron\AVManager\AVManager.exe PRC - [2004.11.23 17:01:28 | 000,073,728 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe PRC - [2004.11.11 16:13:44 | 000,049,152 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2004.11.02 21:24:46 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe PRC - [2004.10.05 17:25:10 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.06 15:04:10 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2004.07.26 15:52:34 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe PRC - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe PRC - [2001.10.25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe ========== Modules (SafeList) ========== MOD - [2010.04.25 03:43:16 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\OTL.exe MOD - [2008.04.14 04:22:14 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2004.10.01 11:44:30 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2004.08.04 14:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll MOD - [2004.06.04 10:14:24 | 000,032,768 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\KBHook.dll ========== Win32 Services (SafeList) ========== SRV - [2009.08.28 13:59:33 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc) SRV - [2009.08.28 13:59:04 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd) SRV - [2008.03.23 14:44:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.08.06 10:44:44 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2005.01.11 19:18:40 | 000,024,576 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.01.11 19:18:10 | 000,110,668 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005.01.11 19:18:04 | 000,184,398 | ---- | M] () [Auto | Running] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2003.06.20 09:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2001.10.25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2) ========== Driver Services (SafeList) ========== DRV - [2009.08.28 13:59:49 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2009.08.28 13:59:49 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009.05.19 13:29:17 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2009.05.01 01:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC) DRV - [2008.04.13 21:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2005.05.19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005.04.18 16:15:54 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET) DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2005.01.10 17:54:02 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MxlW2k.sys -- (MxlW2k) DRV - [2004.12.21 15:33:00 | 000,909,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.12.01 21:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004.11.29 20:36:22 | 000,399,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2004.11.29 20:34:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2004.11.29 20:34:32 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP) DRV - [2004.11.29 20:33:14 | 001,337,850 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2004.11.29 20:30:44 | 000,055,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.10.06 15:10:46 | 000,945,152 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2004.10.05 17:17:32 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2004.07.22 15:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.05.27 00:07:30 | 000,067,584 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2004.05.26 16:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.sys -- (Hotkey) DRV - [2003.01.10 23:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox [2009.12.22 14:55:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.25 10:36:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.25 10:36:01 | 000,000,000 | ---D | M] [2009.02.16 12:53:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Extensions [2010.07.25 12:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\1hak71f9.Hannah\extensions [2010.07.11 08:02:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\1hak71f9.Hannah\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.04 13:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions [2009.12.21 20:32:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.06.30 18:55:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.12.21 20:32:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\extensions\staged-xpis [2010.02.04 13:49:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\cvfdj0j6.Hannah\extensions [2010.02.04 13:49:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\cvfdj0j6.Hannah\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.02.12 21:23:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplug in-1.xml [2008.07.16 22:53:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplug in-2.xml [2008.09.17 21:05:48 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplug in-3.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Mozilla\Firefox\Profiles\2yd3r2yy.default\searchplugins\icqplug in.xml [2010.07.25 12:03:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.25 11:09:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.25 11:08:35 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.25 10:35:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2008.07.29 19:43:32 | 000,001,674 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\clipfish.xml [2008.07.29 19:43:32 | 000,000,908 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\conrad.xml [2008.07.29 19:43:32 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\discount24.xml [2010.07.25 10:35:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.25 10:35:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2008.07.29 19:43:32 | 000,000,942 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\musicload.xml [2008.07.29 19:43:32 | 000,002,015 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\myvideo.xml [2008.07.29 19:43:32 | 000,001,918 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\otto.xml [2008.07.29 19:43:32 | 000,000,653 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\quelle.xml [2008.07.29 19:43:32 | 000,001,224 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\telefonbuch-de.xml [2006.10.25 21:13:53 | 000,000,983 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webde-websuche.xml [2008.07.29 19:43:32 | 000,002,440 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\webnews.xml [2010.07.25 10:35:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.25 10:35:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O2 - BHO: (PreispiratenSearchURL) - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (InstaFinderK) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll File not found O2 - BHO: (metaspinner GmbH) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll File not found O3 - HKLM\..\Toolbar: (My &Search Bar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O3 - HKCU\..\Toolbar\ShellBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O3 - HKCU\..\Toolbar\WebBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVManager] C:\Programme\Wistron\AVManager\AVManager.exe (Wistron Corporation) O4 - HKLM..\Run: [CMESys] C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe File not found O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron) O4 - HKLM..\Run: [EPSON Stylus Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE File not found O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE File not found O4 - HKLM..\Run: [RemoteControl] C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe () O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104261081168 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263639379544 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtevent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.01.10 02:31:16 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{426eb960-9bb0-11dd-8e71-00038a000015}\Shell\AutoRun\command - "" = G:\menu.exe -- File not found O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cb1f2af2-00dd-11da-8681-00038a000015}\Shell\AutoRun\command - "" = G:\preinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.07.25 11:08:56 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.25 11:08:55 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.25 11:08:54 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.25 11:08:54 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.25 11:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Java [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.07.25 12:24:35 | 062,475,682 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010.07.25 12:00:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.25 11:59:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.25 11:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.25 11:11:26 | 012,320,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\ntuser.dat [2010.07.25 11:11:26 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hannah\ntuser.ini [2010.07.25 11:08:34 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.25 11:08:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.25 11:08:34 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.25 11:08:34 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.25 11:08:33 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.24 19:00:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2010.07.23 22:04:31 | 000,034,925 | ---- | M] () [2010.07.21 22:14:22 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.12 16:08:29 | 000,115,404 | ---- | M] () -- C:\VETlog.dmp [2010.07.12 16:04:27 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.09 23:38:48 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.09 23:35:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.06.01 20:48:36 | 000,201,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.10 22:38:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.05.09 12:59:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.05.09 12:59:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.05.04 17:21:32 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB [2010.05.03 18:34:56 | 000,000,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Hannah\default.pls [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.02.20 17:29:02 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2007.09.27 09:59:03 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2007.09.27 09:55:27 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2007.07.22 22:18:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2006.08.13 11:52:07 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll [2006.08.13 11:52:04 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll [2006.04.20 17:15:53 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.04.14 12:30:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2005.02.27 11:24:24 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.01.12 13:22:56 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2005.01.12 13:22:50 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2005.01.11 06:42:35 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2005.01.10 17:23:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2005.01.10 00:03:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.09 22:46:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.01.02 17:43:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.01.02 12:31:16 | 000,004,704 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005.01.02 12:31:16 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\571AC95229.sys [2005.01.01 20:40:37 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.12.29 01:59:56 | 000,000,928 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.12.28 21:02:28 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2004.12.28 21:00:02 | 000,007,004 | ---- | C] () -- C:\WINDOWS\System32\drivers\VolDName.sys [2004.12.28 20:58:44 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2004.12.28 20:49:15 | 000,000,955 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.11.29 20:44:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.08.04 02:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.01.14 08:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2002.05.15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2001.11.23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2008.03.24 16:36:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2008.07.15 09:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen [2008.07.01 18:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2005.01.02 11:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.2.0133 [2005.01.10 02:30:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2006.05.21 20:22:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\River Past G4 [2007.09.27 10:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2005.01.02 10:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2010.07.22 10:28:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2008.07.15 09:38:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\FileOpen [2008.07.01 18:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQ [2007.09.02 16:18:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQ Toolbar [2005.02.24 19:47:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\ICQLite [2008.11.01 23:20:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Miranda [2006.08.06 10:50:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Opera [2006.05.21 20:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\River Past G4 [2007.09.27 09:57:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Ulead Systems [2008.08.03 12:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Viewpoint ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 304 bytes -> C:\Dokumente und Einstellungen\Hannah\Eigene Dateien\image.jpg: SummaryInformation < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.07.2010 17:47:14 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Dokumente und Einstellungen\Hannah
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 278,00 Mb Available Physical Memory | 54,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 46,29 Gb Total Space | 13,04 Gb Free Space | 28,16% Space Free | Partition Type: NTFS
Drive D: | 36,88 Gb Total Space | 22,80 Gb Free Space | 61,82% Space Free | Partition Type: NTFS
Drive E: | 9,86 Gb Total Space | 3,15 Gb Free Space | 31,98% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WORK
Current User Name: Hannah
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"%ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe" = %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe:*:enabled:BTTray -- (Broadcom Corporation.)
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"%ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe" = %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe:*:enabled:BTTray -- (Broadcom Corporation.)
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27EB5747-9CE3-4F83-96C3-B2FF212CD1A6}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{52E42344-1C48-453D-B80C-081C431F4E08}" = AVManager V1.1.1.2
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}" = MSN Messenger 6.2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{C9D90376-50C8-4907-AFA2-CA77364A8D51}" = TIxx21/x515
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.2.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG 8.5
"bghst.nfo" = BGHSt CD-ROM - Grundwerk Band 1-46
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FreeRIP_is1" = FreeRIP v2.942
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"INSTAFINK" = InstaFinderK
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{C9D90376-50C8-4907-AFA2-CA77364A8D51}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miranda IM" = Miranda IM 0.7.8
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"My Way Speedbar Uninstall" = My Search Bar
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCFriendly" = PCFriendly
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"RealPlayer 6.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"Winamp" = Winamp (remove only)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"X10Hardware" = X10 Hardware(TM)
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.05.2009 09:49:28 | Computer Name = WORK| Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung miranda32.exe, Version 0.7.8.3, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x25015d2d.
[ System Events ]
Error - 24.07.2010 10:32:56 | Computer Name = WORK| Source = Service Control Manager | ID = 7000
Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 24.07.2010 10:32:56 | Computer Name = WORK| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "IrDA-Protokoll" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 24.07.2010 10:01:01 | Computer Name = WORK| Source = Service Control Manager | ID = 7000
Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 24.07.2010 10:01:01 | Computer Name = WORK| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Infrarotüberwachung" ist vom Dienst "IrDA-Protokoll" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 23.07.2010 21:55:03 | Computer Name = WORK| Source = Service Control Manager | ID = 7000
Description = Der Dienst "IrDA-Protokoll" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
|
|
25.07.2010, 19:36
| #8 |
| /// Selecta Jahrusso | Entfernung von diverser Adware geht ja  Schritt 1 Deinstalliere InstaFinderK Viewpoint Manager wird als foistware und installiert sich ohne deiner Zustimmung.Es macht zwar nichts "böses". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 Ich empfehle dir, denoch alles von Viewpoint zu deinstallieren was vorhanden ist. Viewpoint, Viewpoint Manager, Viewpoint Media Player. Schritt 2
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q="
O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O2 - BHO: (PreispiratenSearchURL) - {0B660087-931C-4056-A04F-0423890E40B6} - C:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll File not found
O2 - BHO: (InstaFinderK) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll File not found
O2 - BHO: (metaspinner GmbH) - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - C:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll File not found
O3 - HKLM\..\Toolbar: (My &Search Bar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL File not found
[2008.08.03 12:20:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hannah\Anwendungsdaten\Viewpoint
:services
:files
C:\Programme\MyWay
C:\Programme\INSTAFINK
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 3 Java aktualisieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt 4 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort OTL Fix Log OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.07.2010, 20:05
| #9 |
| | Entfernung von diverser Adware Hi, danke, dass du so viel Geduld mit mir hast :-) Ich muss eine kurze Zwischenfrage stellen, weil ich gerade mit meinem AV-Programm und Malwarebytes kämpfe und sonst nicht weitermachen kann. Seit dem Malwarebytes-Scan vom ersten Post meldet sich AVG in regelmäßigen Abständen: Fund: AdwareGeneric.DSH C:\Recycler\{...}\Fa 2088\Mybar Ich muss jetzt immer wieder "Überspringen" wählen. Ich habe, wie gesagt, vorher Mybar nicht über die Systemsteuerung deinstallieren können und habe alle Ordner (auch den Cache-Ordner, den Malwarebytes gefunden hatte) gelöscht. Deswegen sind die Sachen natürlich jetzt alle im Papierkorb. Kann ich jetzt alles aus dem Papierkorb löschen? Nochmal danke! |
|
25.07.2010, 20:28
| #10 |
| /// Selecta Jahrusso | Entfernung von diverser Adware Nach Schritt 2 dürfte das erledigt sein
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
31.07.2010, 21:19
| #11 |
| /// Selecta Jahrusso | Entfernung von diverser Adware Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Entfernung von diverser Adware |
| adware, adware.cydoor, adware.mywaysearch, browser, cache, center, dateien, down, entfernen, explorer, folge, forum, gelöscht, helper, icq, internet, internet explorer, microsoft, programme, security, software, system, system32, systemsteuerung, trojan.bho, windows |
Textbox.
.
Linear-Darstellung
