| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Skype Virus per Facebook AdresseWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.09.2010, 18:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Skype Virus per Facebook Adresse Dann lass den custom scan weg und poste nochmal zur Kontrolle ein normales frisches OTL.Log (OTL.txt) 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2010, 12:46
| #17 |
 | Skype Virus per Facebook Adresse Okay hier Die Logfile:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.09.2010 13:40:17 - Run 2 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Eric\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 80,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 465,88 Gb Free Space | 67,43% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 31,83 Gb Free Space | 4,61% Space Free | Partition Type: NTFS Drive E: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ERIC-PC Current User Name: Eric Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Eric\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Eric\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (VSS) -- C:\Windows\Vss [2010.09.18 03:33:04 | 00,000,000 | ---D | M] SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30128_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 00,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.) DRV:64bit: - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\Windows\SysNative\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/\r" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010.09.18 03:35:08 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.18 03:35:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.18 03:35:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.18 03:35:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.04 17:07:22 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions [2010.01.02 14:39:21 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.04 17:07:22 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.09.20 18:35:01 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (Flagfox) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\foxyproxy@eric.h.jung [2010.09.18 03:35:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\personas@christopher.beard [2010.09.18 03:26:57 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.18 03:35:10 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.18 03:35:10 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.04 17:06:47 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.27 15:00:30 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.27 15:00:30 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.27 15:00:30 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.23 14:13:55 | 00,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010.07.27 15:00:30 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.27 15:00:30 | 00,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.20 14:10:45 | 00,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [PopularScreensaversWallpaper] C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL File not found O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Eric\AppData\LocalLow\FUNWEB~1\SCREEN~1\Images\f3wallpp.bmp O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 15:12:52 | 01,312,008 | R--- | M] (Rocksteady) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 23:12:16 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.06.25 15:12:52 | 01,312,008 | R--- | M] (Rocksteady) O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.17 17:00:35 | 00,000,000 | ---D | C] -- C:\_OTL [2010.09.16 18:13:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2010.09.15 15:56:10 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2010.09.15 15:37:14 | 02,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.09.14 12:14:58 | 00,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes [2010.09.14 12:14:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.14 12:14:41 | 00,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.14 12:14:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.14 12:14:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.08 18:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.09.05 12:30:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2010.09.03 14:46:18 | 00,000,000 | ---D | C] -- C:\Users\Eric\FLV Dateien [2010.08.29 15:49:10 | 00,000,000 | ---D | C] -- C:\Users\Eric\Desktop\iPod Photo Cache [2010.08.25 17:15:39 | 00,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll ========== Files - Modified Within 30 Days ========== [2010.09.21 13:39:00 | 00,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.21 13:38:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.21 13:38:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.21 13:37:53 | 53,619,5071 | -HS- | M] () -- C:\hiberfil.sys [2010.09.20 21:14:46 | 03,145,728 | -HS- | M] () -- C:\Users\Eric\ntuser.dat [2010.09.20 21:14:38 | 00,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 21:14:38 | 00,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.20 21:11:52 | 01,639,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.20 21:11:52 | 00,706,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.20 21:11:52 | 00,660,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.20 21:11:52 | 00,152,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.20 21:11:52 | 00,124,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.20 20:45:00 | 00,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.20 19:00:59 | 04,506,634 | -H-- | M] () -- C:\Users\Eric\AppData\Local\IconCache.db [2010.09.20 14:10:45 | 00,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2010.09.17 16:36:26 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.17 16:36:26 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.17 16:36:26 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TM.blf [2010.09.14 12:14:45 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 13:52:07 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.13 13:52:07 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.13 13:52:07 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TM.blf [2010.09.13 13:48:38 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2010.09.11 16:01:34 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 16:01:34 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 16:01:34 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TM.blf [2010.09.11 15:59:03 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 15:59:03 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 15:59:03 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TM.blf [2010.08.31 07:19:12 | 02,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.08.28 17:32:15 | 48,199,6135 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2010.09.17 16:34:04 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.17 16:34:04 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.17 16:34:04 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TM.blf [2010.09.14 12:14:45 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 13:38:12 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.13 13:38:12 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.13 13:38:12 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TM.blf [2010.09.11 16:01:34 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 16:01:34 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 16:01:34 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TM.blf [2010.09.11 15:51:25 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 15:51:25 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 15:51:25 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TM.blf [2010.07.02 15:26:46 | 00,000,334 | ---- | C] () -- C:\Windows\game.ini [2010.06.25 13:22:42 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.16 21:01:56 | 00,015,854 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\UserTile.png [2010.04.13 20:04:08 | 00,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\wklnhst.dat [2010.04.07 14:10:38 | 00,005,120 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.02 17:17:34 | 00,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.22 21:47:23 | 00,000,052 | ---- | C] () -- C:\Windows\mafosav.INI [2009.12.26 12:54:09 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2009.12.26 12:54:09 | 00,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2009.12.25 19:27:06 | 01,667,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.25 18:56:49 | 00,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.17 17:32:28 | 00,008,031 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log [2009.09.03 10:51:30 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.09.03 10:51:29 | 00,007,283 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.09.03 10:44:22 | 00,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009.07.14 01:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [1999.04.30 01:00:00 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL ========== LOP Check ========== [2010.09.18 03:28:03 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\2K Sports [2010.09.18 03:28:04 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ableton [2010.07.02 15:38:12 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Activision [2009.12.26 13:03:49 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GameConsole [2010.09.18 03:35:26 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo [2010.09.18 03:35:26 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\gtk-2.0 [2010.07.26 15:56:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\HandBrake [2009.12.28 17:05:06 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech [2010.09.21 13:39:10 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LimeWire [2010.09.18 03:28:13 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\NVD [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PowerCinema [2010.04.18 16:31:15 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\sexydreams [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoftDMA [2010.09.18 03:28:13 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoftGrid Client [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird [2010.09.16 18:13:33 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TP [2010.09.04 18:18:48 | 00,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
21.09.2010, 14:23
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
|
21.09.2010, 17:56
| #19 |
| | Skype Virus per Facebook Adresse Okay. SuperAntiSpyware hat nochmal eine ganze Menge gefunden. Hier die Logfile: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/21/2010 at 06:30 PM
Application Version : 4.43.1000
Core Rules Database Version : 5549
Trace Rules Database Version: 3361
Scan type : Complete Scan
Total Scan Time : 02:48:21
Memory items scanned : 615
Memory threats detected : 0
Registry items scanned : 13631
Registry threats detected : 163
File items scanned : 33826
File threats detected : 249
Adware.HBHelper
(x86) HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\HYPRECAM TOOLBAR\TBHELPER.DLL
Adware.Tracking Cookie
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@mywebsearch[2].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@tradedoubler[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@doubleclick[2].txt
banners.securedataimages.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
bc.youporn.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
cdn4.specificclick.net [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
cdn5.specificclick.net [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
imagesrv.adition.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media.ef.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media.mtvnservices.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media.scanscout.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media01.kyte.tv [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media1.break.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
objects.tremormedia.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
s0.2mdn.net [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
secure-us.imrworldwide.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.euros4click.de [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.flashsexspiele.de [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mediamarkt.de [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mofosex.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.naiadsystems.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.tryfuckbook.com [ C:\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@ad.yieldmanager[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@atdmt[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@content.yieldmanager[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\eric@doubleclick[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@ad.yieldmanager[2].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@atdmt[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@content.yieldmanager[2].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@content.yieldmanager[3].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@doubleclick[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@mywebsearch[1].txt
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Cookies\Low\eric@popularscreensavers[2].txt
.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
studivz.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.ice.112.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adtech.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.zanox.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
adsrv.admediate.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad3.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad2.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.guj.122.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad4.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tracking.hannoversche.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adviva.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ads3.net2day.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.warnerbros.112.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
de.sitestat.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
in.getclicky.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.kontera.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.kontera.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.kontera.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.kontera.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediaforge.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.trafficmp.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.popularscreensavers.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.popularscreensavers.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornstarspunishment.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornstarspunishment.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.pornstarspunishment.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.pornstarspunishment.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ww251.smartadserver.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
delivery.trafficjunky.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ads2.net2day.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adecn.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.frontlinegmbh.122.2o7.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adtech.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adtech.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adtech.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adtech.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.mediafire.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.xiti.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.adserver01.de [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.googleadservices.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
ad.adition.net [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.mediafire.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adfarm1.adition.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
www.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.zedo.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.adultfriendfinder.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.access.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.access.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
.access.pornhubhentai.com [ C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\p0wx7j8j.default\cookies.sqlite ]
banners.securedataimages.com [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
cdn4.specificclick.net [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
cdn5.specificclick.net [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
imagesrv.adition.com [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media.mtvnservices.com [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media01.kyte.tv [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.euros4click.de [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.flashsexspiele.de [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mediamarkt.de [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mofosex.com [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.naiadsystems.com [ C:\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
banners.securedataimages.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
imagesrv.adition.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media.mtvnservices.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media01.kyte.tv [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.euros4click.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.flashsexspiele.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mediamarkt.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mofosex.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
banners.securedataimages.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
imagesrv.adition.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
media01.kyte.tv [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.euros4click.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.flashsexspiele.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.mofosex.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
banners.securedataimages.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
imagesrv.adition.com [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
www.flashsexspiele.de [ C:\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\_OTL\MovedFiles\09172010_170035\Users\Eric\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6N2APK29 ]
Adware.MyWebSearch/FunWebProducts
(x86) HKU\S-1-5-21-1199878185-624628549-4196422585-1000\SOFTWARE\FunWebProducts
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
(x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
(x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
(x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
(x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
(x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
(x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
(x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
(x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
(x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
(x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
(x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
(x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
(x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
(x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
(x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
(x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
(x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
(x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
(x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
(x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
(x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
(x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
(x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
(x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
(x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
(x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSIMG32.DLL
Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4647
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.09.2010 18:34:36
mbam-log-2010-09-21 (18-34-36).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 281604
Laufzeit: 2 Stunde(n), 52 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
21.09.2010, 18:22
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Sieht ok aus, da wurden nur Cookies gefunden. Außerdem hatte SUPERAntiSpyware einige Überreste gefunden, von denen ich einige als Fehlalarm interpretiere. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 12:40
| #21 |
| | Skype Virus per Facebook Adresse Naja die Fehlermeldung nach dem Hochfahren kommt immer noch, aber sonst eigentlich nichts. Achso und meine Festplattenpartition, auf der die Back-Ups gespeichert werden, ist fast voll. Aber da mache ich wohl ein neues Thema auf. Hat glaub ich nichts mit dem Virus zu tun. Ich weiß woran es liegt, weiß aber nicht, was ich genau machen soll. |
|
22.09.2010, 12:43
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Du meinst die Fehlermeldung, dass er die eine Datei nicht gefunden hat? Dann poste bitte ein frisches OTL.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 13:22
| #23 |
| | Skype Virus per Facebook Adresse Ja. "Problem beim Starten von: C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL Das angegebene Modul wurde nicht gefunden." Also hier die Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.09.2010 13:58:04 - Run 3 OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Eric\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,95 Gb Total Space | 465,59 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive D: | 691,21 Gb Total Space | 31,83 Gb Free Space | 4,61% Space Free | Partition Type: NTFS Drive E: | 7,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ERIC-PC Current User Name: Eric Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Eric\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Eric\Desktop\OTL.exe (OldTimer Tools) MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (VSS) -- C:\Windows\Vss [2010.09.18 03:33:04 | 00,000,000 | ---D | M] SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30128_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30128\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 00,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc) DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.) DRV:64bit: - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\Windows\SysNative\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3800&r=17361209cm06973754k058h852jv9q IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/\r" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010.09.18 03:35:08 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.18 03:35:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.18 03:35:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.09.18 03:35:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.04 17:07:22 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions [2010.01.02 14:39:21 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.05.04 17:07:22 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.09.22 13:48:41 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (Flagfox) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.09.18 03:35:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\foxyproxy@eric.h.jung [2010.09.18 03:35:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\mozilla\Firefox\Profiles\p0wx7j8j.default\extensions\personas@christopher.beard [2010.09.18 03:26:57 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.09.18 03:35:10 | 00,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.18 03:35:10 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.04 17:06:47 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.27 15:00:30 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.27 15:00:30 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.27 15:00:30 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.08.23 14:13:55 | 00,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2010.07.27 15:00:30 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.27 15:00:30 | 00,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.20 14:10:45 | 00,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssiea.dll File not found O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe File not found O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [PopularScreensaversWallpaper] C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Eric\AppData\LocalLow\FUNWEB~1\SCREEN~1\Images\f3wallpp.bmp O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.25 15:12:52 | 01,312,008 | R--- | M] (Rocksteady) - E:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2009.05.23 23:12:16 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.06.25 15:12:52 | 01,312,008 | R--- | M] (Rocksteady) O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.21 15:37:23 | 00,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\SUPERAntiSpyware.com [2010.09.21 15:37:23 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.09.21 15:37:20 | 00,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010.09.21 15:37:18 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.09.17 17:00:35 | 00,000,000 | ---D | C] -- C:\_OTL [2010.09.16 18:13:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2010.09.15 15:56:10 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2010.09.15 15:37:14 | 02,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.09.14 12:14:58 | 00,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Malwarebytes [2010.09.14 12:14:42 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.14 12:14:41 | 00,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.14 12:14:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.14 12:14:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.09.08 18:48:08 | 00,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.08 18:46:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.09.05 12:30:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2010.09.03 14:46:18 | 00,000,000 | ---D | C] -- C:\Users\Eric\FLV Dateien [2010.08.29 15:49:10 | 00,000,000 | ---D | C] -- C:\Users\Eric\Desktop\iPod Photo Cache [2010.08.25 17:15:39 | 00,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll ========== Files - Modified Within 30 Days ========== [2010.09.22 13:59:03 | 03,145,728 | -HS- | M] () -- C:\Users\Eric\ntuser.dat [2010.09.22 13:45:00 | 00,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.22 13:44:01 | 00,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.22 13:44:01 | 00,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.22 13:41:14 | 01,639,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.22 13:41:14 | 00,706,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.22 13:41:14 | 00,660,218 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.22 13:41:14 | 00,152,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.22 13:41:14 | 00,124,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.22 13:38:15 | 00,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.22 13:36:49 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.22 13:36:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.22 13:36:37 | 53,619,5071 | -HS- | M] () -- C:\hiberfil.sys [2010.09.21 18:50:24 | 04,507,244 | -H-- | M] () -- C:\Users\Eric\AppData\Local\IconCache.db [2010.09.21 15:37:20 | 00,001,812 | ---- | M] () -- C:\Users\Eric\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.20 14:10:45 | 00,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2010.09.17 16:36:26 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.17 16:36:26 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.17 16:36:26 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TM.blf [2010.09.14 12:14:45 | 00,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 13:52:07 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.13 13:52:07 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.13 13:52:07 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TM.blf [2010.09.13 13:48:38 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe [2010.09.11 16:01:34 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 16:01:34 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 16:01:34 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TM.blf [2010.09.11 15:59:03 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 15:59:03 | 00,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 15:59:03 | 00,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TM.blf [2010.08.31 07:19:12 | 02,441,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.08.28 17:32:15 | 48,199,6135 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2010.09.21 15:37:20 | 00,001,812 | ---- | C] () -- C:\Users\Eric\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.17 16:34:04 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.17 16:34:04 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.17 16:34:04 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{0f882c64-c265-11df-8965-00134605f2aa}.TM.blf [2010.09.14 12:14:45 | 00,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 13:38:12 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.13 13:38:12 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.13 13:38:12 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{527eba25-bf2b-11df-8985-00134605f2aa}.TM.blf [2010.09.11 16:01:34 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 16:01:34 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 16:01:34 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{9220fa1a-bdab-11df-9c08-00134605f2aa}.TM.blf [2010.09.11 15:51:25 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000002.regtrans-ms [2010.09.11 15:51:25 | 00,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TMContainer00000000000000000001.regtrans-ms [2010.09.11 15:51:25 | 00,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{98079328-bda9-11df-a202-00134605f2aa}.TM.blf [2010.07.02 15:26:46 | 00,000,334 | ---- | C] () -- C:\Windows\game.ini [2010.06.25 13:22:42 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.16 21:01:56 | 00,015,854 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\UserTile.png [2010.04.13 20:04:08 | 00,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Roaming\wklnhst.dat [2010.04.07 14:10:38 | 00,005,120 | ---- | C] () -- C:\Users\Eric\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.02 17:17:34 | 00,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.22 21:47:23 | 00,000,052 | ---- | C] () -- C:\Windows\mafosav.INI [2009.12.26 12:54:09 | 00,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll [2009.12.26 12:54:09 | 00,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL [2009.12.25 19:27:06 | 01,667,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.25 18:56:49 | 00,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.17 17:32:28 | 00,008,031 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log [2009.09.03 10:51:30 | 00,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.09.03 10:51:29 | 00,007,283 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.09.03 10:44:22 | 00,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009.07.14 01:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [1999.04.30 01:00:00 | 00,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL ========== LOP Check ========== [2010.09.18 03:28:03 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\2K Sports [2010.09.18 03:28:04 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Ableton [2010.07.02 15:38:12 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Activision [2009.12.26 13:03:49 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GameConsole [2010.09.18 03:35:26 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\GetRightToGo [2010.09.18 03:35:26 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\gtk-2.0 [2010.07.26 15:56:29 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\HandBrake [2009.12.28 17:05:06 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Leadertech [2010.09.22 13:38:18 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\LimeWire [2010.09.18 03:28:13 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\NVD [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\PowerCinema [2010.04.18 16:31:15 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\sexydreams [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoftDMA [2010.09.18 03:28:13 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\SoftGrid Client [2010.09.18 03:35:30 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Thunderbird [2010.09.16 18:13:33 | 00,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\TP [2010.09.04 18:18:48 | 00,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
22.09.2010, 13:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [PopularScreensaversWallpaper] C:\PROGRA~2\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL File not found
O32 - AutoRun File - [2009.05.23 23:12:16 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.06.25 15:12:52 | 01,312,008 | R--- | M] (Rocksteady)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.09.2010, 13:40
| #25 |
| | Skype Virus per Facebook Adresse Hat geklappt. Die Fehlermeldung kommt nicht mehr. Während des Fixens kam allerdings die Meldung ein kritischer Fehler aufgetreten, aber das Fixen hat er trotzdem beendet und sich dann neu hochgefahren. Hier die Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PopularScreensaversWallpaper deleted successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eec2bf09-d38c-11de-b1cc-806e6f6e6963}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Eric
->Temp folder emptied: 422804 bytes
->Temporary Internet Files folder emptied: 6642468 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93791870 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8856 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 96,00 mb
OTL by OldTimer - Version 3.1.27.0 log created on 09222010_143516
Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
C:\Users\Eric\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
 Ach und das mit der Partition hab ich auch hinbekommen. |
|
22.09.2010, 20:09
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Ok. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2010, 12:51
| #27 |
| | Skype Virus per Facebook Adresse Nö nichts weiter. |
|
23.09.2010, 14:54
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Skype Virus per Facebook Adresse Wir sind dann durch! Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2010, 17:32
| #29 |
| | Skype Virus per Facebook Adresse Klasse.  Hab alles erledigt. Danke nochmal. |
|
24.09.2010, 17:01
| #30 |
| | Skype Virus per Facebook Adresse Geändert von Tobel (24.09.2010 um 17:46 Uhr) |
|
| Themen zu Skype Virus per Facebook Adresse |
| 0x00000001, 7-zip, adware.hotbar, alternate, antivir, audacity, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, components, drahtlos-802.11b/g-usb, druck, email, error, extras.txt, facebook, facebook virus, fehler, firefox, firefox.exe, flash player, fontcache, format, google, google chrome, hdaudio.sys, helper, home, home premium, iastor.sys, install.exe, jusched.exe, limewire, location, locker, logfile, media center, mozilla, mozilla thunderbird, mywinlocker, oldtimer, otl logfile, otl.exe, otl.txt, plug-in, programdata, realtek, registry, rundll, sched.exe, searchplugins, searchscopes, secure search, security, security scan, shell32.dll, shortcut, siteadvisor, skype, skype virus, skype.exe, software, start menu, studio, super, system, syswow64, tower, usbaapl64, user agent, virus, vlc media player, webcheck, wireless lan |
Linear-Darstellung
