Plagegeister aller Art und deren Bekämpfung: popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET ReactorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.03.2011, 22:32 | #1 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Hallo zusammen, ich habe mit bedauern feststellen müssen das hier wohl schon mehrere mein problem haben! ich bekomme andauern diese popup, nachem ich versucht habe eine software zu instalieren! markusg hat anscheinend eine lösung und ich hoffe das du mir helfen kannst! anbei die liste von OTL.OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.03.2011 21:27:32 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Stiffler76\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 228,89 Gb Total Space | 161,15 Gb Free Space | 70,40% Space Free | Partition Type: NTFS Drive E: | 228,90 Gb Total Space | 176,09 Gb Free Space | 76,93% Space Free | Partition Type: NTFS Drive F: | 228,89 Gb Total Space | 105,07 Gb Free Space | 45,91% Space Free | Partition Type: NTFS Drive G: | 244,83 Gb Total Space | 201,02 Gb Free Space | 82,11% Space Free | Partition Type: NTFS Computer Name: STIFFLER76-PC | User Name: Stiffler76 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stiffler76\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\STIFFL~1\AppData\Local\Temp\autoconvs.exe () PRC - C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Users\Stiffler76\AppData\Local\Apps\2.0\E4OQMMR9.9VK\KOEPCT9Q.G0X\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Programme\1&1 Surf-Stick\UIExec.exe () PRC - C:\Windows\KMService.exe () PRC - C:\Windows\System32\srvany.exe () PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd) PRC - C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.) PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (SafeList) ========== MOD - C:\Users\Stiffler76\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (UI Assistant Service) -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe () SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV - (ui11rdr) -- C:\Windows\System32\drivers\ui11rdr.SYS (1&1 Internet AG) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc) DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.) DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTERFXFX.SYS) -- C:\Windows\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd) DRV - (CTERFXFX) -- C:\Windows\System32\drivers\CTERFXFX.sys (Creative Technology Ltd) DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd) DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd) DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd) DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend GmbH) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F D1 CD F5 86 8E CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com: FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com: FF - prefs.js..extensions.enabledItems: toolbar@ask.com: FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.07 20:52:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.07 20:52:43 | 000,000,000 | ---D | M] [2010.09.17 21:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Extensions [2011.03.07 11:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions [2011.03.07 20:52:39 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\DTToolbar@toolbarnet.com [2011.01.12 21:40:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\LogMeInClient@logmein.com [2011.01.12 22:39:52 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\toolbar@ask.com [2010.10.17 12:26:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\vshare@toolbar [2011.01.03 10:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.21 09:57:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.03 10:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.12.21 09:57:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2011.01.03 10:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.03 10:06:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKCU..\Run: [Auto Check Utility] C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe () O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Stiffler76\AppData\Local\Apps\2.0\E4OQMMR9.9VK\KOEPCT9Q.G0X\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [OpAgent] File not found O4 - HKCU..\Run: [Windows Audio Service] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell - "" = AutoRun O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.07 21:23:11 | 000,000,000 | ---D | C] -- C:\_OTL [2011.03.07 21:03:55 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.03.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Local\SkinSoft [2011.03.07 20:36:25 | 000,000,000 | -H-D | C] -- C:\Users\Stiffler76\AppData\Local\{C6F4E9F9-4DBD-418E-BACA-D1B4E57A24E1} [2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz [2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\.NET Reactor SDK Test Apps [2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor [2011.03.07 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\Avira [2011.03.04 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV [2011.03.04 14:54:33 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\TechnoTrend [2011.03.04 14:54:33 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\My Videos [2011.03.04 14:53:05 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Desktop\Kö-Galerie [2011.03.04 14:35:39 | 000,000,000 | ---D | C] -- C:\Windows\Decoder [2011.03.04 14:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TT-Viewer [2011.03.04 14:35:10 | 000,000,000 | ---D | C] -- C:\Programme\TT-Viewer [2011.03.04 14:34:39 | 000,098,304 | ---- | C] (MyCompanyName) -- C:\Windows\System32\ttMultiplex.ax [2011.03.04 14:34:38 | 000,208,896 | ---- | C] (CyberLink Corp.) -- C:\Windows\System32\CLDemuxer.ax [2011.03.04 14:34:38 | 000,159,744 | ---- | C] (TechnoTrend AC) -- C:\Windows\System32\ttFileRead.ax [2011.03.04 14:34:38 | 000,114,688 | ---- | C] (TechnoTrend AG) -- C:\Windows\System32\ttCheckTS.ax [2011.03.04 14:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechnoTrend [2011.03.04 14:33:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ttSplitSwitch.ax [2011.03.04 14:33:18 | 000,000,000 | ---D | C] -- C:\Programme\TechnoTrend [2011.03.04 14:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.04 14:29:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.03.04 14:17:34 | 000,000,000 | ---D | C] -- C:\Programme\PlayReady [2011.03.04 14:09:10 | 000,572,800 | ---- | C] (TechnoTrend GmbH) -- C:\Windows\System32\drivers\ttusb2bda.sys [2011.03.04 14:00:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011.03.04 14:00:25 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2011.03.04 14:00:25 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2011.03.04 14:00:25 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2011.03.04 14:00:25 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2011.03.04 14:00:25 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2011.03.04 14:00:25 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2011.03.04 14:00:25 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2011.03.04 14:00:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2011.03.04 14:00:24 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2011.03.04 14:00:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2011.03.04 14:00:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2011.03.04 14:00:23 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2011.03.04 14:00:23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2011.03.04 14:00:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2011.03.04 14:00:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2011.03.04 14:00:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2011.03.04 14:00:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2011.03.04 14:00:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2011.03.04 14:00:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2011.03.04 14:00:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2011.03.04 14:00:22 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2011.03.04 14:00:22 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2011.03.04 14:00:22 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2011.03.04 14:00:22 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2011.03.04 14:00:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2011.03.04 14:00:22 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2011.03.04 14:00:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2011.03.04 14:00:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2011.03.04 14:00:21 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011.03.04 14:00:21 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2011.03.04 14:00:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2011.03.04 14:00:21 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2011.03.04 14:00:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2011.03.04 14:00:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2011.03.04 14:00:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011.03.04 14:00:20 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2011.03.04 14:00:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2011.03.04 14:00:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2011.03.04 14:00:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2011.03.04 14:00:20 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2011.03.04 14:00:20 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2011.03.04 14:00:19 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2011.03.04 14:00:19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2011.03.04 14:00:19 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2011.03.04 14:00:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2011.03.04 14:00:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2011.03.04 14:00:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2011.03.04 14:00:18 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2011.03.04 14:00:18 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2011.03.04 14:00:18 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2011.03.04 14:00:18 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2011.03.04 14:00:18 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2011.03.04 14:00:18 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2011.03.04 14:00:17 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2011.03.04 14:00:14 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2011.03.04 14:00:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2011.03.04 14:00:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2011.03.04 14:00:13 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2011.03.04 14:00:13 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2011.03.04 14:00:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2011.03.04 14:00:13 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2011.03.04 14:00:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2011.03.04 13:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader [2011.03.04 13:35:36 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.02.23 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Local\Canon Easy-PhotoPrint EX [2011.02.23 22:05:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.02.13 23:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice [2011.02.13 23:12:10 | 000,000,000 | ---D | C] -- C:\Programme\OnlineFotoservice [2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011_mcf-Dateien [2011.02.13 20:34:22 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\restore [2011.02.13 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2011.02.13 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2011.02.13 19:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH [2011.02.13 19:23:53 | 000,000,000 | ---D | C] -- C:\Programme\CeWe Color [2011.02.11 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\MyPhoneExplorer [2011.02.11 22:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer [2011.02.11 22:50:15 | 000,000,000 | ---D | C] -- C:\Programme\MyPhoneExplorer [2011.02.10 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Desktop\Adobe Acrobat X [2009.06.23 10:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll [2009.06.23 10:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe ========== Files - Modified Within 30 Days ========== [2011.03.07 21:25:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.07 21:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.07 21:25:27 | 2616,909,824 | -HS- | M] () -- C:\hiberfil.sys [2011.03.07 21:24:46 | 000,030,096 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx [2011.03.07 21:24:46 | 000,030,096 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx [2011.03.07 21:24:46 | 000,027,288 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx [2011.03.07 21:24:46 | 000,027,288 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx [2011.03.07 21:24:46 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx [2011.03.07 21:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.07 21:00:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.07 21:00:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.07 21:00:03 | 000,012,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.07 21:00:03 | 000,006,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.07 20:58:59 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.07 20:58:59 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.04 14:35:15 | 000,000,976 | ---- | M] () -- C:\Users\Stiffler76\Desktop\TT-Viewer.lnk [2011.03.04 14:34:43 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\TT-Media Center.lnk [2011.03.04 14:33:28 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\BDA-Data.lnk [2011.03.04 13:35:55 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.03.02 19:28:15 | 000,001,856 | ---- | M] () -- C:\Users\Stiffler76\Desktop\UseNeXT.lnk [2011.02.27 18:47:32 | 000,129,024 | -H-- | M] () -- C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe [2011.02.23 22:06:54 | 000,803,865 | ---- | M] () -- C:\Users\Stiffler76\Desktop\Tob der Baumeister.jpg [2011.02.14 20:19:54 | 000,462,330 | ---- | M] () -- C:\Users\Stiffler76\Desktop\Info-Flyer_2011.pdf [2011.02.13 23:15:53 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [2011.02.13 23:15:53 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2011.02.13 22:40:01 | 000,042,589 | ---- | M] () -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011.mcf [2011.02.13 19:28:11 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk ========== Files Created - No Company Name ========== [2011.03.07 20:15:57 | 000,129,024 | -H-- | C] () -- C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe [2011.03.04 14:35:15 | 000,000,976 | ---- | C] () -- C:\Users\Stiffler76\Desktop\TT-Viewer.lnk [2011.03.04 14:34:43 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\TT-Media Center.lnk [2011.03.04 14:34:39 | 000,176,128 | ---- | C] () -- C:\Windows\System32\ttTSSource.ax [2011.03.04 14:34:39 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ttFileWrite.ax [2011.03.04 14:34:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ttPushOSD.ax [2011.03.04 14:34:39 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ttTeleTxt.ax [2011.03.04 14:33:28 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\BDA-Data.lnk [2011.03.04 14:33:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ttSiFi.ax [2011.03.04 14:33:25 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ttSuck.ax [2011.03.04 14:33:25 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ttNetworkprovider.ax [2011.03.04 13:35:55 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2011.02.23 22:06:36 | 000,803,865 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Tob der Baumeister.jpg [2011.02.14 20:19:53 | 000,462,330 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Info-Flyer_2011.pdf [2011.02.13 23:15:53 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk [2011.02.13 22:39:46 | 000,042,589 | ---- | C] () -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011.mcf [2011.02.13 19:28:11 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2011.02.13 19:28:11 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk [2011.02.10 16:37:10 | 003,313,820 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Kö-Galerie_Schlüsselbestellung_Mieter_2011.pdf [2011.01.08 15:43:59 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.01.08 15:42:24 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.12.21 10:10:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.17 21:48:10 | 000,026,624 | ---- | C] () -- C:\Windows\System32\VNCpm.dll [2010.10.30 09:01:18 | 000,000,013 | ---- | C] () -- C:\Windows\compedia.ini [2010.10.17 14:18:57 | 000,003,584 | ---- | C] () -- C:\Users\Stiffler76\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.22 20:38:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.22 20:38:31 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.19 21:04:56 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2010.09.19 21:04:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2010.09.18 19:17:51 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.09.18 19:17:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.07.26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2010.07.26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2010.07.26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2010.07.26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,408,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:48 | 000,012,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,006,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.23 11:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2009.06.23 11:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2009.06.23 10:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll [2009.06.23 10:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe [2009.06.23 10:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat [2009.06.23 10:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat [2009.06.23 10:23:20 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe [2009.06.23 10:22:36 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat [2009.06.23 10:20:44 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat [2009.06.23 10:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat [2009.06.23 10:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat [2009.06.23 10:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.10.12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2007.08.13 19:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll [2006.10.02 16:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B013599 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB < End of report > |
08.03.2011, 11:33 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Kommen da noch mehr Logfiles? Nur dieses von OTL kann nicht alles sein.
__________________ |
08.03.2011, 16:43 | #3 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor ich habe nur diesen einen bis jetzt gemacht! muss ich noch einen anderen machen? sorry für die mühe!
__________________werde mal kurz zum zahnarzt gehen und bin dann wieder da! |
08.03.2011, 17:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Ja, im grunde erstmal das hier: Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
09.03.2011, 13:32 | #5 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor so hier die logs! be bei mir kommt nur ein log von otl. |
09.03.2011, 15:09 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________ --> popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor |
09.03.2011, 20:59 | #7 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Das ist der Log vor der reinigung! |
09.03.2011, 21:12 | #8 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor sorry auf ein neues! der otl log ist von gerade und der andere ist vor der reinigung entstanden |
10.03.2011, 12:42 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET ReactorZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
10.03.2011, 13:18 | #10 |
| popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Zum fm ist aus der videothek gewesen! |
10.03.2011, 13:26 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell - "" = AutoRun O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe [2011.03.07 20:36:25 | 000,000,000 | -H-D | C] -- C:\Users\Stiffler76\AppData\Local\{C6F4E9F9-4DBD-418E-BACA-D1B4E57A24E1} [2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz [2011.02.13 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2011.02.13 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B013599 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor |
adobe, alternate, antivir, assembly, autorun, avgntflt.sys, avira, bho, c:\windows\kmservice.exe, canon, defender, desktop, device driver, document, excel.exe, explorer, firefox, format, google, helper.exe, hängen, langs, location, logfile, mozilla, nvlddmkm.sys, oldtimer, otl.exe, plug-in, popup, popups, problem, programdata, realtek, registry, remote access, scan, sched.exe, searchplugins, senden, services.exe, software, sptd.sys, start menu, taskhost.exe, temp, uiexec.exe, webcheck, windows |