Der Computer ist für die Verletzung der Gesetze der Bundesrepublik... Sie wissen das schon=)

Mierda · 25.07.2012, 18:25

Hallo!
Ich habe ein schon bekanntes Problem - ich war zu dumm und habe mir einen Sperr-Trojanen eingefangen.
Jetzt habe ich Anti-Malware durchlaufen lassen, aber die Logdateien sehen irgendwie komisch. Der Rechner ist immer noch gesperrt.
Bitte geben Sie Bescheid, was ich als nächtes machen muss (vermutlich soll ich einen Vollscan noch mal machen). Übrigens, mit der Aktualisierung klappt es nicht - ich kriege einfach keine Internetverbindung.

Mierda · 25.07.2012, 19:59

Sorry, habe den Rechner noch mal gescannt. Hier sind die richtigen Dateien.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.07.2012 20:27:26 - Run 3
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Kissa Katzman\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 67,02% Memory free
6,00 Gb Paging File | 5,13 Gb Available in Paging File | 85,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 19,73 Gb Free Space | 19,73% Space Free | Partition Type: NTFS
Drive D: | 198,09 Gb Total Space | 37,59 Gb Free Space | 18,98% Space Free | Partition Type: NTFS
 
Computer Name: KISSAKATZMAN-PC | User Name: Kissa Katzman | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 18:09:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kissa Katzman\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.05.21 08:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.29 18:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Stopped] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.07.14 03:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 02:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008.10.08 12:50:28 | 000,808,224 | ---- | M] (ABBYY Software Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.Lingvo.Desktop.14.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.08 16:01:38 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011.06.24 14:13:28 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.06.24 12:55:08 | 000,513,080 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.05.27 18:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.04.04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 05:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.07 04:11:52 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64)
DRV:64bit: - [2010.07.12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010.04.28 10:37:12 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.07.28 21:50:18 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 15:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 15:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 02:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.02.12 13:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.02.12 13:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.02.12 13:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007.10.24 01:37:38 | 000,208,896 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (HdAudAddService)
DRV:64bit: - [2007.07.11 01:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2006.06.17 21:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.10.31 16:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ru.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ru-RU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 C3 6A CD DD 69 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.02.09 15:12:13 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WebMoney Advisor - BHO Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\WebMoney Advisor\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (WebMoney Advisor) - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files (x86)\WebMoney Advisor\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [WMNetMgr] C:\Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe ()
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo x3\LvAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [wmagent.exe] C:\Program Files (x86)\WebMoney Agent\wmagent.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found
O4 - Startup: C:\Users\Kissa Katzman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kissa Katzman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Перевести с помощью ABBYY Lingvo x&3 - C:\Program Files (x86)\ABBYY Lingvo x3\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Перевести с помощью ABBYY Lingvo x&3 - C:\Program Files (x86)\ABBYY Lingvo x3\Lingvo.exe (ABBYY (BIT Software))
O9 - Extra Button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files (x86)\WebMoney Advisor\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files (x86)\WebMoney Advisor\tbcore3.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.174.88.1 193.174.90.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D0A8B95-0671-464F-9886-C8309CB0FBB6}: DhcpNameServer = 193.174.88.1 193.174.90.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A12D2847-E542-43BD-A7B2-4786A010EBF5}: DhcpNameServer = 10.10.10.2 10.10.19.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC7FC252-6067-465E-9713-0D47BAF30FE1}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\Shell - "" = AutoRun
O33 - MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\Shell - "" = AutoRun
O33 - MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\Shell - "" = AutoRun
O33 - MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\Shell - "" = AutoRun
O33 - MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.25 18:55:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kissa Katzman\Desktop\OTL.exe
[2012.07.25 17:58:54 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\AppData\Roaming\Malwarebytes
[2012.07.25 17:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 17:58:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 17:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.24 22:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\AppData\Roaming\hellomoto
[2012.07.24 22:56:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.07.11 20:08:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 20:08:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 20:08:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 20:08:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 20:08:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 20:08:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 20:08:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 20:08:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 20:08:47 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 20:08:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 20:08:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 20:08:47 | 000,818,688 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 20:08:47 | 000,716,800 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 18:13:57 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\Documents\Июль 2012
[2012.07.11 17:39:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 17:39:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 17:39:25 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 17:39:24 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 17:39:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.09 19:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\Desktop\EXP 9 F
[2012.07.08 15:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\Desktop\SQ5 TDI
[2012.07.07 11:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.07 11:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.07 11:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.07.07 11:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.07 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.07 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.07 11:29:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.06 23:43:09 | 000,294,912 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\browserchoice.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 19:10:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 19:10:28 | 2414,632,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 18:09:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kissa Katzman\Desktop\OTL.exe
[2012.07.25 17:58:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.25 17:57:46 | 001,541,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.25 17:57:46 | 000,687,208 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.07.25 17:57:46 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.25 17:57:46 | 000,133,552 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.07.25 17:57:46 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.24 23:25:39 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 23:25:39 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 19:48:24 | 102,085,790 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.07.19 22:36:07 | 000,340,233 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.07.19 19:22:43 | 000,036,876 | ---- | M] () -- C:\Users\Kissa Katzman\Documents\EFxfg_Okm-s.jpg
[2012.07.11 20:15:37 | 000,362,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.07 21:50:10 | 000,614,968 | ---- | M] () -- C:\Users\Kissa Katzman\Documents\DSC02082.jpg
[2012.07.07 11:34:25 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 10:40:17 | 000,132,278 | ---- | M] () -- C:\Users\Kissa Katzman\Desktop\vg004698_Aufforderung_zur_Rueckmeldung_zum_Wintersemester_2012-2013.pdf
 
========== Files Created - No Company Name ==========
 
[2012.07.25 17:58:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 19:22:42 | 000,036,876 | ---- | C] () -- C:\Users\Kissa Katzman\Documents\EFxfg_Okm-s.jpg
[2012.07.07 21:49:58 | 000,614,968 | ---- | C] () -- C:\Users\Kissa Katzman\Documents\DSC02082.jpg
[2012.07.07 11:34:25 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.29 10:40:22 | 000,132,278 | ---- | C] () -- C:\Users\Kissa Katzman\Desktop\vg004698_Aufforderung_zur_Rueckmeldung_zum_Wintersemester_2012-2013.pdf
[2012.05.23 21:35:37 | 000,284,110 | ---- | C] () -- C:\Users\Kissa Katzman\DSC018670.JPG
[2012.05.23 21:35:37 | 000,266,525 | ---- | C] () -- C:\Users\Kissa Katzman\DSC018640.JPG
[2012.05.23 21:35:37 | 000,262,782 | ---- | C] () -- C:\Users\Kissa Katzman\DSC018740.JPG
[2012.03.01 17:07:50 | 000,191,647 | ---- | C] () -- C:\Users\Kissa Katzman\goetzenhof198.JPG
[2012.03.01 17:07:50 | 000,169,798 | ---- | C] () -- C:\Users\Kissa Katzman\goetzenhof199.JPG
[2012.03.01 17:07:50 | 000,128,963 | ---- | C] () -- C:\Users\Kissa Katzman\goetzenhof195.JPG
[2012.03.01 17:07:50 | 000,126,368 | ---- | C] () -- C:\Users\Kissa Katzman\goetzenhof196.JPG
[2012.03.01 17:07:50 | 000,122,770 | ---- | C] () -- C:\Users\Kissa Katzman\goetzenhof197.JPG
[2012.01.16 23:26:37 | 004,973,556 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_1070.JPG
[2012.01.16 23:26:37 | 004,772,501 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_1069.JPG
[2012.01.16 23:26:37 | 004,520,030 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_1071.JPG
[2012.01.12 23:25:22 | 005,329,761 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0845.JPG
[2012.01.12 23:25:22 | 005,216,994 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0844.JPG
[2012.01.12 23:25:22 | 004,814,514 | ---- | C] () -- C:\Users\Kissa Katzman\DSC2913.jpg
[2012.01.12 23:25:22 | 004,391,898 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_2351.JPG
[2012.01.12 23:25:22 | 003,973,218 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_3542.JPG
[2012.01.12 23:25:22 | 003,783,726 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0760.JPG
[2012.01.12 23:25:22 | 003,664,978 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_2921.JPG
[2012.01.12 23:25:22 | 003,074,234 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_3762.JPG
[2012.01.12 23:25:22 | 002,670,995 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0786.jpg
[2012.01.12 23:25:22 | 002,624,194 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_3540.JPG
[2011.12.25 18:53:29 | 010,138,446 | ---- | C] () -- C:\Users\Kissa Katzman\Описания авто.zip
[2011.12.25 18:53:29 | 001,177,952 | ---- | C] () -- C:\Users\Kissa Katzman\Статьи.zip
[2011.12.25 18:53:29 | 000,067,799 | ---- | C] () -- C:\Users\Kissa Katzman\Инфо для заводов.zip
[2011.12.09 16:02:33 | 000,119,037 | ---- | C] () -- C:\Users\Kissa Katzman\notch_batch_001.jpg
[2011.12.09 16:02:33 | 000,107,373 | ---- | C] () -- C:\Users\Kissa Katzman\notch_batch_002.jpg
[2011.12.03 20:50:28 | 005,104,914 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0901.JPG
[2011.12.03 20:50:28 | 004,774,305 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0880.JPG
[2011.12.03 20:50:28 | 004,720,508 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0903.JPG
[2011.11.02 18:48:33 | 000,004,440 | ---- | C] () -- C:\Windows\jwfvrd-q32.ini
[2011.11.02 18:48:33 | 000,001,441 | ---- | C] () -- C:\Windows\crhw_q64.ini
[2011.10.02 16:04:12 | 004,624,664 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0507.JPG
[2011.10.02 16:04:12 | 003,063,670 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0504.jpg
[2011.10.02 16:02:18 | 006,770,912 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0466.JPG
[2011.10.02 16:02:18 | 006,500,086 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0469.JPG
[2011.10.02 16:02:18 | 005,064,432 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0448.JPG
[2011.10.02 16:02:18 | 004,971,037 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0455.JPG
[2011.10.02 16:02:18 | 004,619,934 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0497.JPG
[2011.10.02 15:52:00 | 001,293,884 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.47.39.jpg
[2011.10.02 15:52:00 | 001,276,976 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.47.25.jpg
[2011.10.02 15:52:00 | 001,226,766 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.49.05.jpg
[2011.10.02 15:52:00 | 001,213,216 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.48.22.jpg
[2011.10.02 15:52:00 | 001,155,160 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.48.06.jpg
[2011.10.02 15:52:00 | 001,150,102 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.48.50.jpg
[2011.10.02 15:52:00 | 001,083,014 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.47.55.jpg
[2011.10.02 15:52:00 | 001,072,131 | ---- | C] () -- C:\Users\Kissa Katzman\2011-09-21 18.48.35.jpg
[2011.09.18 16:56:29 | 005,148,989 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0386.JPG
[2011.09.18 16:56:29 | 004,678,270 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0379.JPG
[2011.09.18 16:56:29 | 004,618,588 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0382.JPG
[2011.09.18 16:56:29 | 004,455,722 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0377.JPG
[2011.09.10 16:40:48 | 000,225,581 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0354.jpg
[2011.09.10 16:40:48 | 000,180,017 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0352.jpg
[2011.08.31 16:41:31 | 000,482,927 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0220.JPG
[2011.08.31 16:41:31 | 000,414,722 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0224.JPG
[2011.08.31 16:41:31 | 000,402,967 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0228.JPG
[2011.08.31 16:41:31 | 000,382,507 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0211.JPG
[2011.08.31 16:41:31 | 000,353,840 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0205.JPG
[2011.08.31 16:41:31 | 000,308,532 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0207.JPG
[2011.08.31 16:41:31 | 000,286,795 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0215.JPG
[2011.08.31 16:41:31 | 000,280,422 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0217.JPG
[2011.08.29 19:48:13 | 000,466,273 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9985.JPG
[2011.08.29 19:48:13 | 000,396,843 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9992.JPG
[2011.08.29 19:48:13 | 000,319,516 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0151.JPG
[2011.08.29 19:48:13 | 000,187,938 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0182.JPG
[2011.08.29 19:48:03 | 000,406,790 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9993.JPG
[2011.08.29 19:48:03 | 000,387,547 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0001.JPG
[2011.08.29 19:48:03 | 000,370,360 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0019.JPG
[2011.08.29 19:48:03 | 000,346,147 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0050.JPG
[2011.08.29 19:48:03 | 000,337,163 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0022.JPG
[2011.08.29 19:48:03 | 000,334,160 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0007.JPG
[2011.08.29 19:48:03 | 000,276,728 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0054.JPG
[2011.08.29 19:48:03 | 000,233,160 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0090.JPG
[2011.08.29 19:48:00 | 000,926,216 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0110.JPG
[2011.08.29 19:48:00 | 000,884,129 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0119.JPG
[2011.08.29 19:48:00 | 000,753,827 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0137.JPG
[2011.08.29 19:48:00 | 000,728,439 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0108.JPG
[2011.08.29 19:48:00 | 000,660,756 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0099.JPG
[2011.08.29 19:48:00 | 000,629,363 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0140.JPG
[2011.08.29 19:48:00 | 000,612,112 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0128.JPG
[2011.08.29 19:48:00 | 000,579,259 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0123.JPG
[2011.08.29 19:48:00 | 000,569,189 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0157.JPG
[2011.08.29 19:48:00 | 000,567,900 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0161.JPG
[2011.08.29 19:48:00 | 000,528,766 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0154.JPG
[2011.08.29 19:48:00 | 000,478,194 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0126.JPG
[2011.08.29 19:48:00 | 000,469,611 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0149.JPG
[2011.08.29 19:48:00 | 000,465,972 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0159.JPG
[2011.08.29 19:45:34 | 000,651,365 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0086.JPG
[2011.08.29 19:45:34 | 000,462,471 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0085.JPG
[2011.08.29 19:45:34 | 000,368,918 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0083.JPG
[2011.08.29 19:44:42 | 001,681,211 | ---- | C] () -- C:\Users\Kissa Katzman\2011-08-16 17.06.22.jpg
[2011.08.29 19:44:42 | 001,552,621 | ---- | C] () -- C:\Users\Kissa Katzman\2011-08-16 17.06.02.jpg
[2011.08.29 19:44:42 | 001,436,161 | ---- | C] () -- C:\Users\Kissa Katzman\2011-08-16 17.39.32.jpg
[2011.08.29 19:43:07 | 001,544,063 | ---- | C] () -- C:\Users\Kissa Katzman\2011-08-21 16.07.42.jpg
[2011.08.29 19:43:07 | 001,515,523 | ---- | C] () -- C:\Users\Kissa Katzman\2011-08-21 16.07.49.jpg
[2011.08.29 19:41:32 | 000,439,632 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0057.JPG
[2011.08.29 19:41:32 | 000,436,833 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0055.JPG
[2011.08.29 19:41:32 | 000,430,386 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0058.JPG
[2011.08.29 19:41:32 | 000,427,639 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0059.JPG
[2011.08.29 19:41:32 | 000,406,219 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_0056.JPG
[2011.08.01 22:59:43 | 000,692,850 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9933.JPG
[2011.08.01 22:59:43 | 000,546,425 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9929.JPG
[2011.08.01 22:59:43 | 000,476,547 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9957.JPG
[2011.08.01 22:59:43 | 000,466,974 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9937.jpg
[2011.08.01 22:59:43 | 000,412,068 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9926.JPG
[2011.08.01 22:59:43 | 000,411,704 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9920.JPG
[2011.08.01 22:59:43 | 000,359,984 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9925.JPG
[2011.08.01 22:59:43 | 000,337,897 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9911.JPG
[2011.08.01 22:59:18 | 000,763,952 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9608.jpg
[2011.08.01 22:59:18 | 000,716,057 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9820.jpg
[2011.08.01 22:59:18 | 000,685,724 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9566.jpg
[2011.08.01 22:59:18 | 000,658,679 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9824.JPG
[2011.08.01 22:59:18 | 000,621,973 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9654.jpg
[2011.08.01 22:59:18 | 000,608,843 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9764.jpg
[2011.08.01 22:59:18 | 000,602,018 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9577.jpg
[2011.08.01 22:59:18 | 000,593,040 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9601.JPG
[2011.08.01 22:59:18 | 000,590,250 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9587.JPG
[2011.08.01 22:59:18 | 000,583,654 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9769.jpg
[2011.08.01 22:59:18 | 000,576,165 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9514.JPG
[2011.08.01 22:59:18 | 000,572,396 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9595.jpg
[2011.08.01 22:59:18 | 000,569,515 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9640.JPG
[2011.08.01 22:59:18 | 000,560,348 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9731.jpg
[2011.08.01 22:59:18 | 000,555,590 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9806.JPG
[2011.08.01 22:59:18 | 000,549,182 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9762.JPG
[2011.08.01 22:59:18 | 000,547,251 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9617.JPG
[2011.08.01 22:59:18 | 000,535,134 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9671.JPG
[2011.08.01 22:59:18 | 000,530,448 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9548.JPG
[2011.08.01 22:59:18 | 000,518,994 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9624.JPG
[2011.08.01 22:59:18 | 000,517,414 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9819.jpg
[2011.08.01 22:59:18 | 000,506,874 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9581.jpg
[2011.08.01 22:59:18 | 000,501,569 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9664.jpg
[2011.08.01 22:59:18 | 000,474,676 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9532.jpg
[2011.08.01 22:59:18 | 000,462,091 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9783.JPG
[2011.08.01 22:59:18 | 000,455,748 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9811.JPG
[2011.08.01 22:59:18 | 000,443,287 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9809.jpg
[2011.08.01 22:59:18 | 000,441,910 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9788.JPG
[2011.08.01 22:59:18 | 000,430,630 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9681.JPG
[2011.08.01 22:59:18 | 000,425,027 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9698.JPG
[2011.08.01 22:59:18 | 000,391,842 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9676.JPG
[2011.08.01 22:59:18 | 000,391,670 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9803.jpg
[2011.08.01 22:59:18 | 000,369,490 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9544.jpg
[2011.08.01 22:59:18 | 000,338,783 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9522.jpg
[2011.08.01 22:59:18 | 000,319,601 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9776.jpg
[2011.08.01 22:59:18 | 000,317,246 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9815.jpg
[2011.08.01 22:59:18 | 000,310,681 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9622.JPG
[2011.08.01 22:59:18 | 000,292,999 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9772.JPG
[2011.08.01 22:59:17 | 000,625,618 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9487.jpg
[2011.08.01 22:59:17 | 000,610,701 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9510.JPG
[2011.08.01 22:59:17 | 000,581,862 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9849.jpg
[2011.08.01 22:59:17 | 000,556,293 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9897.jpg
[2011.08.01 22:59:17 | 000,546,128 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9861.JPG
[2011.08.01 22:59:17 | 000,530,910 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9865.JPG
[2011.08.01 22:59:17 | 000,529,811 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9485.jpg
[2011.08.01 22:59:17 | 000,521,284 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9889.jpg
[2011.08.01 22:59:17 | 000,477,763 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9900.jpg
[2011.08.01 22:59:17 | 000,465,903 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9465.JPG
[2011.08.01 22:59:17 | 000,458,246 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9840.JPG
[2011.08.01 22:59:17 | 000,451,225 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9875.JPG
[2011.08.01 22:59:17 | 000,450,150 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9880.jpg
[2011.08.01 22:59:17 | 000,419,017 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9858.JPG
[2011.08.01 22:59:17 | 000,386,228 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9469.JPG
[2011.08.01 22:59:17 | 000,234,601 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9834.jpg
[2011.08.01 22:58:39 | 000,706,291 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9435.JPG
[2011.08.01 22:58:39 | 000,661,540 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9436.JPG
[2011.08.01 22:58:39 | 000,605,020 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9448.jpg
[2011.08.01 22:57:48 | 000,686,447 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9426.jpg
[2011.08.01 22:57:48 | 000,668,427 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9413.JPG
[2011.08.01 22:57:48 | 000,666,197 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9398.JPG
[2011.08.01 22:57:48 | 000,663,541 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9414.JPG
[2011.08.01 22:57:48 | 000,633,532 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9423.JPG
[2011.08.01 22:57:48 | 000,626,288 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9404.JPG
[2011.08.01 22:57:48 | 000,578,166 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9401.JPG
[2011.08.01 22:57:48 | 000,544,964 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9427.jpg
[2011.08.01 22:57:48 | 000,484,741 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9424.jpg
[2011.08.01 22:57:48 | 000,475,097 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9416.jpg
[2011.08.01 22:57:48 | 000,379,370 | ---- | C] () -- C:\Users\Kissa Katzman\IMG_9429.JPG
[2011.07.30 07:07:12 | 000,116,928 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.27 13:45:42 | 000,007,970 | ---- | C] () -- C:\Users\Kissa Katzman\Downloads\SDL_Trados_7_1_Freelance\Program Files\TRADOS\T7_FL\Samples\STaggerI\IL6_sboo.@
[2011.07.05 21:14:23 | 001,559,600 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.25 19:13:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.07.24 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\AIMP3
[2011.06.25 05:36:11 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\AVG
[2011.06.25 05:27:11 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\AVG10
[2012.03.22 23:11:28 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\ChromePlus
[2011.06.24 15:09:47 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\DAEMON Tools Lite
[2012.07.24 23:26:57 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\Dropbox
[2011.07.01 14:10:53 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\Foxit Software
[2012.07.24 22:57:28 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\hellomoto
[2012.02.18 17:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\OpenOffice.org
[2012.07.12 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\uTorrent
[2012.03.08 20:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\WebMoney
[2012.04.26 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Kissa Katzman\AppData\Roaming\XSManager
[2012.06.19 17:04:15 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A064CECC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

--- --- ---

t'john · 25.07.2012, 20:14

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O4:64bit: - HKLM..\Run: [WMNetMgr] C:\Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe () 
O4 - HKLM..\Run: [wmagent.exe] C:\Program Files (x86)\WebMoney Agent\wmagent.exe () 
O4 - HKLM..\RunOnce: [  Malwarebytes Anti-Malware  (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found 
O4 - Startup: C:\Users\Kissa Katzman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kissa Katzman\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O8:64bit: - Extra context menu item: &??????? ? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: &??????? ? Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\Shell - "" = AutoRun 
O33 - MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\Shell - "" = AutoRun 
O33 - MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\Shell - "" = AutoRun 
O33 - MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\Shell\AutoRun\command - "" = G:\autorun.exe 
O33 - MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\Shell - "" = AutoRun 
O33 - MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a 

[2012.07.06 23:43:09 | 000,294,912 | ---- | C] (?????????? ??????????) -- C:\Windows\SysNative\browserchoice.exe 
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A064CECC 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:41ADDB8A 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4 
 
[2012.07.24 22:57:09 | 000,000,000 | ---D | C] -- C:\Users\Kissa Katzman\AppData\Roaming\hellomoto 
[2011.07.27 13:45:42 | 000,007,970 | ---- | C] () -- C:\Users\Kissa Katzman\Downloads\SDL_Trados_7_1_Freelance\Program Files\TRADOS\T7_FL\Samples\STaggerI\IL6_sboo.@ 
:Files
C:\Program Files
C:\Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe

G:\AutoRun.exe
F:\AutoRun.exe
G:\autorun.exe
G:\LaunchU3.exe -a

C:\Windows\SysNative\browserchoice.exe

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Mierda · 25.07.2012, 21:16

Danke! Jetzt funktioniert es wieder=)

Eine Kopie des Logfiles füge ich hinzu.

All processes killed
========== OTL ==========
Service WTGService stopped successfully!
Service WTGService deleted successfully!
C:\Program Files (x86)\XSManager\WTGService.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WMNetMgr not found.
C:\Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wmagent.exe not found.
C:\Program Files (x86)\WebMoney Agent\wmagent.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ Malwarebytes Anti-Malware (cleanup) not found.
File move failed. C:\Users\Kissa Katzman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk scheduled to be moved on reboot.
C:\Users\Kissa Katzman\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&??????? ? Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&??????? ? Microsoft Excel\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f6a0de-c284-11e0-ba20-001e37bbf192}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f6a0de-c284-11e0-ba20-001e37bbf192}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f6a0de-c284-11e0-ba20-001e37bbf192}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93f6a0f4-c284-11e0-ba20-001e37bbf192}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab5606c0-9e57-11e0-866c-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab56087f-9e57-11e0-866c-001e37bbf192}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ab56087f-9e57-11e0-866c-001e37bbf192}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab56087f-9e57-11e0-866c-001e37bbf192}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff7a7834-abe2-11e1-a07c-001e37bbf192}\ not found.
File G:\LaunchU3.exe -a not found.
File move failed. C:\Windows\SysNative\browserchoice.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:A064CECC deleted successfully.
ADS C:\ProgramData\TEMP:41ADDB8A deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
C:\Users\Kissa Katzman\AppData\Roaming\hellomoto folder moved successfully.
C:\Users\Kissa Katzman\Downloads\SDL_Trados_7_1_Freelance\Program Files\TRADOS\T7_FL\Samples\STaggerI\IL6_sboo.@ moved successfully.
========== FILES ==========
Item C:\Program Files is whitelisted and cannot be moved.
File\Folder C:\Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe not found.
File\Folder G:\AutoRun.exe not found.
File\Folder F:\AutoRun.exe not found.
File\Folder G:\autorun.exe not found.
File\Folder G:\LaunchU3.exe -a not found.
File move failed. C:\Windows\SysNative\browserchoice.exe scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Ќ*бва®©Є* Їа®в®Є®«* IP ¤«п Windows
ЌҐ г¤*Ґвбп ®зЁбвЁвм Єни б®Ї®бв*ўЁвҐ«п DNS: ЋиЁЎЄ* ЁбЇ®«*Ґ*Ёп дг*ЄжЁЁ.
C:\Users\Kissa Katzman\Desktop\cmd.bat deleted successfully.
C:\Users\Kissa Katzman\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kissa Katzman
->Temp folder emptied: 209524696 bytes
->Temporary Internet Files folder emptied: 410454141 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 87009 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Все пользователи

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294560798 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51099 bytes
RecycleBin emptied: 7657983236 bytes

Total Files Cleaned = 8*176,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kissa Katzman
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: Все пользователи

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.54.1 log created on 07252012_220311

Files\Folders moved on Reboot...
C:\Users\Kissa Katzman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
File move failed. C:\Windows\SysNative\browserchoice.exe scheduled to be moved on reboot.
C:\Users\Kissa Katzman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Kissa Katzman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk not found!
[2010.02.23 10:16:17 | 000,294,912 | ---- | M] (Корпорация Майкрософт) C:\Windows\SysNative\browserchoice.exe : MD5=85D6E8F735865B502D65D1D91A79E3F3
File C:\Users\Kissa Katzman\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

t'john · 26.07.2012, 11:56

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Mierda · 06.08.2012, 18:47

Vielen Dank für Ihre letzte E-Mail. Jetzt habe ich weitere scans durchgeführt und folgendes bekommen.

Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.08.06.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kissa Katzman :: KISSAKATZMAN-PC [Administrator]

Schutz: Aktiviert

06.08.2012 18:51:52
mbam-log-2012-08-06 (18-51-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322506
Laufzeit: 26 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\_OTL\MovedFiles\07252012_220311\C_Users\Kissa Katzman\AppData\Local\Microsoft\Windows\1218\WMNetMgr.exe (Trojan.Agent.2D) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Und dann noch ADW Cleaner

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 19:32:25
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : Kissa Katzman - KISSAKATZMAN-PC
# Running from : C:\Users\Kissa Katzman\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Kissa Katzman\AppData\Local\AVG Secure Search
Folder Found : C:\Users\KISSAK~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Kissa Katzman\AppData\LocalLow\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\TBSB03374.IEToolbar[*] Key Found : HKLM\SOFTWARE\Classes\TBSB03374.IEToolbar.1[*] Key Found : HKLM\SOFTWARE\Classes\TBSB03374.TBSB03374[*] Key Found : HKLM\SOFTWARE\Classes\TBSB03374.TBSB03374.3[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03374[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB03374.1
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
[x64] Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
[x64] Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={3DA8ADBB-20D0-4957-8041-A6444C2AAE01}&mid=21f5984b90e947d19659d1567df0fd7c-1c097485b619d870a48f64ca39649bd05de34f61&lang=ru&ds=ts024&pr=sa&d=2012-07-25 22:30:32&v=12.1.0.21&sap=hp

*************************

AdwCleaner[R1].txt - [9185 octets] - [06/08/2012 19:32:26]

########## EOF - C:\AdwCleaner[R1].txt - [9313 octets] ##########

t'john · 07.08.2012, 14:24

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Mierda · 07.08.2012, 19:38

Sorry, hab was falsches gepostet

t'john · 07.08.2012, 19:41

Die Benutzung von Cracks und Keygens ist illegal und verstoesst gegen unseren Kodex.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.

Der Computer ist für die Verletzung der Gesetze der Bundesrepublik... Sie wissen das schon=)

Log-Analyse und Auswertung: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik... Sie wissen das schon=)