Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.08.2012, 16:16   #1
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hallochen zusammen,

Antivir hat bei mir heute dieses Ding (was auch immer es sein mag) gefunden und nun hoffe ich, dass ihr mir weiterhelfen könnt.

Malwarebytes ist grad mit den Scans fertig und hier sind alle Logfiles (der erste Scan wurde von meiner Katze unterbrochen, die mir auf die Tastatur gehüpft ist - hoffe, dass ist nicht tragisch)

1. File

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Sarina Pancaro :: RINASNOTEBOOK [Administrator]

Schutz: Aktiviert

12.08.2012 11:10:36
mbam-log-2012-08-12 (11-10-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 4403
Laufzeit: 4 Minute(n), 19 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
2. File

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
Sarina Pancaro :: RINASNOTEBOOK [Administrator]

Schutz: Aktiviert

12.08.2012 11:39:04
mbam-log-2012-08-12 (11-39-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349862
Laufzeit: 4 Stunde(n), 5 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
3.File:

Code:
ATTFilter
2012/08/12 11:08:29 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting protection
2012/08/12 11:08:47 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Protection started successfully
2012/08/12 11:08:50 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting IP protection
2012/08/12 11:09:20 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection started successfully
2012/08/12 11:09:22 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting database refresh
2012/08/12 11:09:22 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Stopping IP protection
2012/08/12 11:09:33 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection stopped
2012/08/12 11:09:49 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Database refreshed successfully
2012/08/12 11:09:49 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting IP protection
2012/08/12 11:10:06 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection started successfully
2012/08/12 15:49:13 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Executing scheduled update:  Daily
2012/08/12 15:50:21 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.08.12.03 to version v2012.08.12.04
2012/08/12 15:51:14 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting protection
2012/08/12 15:51:33 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Protection started successfully
2012/08/12 15:51:36 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting IP protection
2012/08/12 15:52:01 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection started successfully
2012/08/12 15:52:01 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting database refresh
2012/08/12 15:52:01 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Stopping IP protection
2012/08/12 15:52:24 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection stopped
2012/08/12 15:52:38 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Database refreshed successfully
2012/08/12 15:52:38 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	Starting IP protection
2012/08/12 15:53:03 +0200	RINASNOTEBOOK	Sarina Pancaro	MESSAGE	IP Protection started successfully
         
Dankeschön schonmal, dass jemand seine Freizeit für mich opfert. Ich versuche alle Anweisungen genau zu befolgen.

Alt 12.08.2012, 22:24   #2
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden





CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 13.08.2012, 18:52   #3
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hallo t'john,

hui, das ging ja schnell. Ich hatte nicht vor heute mit einer Antwort gerechnet.
Danke schonmal, dass du mir helfen willst.

Hier habe ich nun den Inhalt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.08.2012 17:26:21 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,50 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 54,68% Memory free
5,21 Gb Paging File | 3,79 Gb Available in Paging File | 72,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 54,85 Gb Free Space | 49,22% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 224,19 Gb Free Space | 96,27% Space Free | Partition Type: NTFS
Drive E: | 111,44 Gb Total Space | 77,72 Gb Free Space | 69,74% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 453,89 Gb Free Space | 97,48% Space Free | Partition Type: FAT32
Drive J: | 3,66 Gb Total Space | 3,13 Gb Free Space | 85,58% Space Free | Partition Type: FAT32
 
Computer Name: RINASNOTEBOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.13 17:23:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.08.08 21:28:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.20 12:24:47 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe
PRC - [2011.10.02 10:25:10 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011.01.28 06:03:26 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.02 19:05:22 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.01.30 18:12:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\SARINA~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.07.16 12:09:32 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008.06.30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008.05.20 12:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 17:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.05.09 14:07:08 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.21 13:22:32 | 000,376,832 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 04:06:49 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.15 04:06:35 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012.06.15 04:02:39 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.15 04:02:00 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 04:29:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 04:15:13 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 04:14:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.10.02 10:25:10 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.31 21:30:23 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.07.10 09:06:51 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010.02.10 18:10:10 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2008.05.14 17:05:10 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008.05.09 14:06:24 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008.04.01 10:09:49 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3006.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008.04.01 10:09:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008.04.01 10:09:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008.04.01 10:09:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.03 06:03:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.19 17:55:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.20 12:24:47 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc)
SRV - [2011.01.28 06:03:32 | 000,270,176 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009.04.08 19:54:34 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.03.31 10:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.05.14 17:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.20 12:24:55 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011.12.20 12:24:55 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011.12.20 12:24:55 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2011.12.20 12:24:55 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2011.12.20 12:24:54 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011.12.20 12:24:54 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011.12.20 12:24:54 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011.12.20 12:24:54 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.04.06 10:20:44 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.04.06 10:20:44 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2009.03.20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2008.12.17 10:30:00 | 007,580,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.18 17:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.05.26 15:13:00 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.05.26 15:13:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.03.27 09:06:59 | 000,542,976 | ---- | M] (LiteOn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.12.16 17:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_7530g
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=O7YOcKvAJSJf6eByd11Hl-8aUpo?q={searchTerms}
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{D1B2E224-71ED-4BB2-875E-8DEEEA8A3D6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb&apn_sauid=7F1A2874-C348-4B2C-B531-157CB3CF39B5
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb&apn_ptnrs=^ABT&apn_sauid=7F1A2874-C348-4B2C-B531-157CB3CF39B5&apn_dtid=^YYYYYY^YY^DE&&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2011.12.20 12:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 17:55:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 16:10:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 17:55:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.16 16:10:13 | 000,000,000 | ---D | M]
 
[2010.05.03 11:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.06.28 19:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions
[2010.08.29 20:12:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.28 19:09:15 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.10.25 22:22:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.06 20:55:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions\engine@conduit.com
[2012.07.09 20:27:05 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com
[2012.08.13 17:22:06 | 000,002,413 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\searchplugins\askcom.xml
[2012.06.08 09:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.09.01 08:48:35 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 17:55:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.08 09:54:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.08 09:54:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.08 09:54:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 09:54:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 09:54:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 09:54:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk =  File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..Trusted Domains: skillport.com ([dis-ag] https in Trusted sites)
O15 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{284AB55C-917A-4258-BBB5-841E08D44562}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33339479-50B9-4A99-B906-C927F2CBF9DB}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35979D1C-5113-42B7-8F06-020E65B0B307}: DhcpNameServer = 10.111.81.129 10.129.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82131D18-0A32-4582-8C62-3809AAB7DDBA}: DhcpNameServer = 78.42.43.62 82.212.62.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A61B1F9F-A70B-4EFC-9979-C3D136DC0142}: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5BE44C7-B1FD-4CA3-A34E-993090B5D5B2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: E:\Fanfic\Bleach\Collab mit Shuki\Rotes Band\Byaren.jpg
O24 - Desktop BackupWallPaper: E:\Fanfic\Bleach\Collab mit Shuki\Rotes Band\Byaren.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {982DA88E-BE48-C993-D793-740D771D487D} - Browser Customizations
ActiveX: {A4BA36D7-3481-AEE5-1F7A-9C81CAE0245E} - .NET Framework
ActiveX: {C73CBF3D-C55B-0ECD-80C9-8DF4306A90D8} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 17:23:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.08.12 17:59:30 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst
[2012.08.12 11:08:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.08.12 11:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 11:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 11:07:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.12 11:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.20 19:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 17:23:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.08.13 17:21:15 | 000,043,414 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.13 17:21:15 | 000,043,414 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.13 17:08:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.13 17:07:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 17:07:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 17:07:21 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.08.13 17:07:14 | 2682,597,376 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 21:35:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 11:07:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.11 11:50:37 | 005,664,670 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 11:50:37 | 002,169,074 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 11:50:37 | 001,782,960 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 11:50:37 | 001,605,944 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.11 11:50:22 | 000,007,680 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.08.12 11:07:49 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.29 17:26:45 | 2682,597,376 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.19 19:32:06 | 000,001,558 | ---- | C] () -- C:\Users\****\.recently-used.xbel
[2011.10.03 13:15:08 | 000,000,102 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2011.06.19 02:43:43 | 000,003,866 | ---- | C] () -- C:\Users\****\.heldEinstellungen4_1.xml
[2011.06.19 02:43:40 | 000,000,279 | ---- | C] () -- C:\Users\****\.dsa4.properties
[2011.05.20 22:28:17 | 000,000,618 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat
[2011.02.13 12:41:58 | 000,110,412 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.09.18 11:13:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.22 12:44:42 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010.03.22 15:13:45 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.01.24 12:48:43 | 000,001,356 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2009.03.10 19:35:11 | 000,007,680 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.30 18:07:45 | 000,043,414 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.15 16:03:46 | 000,043,414 | ---- | C] () -- C:\ProgramData\nvModes.dat
[1999.07.07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
 
========== LOP Check ==========
 
[2009.04.06 19:04:52 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.#
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acer GameZone Console
[2011.12.20 13:48:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2011.05.30 19:11:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Artifex Mundi
[2011.05.30 19:44:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Big Fish Games
[2012.02.12 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Boomzap
[2009.04.09 08:06:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\cerasus.media
[2012.03.19 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2012.03.19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.02.12 11:26:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eSobi
[2009.12.25 22:04:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Friday's games
[2009.04.06 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Games
[2009.12.24 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Gogii Games
[2011.10.19 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2009.12.23 23:11:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Oberonv1002
[2009.02.06 21:47:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2010.02.07 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2009.12.25 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst
[2009.12.25 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Playrix Entertainment
[2010.02.07 13:38:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2011.12.20 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\T-Mobile
[2011.05.20 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template
[2011.05.29 19:08:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\V-Games
[2012.08.12 21:38:17 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.04.06 19:04:52 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.#
[2008.04.01 10:35:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acer GameZone Console
[2011.02.13 10:38:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011.12.20 13:48:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2011.11.27 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2011.05.30 19:11:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Artifex Mundi
[2012.05.31 19:37:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira
[2011.05.30 19:44:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Big Fish Games
[2012.02.12 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Boomzap
[2009.04.09 08:06:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\cerasus.media
[2009.03.10 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CyberLink
[2012.03.19 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft
[2012.03.19 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.02.12 11:26:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eSobi
[2009.12.25 22:04:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Friday's games
[2009.04.06 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Games
[2009.12.24 14:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Gogii Games
[2009.02.03 19:01:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Google
[2011.10.19 19:32:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2009.01.30 18:11:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2009.04.04 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2009.01.30 18:12:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012.08.12 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2012.06.26 21:10:38 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2010.05.03 11:45:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2009.12.23 23:11:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Oberonv1002
[2009.02.06 21:47:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2010.02.07 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2009.12.25 15:28:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst
[2009.12.25 16:11:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Playrix Entertainment
[2010.02.07 13:38:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2010.07.24 10:19:47 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM
[2012.08.11 22:06:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.07.09 05:16:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2011.12.20 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\T-Mobile
[2011.05.20 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template
[2011.05.29 19:08:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\V-Games
[2012.08.10 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2010.03.09 21:11:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
[2009.12.23 23:11:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2012.06.28 19:06:52 | 004,031,184 | ---- | M] (Ask) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2010.02.07 14:42:37 | 000,069,632 | ---- | M] () -- C:\Users\****\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
[2010.02.22 21:56:46 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\****\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sataraid\nvstor32.sys
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sata_ide\nvstor32.sys
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008.05.26 15:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_903234fc\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2009.01.30 18:12:07 | 000,000,174 | -HS- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2011.03.31 21:34:00 | 000,001,032 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2009.01.30 18:18:30 | 000,001,852 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 214 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:FEF919E6
@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:BC428E9F
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:D4E73D7F
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:DD831FA6
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E62BE020
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:50A11A00
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4FFA5B5C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:34BCB6A9
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DB365884
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:26140299
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2CFBE2D1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:9A2521F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E98C5DD9

< End of report >
         
--- --- ---


Brauchst du auch noch die Inhalte aus Extras.Txt?

Und noch ne Frage hinterher: kann ich eigentlich die Windows-Updates machen - oder soll ich damit warten, bis wir hier fertig sind?

Noch mal Danke und viele Grüße
__________________

Alt 13.08.2012, 21:54   #4
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
ATTFilter
:OTL
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe 
PRC - [2009.01.30 18:12:21 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\SARINA~1\AppData\Local\Temp\RtkBtMnt.exe 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\URLSearchHook: - No CLSID value found 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=O7YOcKvAJSJf6eByd11Hl-8aUpo?q={searchTerms} 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..\SearchScopes\{D1B2E224-71ED-4BB2-875E-8DEEEA8A3D6E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb&apn_sauid=7F1A2874-C348-4B2C-B531-157CB3CF39B5 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "Ask.com" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Ask.com" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb&apn_ptnrs=^ABT&apn_sauid=7F1A2874-C348-4B2C-B531-157CB3CF39B5&apn_dtid=^YYYYYY^YY^DE&&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "*.local" 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.) 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [eRecoveryService] File not found 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found 
O15 - HKU\S-1-5-21-1122702032-985635867-1885253309-1000\..Trusted Domains: skillport.com ([dis-ag] https in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\Shell - "" = AutoRun 
O33 - MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
[2012.08.13 17:21:15 | 000,043,414 | ---- | M] () -- C:\ProgramData\nvModes.dat 
[2012.08.13 17:21:15 | 000,043,414 | ---- | M] () -- C:\ProgramData\nvModes.001 
[1999.07.07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80 
[2012.06.28 19:06:52 | 004,031,184 | ---- | M] (Ask) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com\chrome\Temp\askToolbar.exe 

@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:206470A5 
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C22674B6 
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:FEF919E6 
@Alternate Data Stream - 186 bytes -> C:\ProgramData\Temp:BC428E9F 
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:D4E73D7F 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:CF2C26D2 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DD831FA6 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:E62BE020 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:1E3397DC 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B623B5B8 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:50A11A00 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4FFA5B5C 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:34BCB6A9 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:DB365884 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:26140299 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:580E04D8 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2CFBE2D1 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:9A2521F1 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D31DA45 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:E98C5DD9 

[2012.08.12 21:35:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2009.04.06 19:04:52 | 000,000,000 | -HSD | M] -- C:\Users\****\AppData\Roaming\.# 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 14.08.2012, 18:50   #5
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hi there,

keine guten Nachrichten: OTL hat sich mitten im arbeiten aufgehängt, so dass ein Kaltstart erforderlich war. Ich wollte es jetzt nicht nochmal starten, ohne dass ich mit dir Rücksprache gehalten habe.

Kurz zu deiner Info: Abgesicherter Modus funktioniert gut, sobald ich wieder in den Normalen Modus wechsele, dauert das Hochfahren ewig.

Irgendeinen Rat für mich? Oder habe ich mich jetzt selbst abgeschossen... Entschuldige bitte meine laienhafte Ausdrucksweise, aber ich bin was Computerdinge angeht eine kleine Null.


Alt 14.08.2012, 21:46   #6
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Normal booten, Fix nochmal ausfuehren.
__________________
--> TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden

Alt 14.08.2012, 22:32   #7
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Merci, diesmal hat es geklappt.

Und das hat es nach dem Neustart ausgespuckt:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Updater.exe was found!
No active process named RtkBtMnt.exe was found!
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1B2E224-71ED-4BB2-875E-8DEEEA8A3D6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1B2E224-71ED-4BB2-875E-8DEEEA8A3D6E}\ not found.
HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1122702032-985635867-1885253309-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb&apn_ptnrs=^ABT&apn_sauid=7F1A2874-C348-4B2C-B531-157CB3CF39B5&apn_dtid=^YYYYYY^YY^DE&&q=" removed from keyword.URL
Prefs.js: "*.local" removed from network.proxy.no_proxies_on
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
File C:\ProgramData\Partner\partner.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found.
File move failed. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Registry key HKEY_USERS\S-1-5-21-1122702032-985635867-1885253309-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillport.com\dis-ag\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550e55ed-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550e55ed-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550e55ed-2aed-11e1-831c-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550e560e-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{550e560e-2aed-11e1-831c-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{550e560e-2aed-11e1-831c-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be09110-2bae-11e1-935a-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7be09110-2bae-11e1-935a-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7be09110-2bae-11e1-935a-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff94a-2af1-11e1-9ff8-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff94f-2af1-11e1-9ff8-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff95b-2af1-11e1-9ff8-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb0ff964-2af1-11e1-9ff8-00238b0a39d0}\ not found.
File G:\AutoRun.exe not found.
C:\ProgramData\nvModes.dat moved successfully.
C:\ProgramData\nvModes.001 moved successfully.
File C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80 not found.
File C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com\chrome\Temp\askToolbar.exe not found.
Unable to delete ADS C:\ProgramData\Temp:206470A5 .
Unable to delete ADS C:\ProgramData\Temp:C22674B6 .
Unable to delete ADS C:\ProgramData\Temp:FEF919E6 .
Unable to delete ADS C:\ProgramData\Temp:BC428E9F .
Unable to delete ADS C:\ProgramData\Temp:D4E73D7F .
Unable to delete ADS C:\ProgramData\Temp:CF2C26D2 .
Unable to delete ADS C:\ProgramData\Temp:DD831FA6 .
Unable to delete ADS C:\ProgramData\Temp:E62BE020 .
Unable to delete ADS C:\ProgramData\Temp:1E3397DC .
Unable to delete ADS C:\ProgramData\Temp:B623B5B8 .
Unable to delete ADS C:\ProgramData\Temp:50A11A00 .
Unable to delete ADS C:\ProgramData\Temp:4FFA5B5C .
Unable to delete ADS C:\ProgramData\Temp:34BCB6A9 .
Unable to delete ADS C:\ProgramData\Temp:DB365884 .
Unable to delete ADS C:\ProgramData\Temp:26140299 .
Unable to delete ADS C:\ProgramData\Temp:580E04D8 .
Unable to delete ADS C:\ProgramData\Temp:2CFBE2D1 .
Unable to delete ADS C:\ProgramData\Temp:9A2521F1 .
Unable to delete ADS C:\ProgramData\Temp:0D31DA45 .
Unable to delete ADS C:\ProgramData\Temp:E98C5DD9 .
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
Folder C:\Users\****\AppData\Roaming\.#\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ****
->Temp folder emptied: 675117 bytes
->Temporary Internet Files folder emptied: 304356 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 269916140 bytes
->Flash cache emptied: 9085 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255698 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 259,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: ****
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08142012_221047

Files\Folders moved on Reboot...
File\Folder C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk not found!

PendingFileRenameOperations files...
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk not found!

Registry entries deleted on Reboot...
         
Und nochmal sorry wegen der Umstände.

Geändert von Wasserfrau (14.08.2012 um 22:44 Uhr)

Alt 15.08.2012, 09:48   #8
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.08.2012, 05:58   #9
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hi there,

anbei das Malwarbytes-Log.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
**** :: XXXXXX [Administrator]

Schutz: Aktiviert

15.08.2012 19:15:00
mbam-log-2012-08-15 (19-15-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344581
Laufzeit: 3 Stunde(n), 36 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Den Rest kriegst du heute abend - habe es gestern nicht mehr geschafft.

Viele Grüße

Alt 16.08.2012, 13:32   #10
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



ok, adwCleaner bitte
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.08.2012, 18:42   #11
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Danke für deine Geduld. Und schon geht es weiter:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/16/2012 at 18:39:54
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : **** - XXXXX
# Boot Mode : Normal
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\****\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\Conduit
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\ConduitEngine
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\CT2269050
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\engine@conduit.com
Folder Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\ProgramData\Partner
File Found : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19298

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\prefs.js

Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "6-9-2010");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 06 2010 18:30:52 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "6-9-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Mon Sep 06 2010 18:30:52 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 06 2010 18:30:55 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 06 2010 18:31:02 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 06 2010 18:31:04 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 06 2010 18:31:05 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 06 2010 18:30:47 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1283703373");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 06 2010 18:30:45 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2269050.UserID", "UN95684478267749198");
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Mon Sep 06 2010 18:31:04 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.clientLogIsEnabled", true);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 03 2011 12:16:02 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 11 2011 19:17:48 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 11 2011 18:13:50 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "{ec4f760b-c2a9-4107-82e2-111a4961aba7}");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 06 2010 18:31:05 GMT+0200");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jul 10 2011 00:54:01 GMT+0200");
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jul 09 2011 05:15:30 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "01/30/2011 16");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sun Jan 30 2011 14:05:37 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 30 2011 09:42:53 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jul 11 2011 18:17:46 GMT+0200");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN73762285528160370");
Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("ConduitEngine.usagesFlag", 1);
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "Ask.com");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.OOBEVersion", "2");
Found : user_pref("extensions.asktb.apn_dbr", "ff_10.0.2");
Found : user_pref("extensions.asktb.cbid", "^ABT");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.crumb", "2012.05.31+10.34.04-toolbar015iad-DE-S2FybHNydWhlLEdlcm1hbnk%3D[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Found : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Found : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Found : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Found : user_pref("extensions.asktb.first-launch-url", "hxxp://ipm.avira.com/?data=dHJhY2s9NTE4JTJDNTM3JTJDJ[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1345050404908");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.localePref", true);
Found : user_pref("extensions.asktb.location", "Karlsruhe,Germany");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.o", "APN10395");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "2");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "7F1A2874-C348-4B2C-B531-157CB3CF39B5");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "31.05.2012 19:35:19");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.15.4.100013");
Found : user_pref("extensions.asktb.version", "5.15.4.23930");
Found : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8,toolbar@ask.com:[...]
Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [17694 octets] - [16/08/2012 18:39:54]

########## EOF - C:\AdwCleaner[R1].txt - [17823 octets] ##########
         
Viele Grüße

Alt 17.08.2012, 02:17   #12
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.08.2012, 20:10   #13
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hi there,

da ich außer Haus (und damit ohne den Rechner) bin, bekommst du die Dateien Sonntag Abend.

Viele Grüße und ein schönes WE

Alt 18.08.2012, 16:13   #14
t'john
/// Helfer-Team
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Alles klar
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.08.2012, 22:16   #15
Wasserfrau
 
TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll  gefunden - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden



Hi there,

danke für deine Geduld - hoffe es ist bei dir nicht ganz so heiß wie hier...

Nach dem Neustarten ist übrigens das Startup-Recovery von Windows ausgeführt worden. K.A. ob das für dich von Bedeutung ist... Dachte, ich informiere dich mal darüber - ich fand es verwunderlich.

Das ist die Adware-Textdatei:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/19/2012 at 21:39:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : **** - XXXXX
# Boot Mode : Normal
# Running from : C:\Users\****\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\****\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\Conduit
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\ConduitEngine
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\CT2269050
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19298

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\71fetdjk.default\prefs.js

Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "6-9-2010");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Mon Sep 06 2010 18:30:52 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "6-9-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2269050.InstalledDate", "Mon Sep 06 2010 18:30:52 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 06 2010 18:30:55 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Mon Sep 06 2010 18:31:02 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 06 2010 18:31:04 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 06 2010 18:31:05 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Mon Sep 06 2010 18:30:47 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1283703373");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Sep 06 2010 18:30:45 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2269050.UserID", "UN95684478267749198");
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Mon Sep 06 2010 18:31:04 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.clientLogIsEnabled", true);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 03 2011 12:16:02 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 11 2011 19:17:48 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 11 2011 18:13:50 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{ec4f760b-c2a9-4107-82e2-111a4961aba7}");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Sep 06 2010 18:31:05 GMT+0200");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jul 10 2011 00:54:01 GMT+0200");
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jul 09 2011 05:15:30 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/30/2011 16");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Jan 30 2011 14:05:37 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Apr 30 2011 09:42:53 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jul 11 2011 18:17:46 GMT+0200");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN73762285528160370");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jul 11 2011 18:17:49 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("ConduitEngine.usagesFlag", 1);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.OOBEVersion", "2");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_10.0.2");
Deleted : user_pref("extensions.asktb.cbid", "^ABT");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.05.31+10.34.04-toolbar015iad-DE-S2FybHNydWhlLEdlcm1hbnk%3D[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://ipm.avira.com/?data=dHJhY2s9NTE4JTJDNTM3JTJDJ[...]
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "631ad84b-0e83-4fe1-a8b3-f0bd5299b2fb");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1345404923737");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.localePref", true);
Deleted : user_pref("extensions.asktb.location", "Karlsruhe,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "APN10395");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "7F1A2874-C348-4B2C-B531-157CB3CF39B5");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "31.05.2012 19:35:19");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.4.23930");
Deleted : user_pref("extensions.enabledAddons", "{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8,toolbar@ask.com:[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [17825 octets] - [16/08/2012 18:39:54]
AdwCleaner[S1].txt - [18108 octets] - [19/08/2012 21:39:12]

########## EOF - C:\AdwCleaner[S1].txt - [18237 octets] ##########
         
Den Scan lass ich jetzt durchlaufen und hoffe, dass ich ihn heute noch posten kann, wenn nicht halt erst morgen.

Viele Grüße

Antwort

Themen zu TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
.dll, abgebrochen, administrator, anti-malware, appdata, autostart, code, dateien, explorer, gelöscht, gen, logfiles, opfer, quarantäne, service, service pack 2, speicher, tastatur, temp, test, tr/crypt.xpack.ge, tr/crypt.xpack.gen, update, updated, version, vista



Ähnliche Themen: TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden


  1. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 06.07.2014 (14)
  2. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  3. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  4. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  5. TR/Sirefef.P.1506 in C:\Users\Roos\AppData\Local\Temp\wpbt0.dll
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (6)
  6. TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  7. Start: Problem beim Starten von C:\Users\...\AppData\Local\Temp\wpbt0.dll
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (1)
  8. TR/Crypt.XPACK.Gen8 in C:\Users\main\AppData\Local\Temp\aromecxsnw.exe
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  9. TR/Crypt.ZPACK.Gen8 in C:\Users\XXX\AppData\Local\Temp\msimg32.dll
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (27)
  10. TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  11. ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (19)
  12. TR/Crypt.ZPACK.Gen in C:\Users\Isabel\AppData\Local\Temp\msimg32.dll (Firewall deaktiviert)
    Plagegeister aller Art und deren Bekämpfung - 24.04.2012 (17)
  13. Exploit:Java/Blacole.ET in C\Users\***\AppData\Local\Temp\jar_cache... gefunden
    Log-Analyse und Auswertung - 06.04.2012 (8)
  14. C:\Users\Besitzer\AppData\Local\Temp\irftsync.dll ist das Trojanische Pferd TR/Crypt.XPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 16.11.2010 (2)
  15. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  16. TR/Crypt.XPACK.Gen in -> AppData\Local\Temp\BIT6C2E.tmp
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (15)
  17. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)

Zum Thema TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden - Hallochen zusammen, Antivir hat bei mir heute dieses Ding (was auch immer es sein mag) gefunden und nun hoffe ich, dass ihr mir weiterhelfen könnt. Malwarebytes ist grad mit den - TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.