| |
| |||||||
Log-Analyse und Auswertung: Werbe-PopUps öffnen von selbst - Spy.Banker.AGWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.06.2010, 17:26
| #1 |
| |  Werbe-PopUps öffnen von selbst - Spy.Banker.AG Leider scheint sich bei mir ein Trojaner installiert zu haben. Anti-Vir ermittelte desöftern den Trojaner Spy.Banker.AG, leider anscheinend ohne Erfolg. Hier bitte ich um eure Hilfe Anbei die Auswertung von HiJack: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:16:29, on 13.06.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18319) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\Micha\AppData\Local\Temp\Qql.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\Qjiqub.exe C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Users\Micha\Desktop\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Micha\AppData\Local\Temp\Qql.exe O4 - Startup: OneNote Inhaltsverzeichnis.onetoc2 O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Office\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O15 - Trusted Zone: *.line6.net O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} (MySpaceOutlookContactFinder Class) - hxxp://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 11292 bytes Vielen Dank! |
|
13.06.2010, 17:39
| #2 |
 | Werbe-PopUps öffnen von selbst - Spy.Banker.AG Hallo Staedi,
__________________poste auch noch ein Malwarebytes Log und beide OTL Logs. http://www.trojaner-board.de/85104-o...-oldtimer.html lg.
__________________ |
|
13.06.2010, 18:37
| #3 | |
 | Werbe-PopUps öffnen von selbst - Spy.Banker.AGZitat:
P.S: hab gerade eben was dazu gefunden: hxxp://www.administrator.de/index.php?content=136386 Kommt am Start vllt die Meldung das sshnas21.dll nicht gefunden wurde? Geändert von Crash129 (13.06.2010 um 18:42 Uhr) |
|
13.06.2010, 19:21
| #4 | |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AGZitat:
C:\Windows\Qjiqub.exe C:\Windows\system32\sshnas21.dll Das es sich hier um Malwaredateien handelt war schon den alten Römern bekannt.  Das Hochladen ist verschwendete Zeit. Malwarebytes sammelt die automatisch ein. lg.
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
15.06.2010, 06:14
| #5 |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AG Hallo Leute, danke schonmal für eure Antworten. Hier die gewünschten LogFiles: Malwarebytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4195 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 15.06.2010 07:03:04 mbam-log-2010-06-15 (07-03-04).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 127070 Laufzeit: 13 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 10 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Micha\AppData\Local\Temp\Qqj.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Users\Micha\AppData\Local\Temp\Qqm.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\Users\Micha\AppData\Local\Temp\Qqp.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully. C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> Quarantined and deleted successfully. C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Users\Micha\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\Micha\AppData\Local\Temp\Qql.exe (Trojan.FakeAlert) -> Delete on reboot. LOG FILES - OTL OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2010 07:08:52 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Micha\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 5,18 Gb Free Space | 4,65% Space Free | Partition Type: NTFS Drive D: | 111,44 Gb Total Space | 56,20 Gb Free Space | 50,43% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP_MICHA Current User Name: Micha Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.06.15 07:08:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe PRC - [2010.06.15 06:22:32 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe PRC - [2010.06.01 06:40:53 | 000,304,240 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.08.27 15:38:13 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.18 05:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.12.09 17:42:28 | 000,184,968 | ---- | M] (SPAMfighter ApS) -- C:\Programme\SPAMfighter\sfus.exe PRC - [2008.12.03 17:18:42 | 000,212,992 | ---- | M] (Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421) -- C:\Programme\WS_FTP Pro\ftpsched.exe PRC - [2008.12.01 00:30:10 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.08.25 06:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe PRC - [2008.07.02 04:51:00 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.05.29 18:44:30 | 000,167,936 | ---- | M] (CyberLink) -- C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.04.25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe PRC - [2008.04.25 22:36:02 | 000,131,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe PRC - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2003.07.14 23:45:18 | 000,196,152 | ---- | M] (Microsoft Corporation) -- C:\Office\OFFICE11\OUTLOOK.EXE ========== Modules (SafeList) ========== MOD - [2010.06.15 07:08:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.06.15 06:22:32 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.20 11:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.09 17:42:28 | 000,184,968 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service) SRV - [2008.12.03 17:18:42 | 000,212,992 | ---- | M] (Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421) [Auto | Running] -- C:\Programme\WS_FTP Pro\ftpsched.exe -- (ftpqueue) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.04.25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc) SRV - [2008.04.25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc) SRV - [2008.04.15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.03.21 14:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.03.03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 19:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2010.03.10 00:40:44 | 000,571,264 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GPWADrv.sys -- (GPWADrv) Service for L6 GuitarPort Driver (WDM) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.07.28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2008.07.02 04:52:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2008.05.14 18:05:44 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk) DRV - [2008.05.14 18:05:42 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2008.05.14 18:05:42 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2008.05.09 13:03:58 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.04.28 10:26:42 | 002,127,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.04.21 05:07:00 | 000,081,296 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2008.03.28 05:44:56 | 000,210,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2008.03.21 11:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.01.30 11:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.01.30 11:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2008.01.18 05:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2008.01.16 19:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.12.16 18:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2006.11.23 19:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2001.11.28 00:46:10 | 000,010,880 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DFUUsb.sys -- (DfuUsb) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1108&m=aspire_7730z IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "PHPNukeDE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102572&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "PHPNukeDE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2102572&SearchSource=13" FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.0 FF - prefs.js..extensions.enabledItems: {c9508125-4747-4733-b048-e4b82dc9716d}:2.1.0.19 FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102572&SearchSource=2&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.15 06:45:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.08 21:05:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.15 06:45:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.18\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.09.08 21:05:31 | 000,000,000 | ---D | M] [2008.12.03 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions [2010.06.10 06:43:49 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\cz35gtzf.default\extensions [2009.09.03 12:37:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\cz35gtzf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.01 14:25:06 | 000,000,880 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Mozilla\FireFox\Profiles\cz35gtzf.default\searchplugins\conduit.xml [2009.09.08 21:00:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.03.21 19:47:55 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.09.08 21:00:03 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{c9508125-4747-4733-b048-e4b82dc9716d} [2009.03.21 19:47:56 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2009.02.14 11:10:28 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.02.14 11:10:28 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.02.14 11:10:28 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.02.14 11:10:28 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.02.14 11:10:28 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsCustomize = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} hxxp://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{486f9a95-c44e-11de-9dd3-00238b3933f1}\Shell - "" = AutoRun O33 - MountPoints2\{486f9ab0-c44e-11de-9dd3-00238b3933f1}\Shell - "" = AutoRun O33 - MountPoints2\{486f9abc-c44e-11de-9dd3-00238b3933f1}\Shell - "" = AutoRun O33 - MountPoints2\{486f9abe-c44e-11de-9dd3-00238b3933f1}\Shell - "" = AutoRun O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.15 07:08:08 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2010.06.14 06:46:02 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes [2010.06.14 06:45:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.14 06:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.14 06:45:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.14 06:45:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.14 06:44:55 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Micha\Desktop\mbam-setup.exe [2010.06.13 18:15:54 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\HiJackThis204.exe [2010.06.13 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Gartentreppen [2010.06.13 16:29:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\13062010 [2010.06.11 06:24:25 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Hallo Ihr Raketen Songs [2010.06.11 06:24:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\Hallo_Rakete_Mix [2010.06.11 06:23:47 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\DigiDelivery [2010.06.11 06:23:32 | 000,000,000 | ---D | C] -- C:\Programme\Aspera [2010.05.30 18:48:04 | 000,000,000 | ---D | C] -- C:\Programme\PixelNet Foto Client [2010.05.28 18:10:02 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\103DSCIM [2010.05.28 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Urlaub [2010.05.25 16:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InterAction studios [2010.05.25 16:17:47 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\FloodLightGames [2010.05.25 16:17:06 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Roaming\.# [2010.05.20 20:26:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\2010-05-20 [2010.05.16 20:18:19 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\16052010 [2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2010.06.15 07:11:15 | 004,456,448 | -HS- | M] () -- C:\Users\Micha\ntuser.dat [2010.06.15 07:08:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2010.06.15 07:05:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2010.06.15 07:04:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.15 07:04:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 07:04:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 07:04:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.15 07:04:45 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2010.06.15 07:04:43 | 3146,641,408 | -HS- | M] () -- C:\hiberfil.sys [2010.06.15 07:04:00 | 000,524,288 | -HS- | M] () -- C:\Users\Micha\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 07:04:00 | 000,065,536 | -HS- | M] () -- C:\Users\Micha\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.15 07:03:59 | 006,291,456 | -H-- | M] () -- C:\Users\Micha\AppData\Local\IconCache.db [2010.06.15 06:52:45 | 002,441,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.15 06:52:45 | 001,153,608 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.15 06:52:45 | 000,719,414 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.15 06:52:45 | 000,643,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.15 06:52:45 | 000,005,106 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.15 06:48:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.14 06:45:45 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.14 06:45:15 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Micha\Desktop\mbam-setup.exe [2010.06.13 18:16:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Micha\Desktop\HiJackThis204.exe [2010.06.13 17:27:28 | 000,174,080 | ---- | M] () -- C:\Windows\Qjiqub.exe [2010.06.13 17:23:34 | 000,174,080 | ---- | M] () -- C:\Windows\Qjiqua.exe [2010.06.11 06:25:00 | 004,297,961 | ---- | M] () -- C:\Users\Micha\Desktop\01 Das Schweigen unserer Zeit mit Gesang.mp3 [2010.06.11 06:23:33 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\DigiDelivery.lnk [2010.06.06 13:06:33 | 000,078,848 | ---- | M] () -- C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.03 21:10:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini ========== Files Created - No Company Name ========== [2010.06.14 06:45:45 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.13 18:13:44 | 000,174,080 | ---- | C] () -- C:\Windows\Qjiqub.exe [2010.06.13 17:23:45 | 000,174,080 | ---- | C] () -- C:\Windows\Qjiqua.exe [2010.06.11 06:25:00 | 004,297,961 | ---- | C] () -- C:\Users\Micha\Desktop\01 Das Schweigen unserer Zeit mit Gesang.mp3 [2010.06.11 06:23:33 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\DigiDelivery.lnk [2010.05.31 21:52:11 | 030,260,012 | ---- | C] () -- C:\Users\Micha\Desktop\STE-000.wav [2010.05.31 21:51:39 | 028,583,980 | ---- | C] () -- C:\Users\Micha\Desktop\STE-002.wav [2010.05.08 16:04:59 | 000,000,046 | ---- | C] () -- C:\Windows\Goya.INI [2010.05.08 15:59:06 | 000,000,000 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2010.05.08 15:38:24 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.03.22 07:28:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.01.11 19:50:33 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.01.11 19:50:33 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.10.29 20:54:49 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys [2009.05.18 06:50:30 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.21 19:46:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.02.27 19:17:15 | 000,026,491 | ---- | C] () -- C:\Windows\CSTBox.INI [2009.02.14 17:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.02.08 12:16:52 | 000,434,176 | ---- | C] () -- C:\Windows\System32\CNQL3203.DLL [2008.12.03 11:27:46 | 000,000,353 | ---- | C] () -- C:\Windows\GearBox.ini [2008.12.03 11:01:16 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2008.12.02 21:16:25 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI [2008.09.02 09:09:31 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.02.06 01:45:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.05 17:55:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.02.05 17:55:33 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.02.05 17:36:07 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.02.05 17:32:08 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.02.05 17:25:25 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.08.07 21:01:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7 < End of report > --- --- --- OTL Extras.TEXT OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2010 07:08:52 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Micha\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 5,18 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive D: | 111,44 Gb Total Space | 56,20 Gb Free Space | 50,43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LAPTOP_MICHA
Current User Name: Micha
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15159931-9E34-4FD7-868E-5118E24F07FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ACA49B6D-2026-463E-B6FD-1D805259DAFA}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DC08C8-F123-43F6-B7E5-058715089E23}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{0BFDF6CA-B5EB-4501-9E3F-201953D78B95}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{10423B34-79D5-402B-8F85-824B1760DE5C}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{2866CF4E-8F62-42C6-B767-4C9BC3A039F0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{3C631CDB-50A5-4B50-B7AC-73BF77E51995}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{6574DCB0-B89C-4EF4-A665-F88C5DCBA751}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{67D5BB38-CFCD-4697-BE90-80006424ED2F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{7D0F671C-27EC-4240-800A-FF4E8F62884E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9606538F-08F2-4AE7-9672-517A43B17F88}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B32691AF-D6F2-40A8-8085-9C32A3E4E883}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{CCE5D578-AF0A-4513-862F-18DD1FDB8095}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{CFA13F71-A90D-483D-A954-E3E7164CEE73}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D7C85BB6-CD92-4B62-A248-F31C53846856}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E615695E-B7CB-4851-8B25-F894E44E8420}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{F3333B2B-39EA-45A1-BA37-D03C232D317F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{361A4826-86BD-4A53-9013-EFE551ED225E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{8290E427-662C-440F-94E5-5DC0A0ADE14D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{DE12E84D-9A3B-44BE-8A4C-2DC878D971FF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0C0FB59F-76B1-4302-854D-6CE910577719}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{2C9CA9D5-BF48-4983-8B1F-6F8488E11794}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{474A603F-56BF-4350-AEC6-140448A366A7}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = CanoScan Toolbox Ver4.6
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C7FD943-5682-4A92-928A-7EC1F79E1031}" = Nero 8 Trial
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BE38A73-F54F-4A58-9B36-78D51D205F36}" = SPAMfighter
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A075BA-D267-4866-88AC-1602CEFD0194}" = DigiDelivery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F43BC6-E685-49CB-BF91-851F62628343}" = AudioCommander
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{ca33a0fd-2956-4026-b54c-9518fdc6fecf}" = Nero 9 Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Alpha ASIO driver" = Lexicon Alpha ASIO (remove only)
"AskTBar Uninstall" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AudioCommander" = AudioCommander
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cakewalk Home Studio 9" = Cakewalk Home Studio 9
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"FileZilla Client" = FileZilla Client 3.1.3.1
"FriendBlasterPro_is1" = FriendBlasterPro
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LexiconStudio" = Lexicon Pantheon VST Plug-in (remove only)
"Line 6 Uninstaller" = Line 6 Uninstaller
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.18)" = Mozilla Thunderbird (2.0.0.18)
"PC Shower 2009_is1" = PC Shower 2009 4.0 RT
"PixelNet Foto Client" = PixelNet Foto Client 4.7
"S2TNG" = Die Siedler II - Die nächste Generation
"SPAMfighter" = SPAMfighter
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TUGZip_is1" = TUGZip 3.5
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WS_FTPPro" = Ipswitch WS_FTP Pro Uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.06.2010 00:19:26 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
Error - 04.06.2010 00:19:26 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
Error - 04.06.2010 00:19:26 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3011
Description =
Error - 06.06.2010 05:16:31 | Computer Name = Laptop_Micha | Source = WinMgmt | ID = 10
Description =
Error - 06.06.2010 05:21:55 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
Error - 06.06.2010 05:21:55 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
Error - 06.06.2010 05:21:55 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3011
Description =
Error - 07.06.2010 00:18:17 | Computer Name = Laptop_Micha | Source = WinMgmt | ID = 10
Description =
Error - 07.06.2010 00:24:03 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
Error - 07.06.2010 00:24:03 | Computer Name = Laptop_Micha | Source = LoadPerf | ID = 3012
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Vielen Dank schonmal für Eure Hilfe! Vielen Dank schonmal für Eure Hilfe! |
|
15.06.2010, 14:24
| #6 |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AG Full Scan bitte und rebooten |
|
15.06.2010, 16:03
| #7 | ||
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AGZitat:
> OTL Fix: * Schliesse alle Programme und starte das Programm OTL. * Kopiere den Inhalt im Codefenster (siehe unten) in die leere, weisse Textbox im OTL. Zitat:
* OTL wird den PC neustarten. Bitte das zulassen und nach dem Neustart auf "Run" klicken im Infofenster von OTL und abwarten bis das Log kommt. * Log posten. > Interneteinstellungen zurücksetzen (manuell): Zurücksetzen von Internet Explorer-Einstellungen > Schnell Scan mit Dr. Web im abgesicherten Modus: Log anfertigen und hier posten. MR.
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
15.06.2010, 17:29
| #8 |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AG Anbei der Log von OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully. C:\Programme\Java\jre6\bin\ssv.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. C:\Programme\pdfforge Toolbar\SearchSettings.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. File C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found. File C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Programme\pdfforge Toolbar\SearchSettings.exe moved successfully. Starting removal of ActiveX control {48DD0448-9209-4F81-9F6D-D83562940134} C:\Windows\Downloaded Program Files\MySpaceUploader.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48DD0448-9209-4F81-9F6D-D83562940134}\ not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\Windows\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CA127633-F57D-4475-9445-E5F5B63A01ED} C:\Windows\Downloaded Program Files\MySpace.OutlookContactFinder.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CA127633-F57D-4475-9445-E5F5B63A01ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA127633-F57D-4475-9445-E5F5B63A01ED}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CA127633-F57D-4475-9445-E5F5B63A01ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA127633-F57D-4475-9445-E5F5B63A01ED}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. C:\Windows\Qjiqub.exe moved successfully. C:\Windows\Qjiqua.exe moved successfully. C:\Users\Micha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Micha ->Flash cache emptied: 22755 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Micha ->Temp folder emptied: 155561520 bytes ->Temporary Internet Files folder emptied: 360958559 bytes ->Java cache emptied: 5385832 bytes ->FireFox cache emptied: 56596240 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 131047397 bytes RecycleBin emptied: 806280756 bytes Total Files Cleaned = 1.446,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.6.0 log created on 06152010_175449 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
16.06.2010, 05:38
| #9 |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AG Und hier noch das Protokkoll von Dr. Web: SlgClientServicesRedists.exe\1.file C:\Program Files\Acer GameZone\Cake Mania\SlgClientServicesRedists.exe Adware.SpywareStorm SlgClientServicesRedists.exe C:\Program Files\Acer GameZone\Cake Mania Container enthält infizierte Objekte . Verschoben |
|
16.06.2010, 13:50
| #10 | |
| | Werbe-PopUps öffnen von selbst - Spy.Banker.AGZitat:
die Fünde von DrWeb löschen. Rootkit Scan mit RootRepeal: http://ad13.geekstogo.com/RootRepeal.zip die zip datei downloaden, entpacken > doppelklick auf "rootrepeal.exe" (als Administrator ausführen! Rechtsklick mit der Maus) Gehe unten in der Leiste auf REPORT klicke Scan, häkchen vor allen Scanalternativen setzen-ok- Häkchen vor allen Festplatten setzen > klicke ok. Der Scan läuft- Nach dem Scan plopt das Log hoch. Poste es hier. Solltest du Probleme mit diesem Rootkit Scanner haben führe einen GMER scan durch. Log posten. **************************
__________________ Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes. (Jean Rostand) |
|
| Themen zu Werbe-PopUps öffnen von selbst - Spy.Banker.AG |
| adobe, agere systems, antivir, antivir guard, ask toolbar, avg, avira, bho, cdburnerxp, defender, desktop, excel, ftp, google, gupdate, helper, hijack, hijackthis, internet, internet explorer, launch, local\temp, monitor, pdfforge toolbar, plug-in, popup, rundll, software, system, temp, trojaner, vista, von selbst, windows |
Linear-Darstellung
