Hallo M-K-D-B,
hier die Logs,
1. aus FIX mit OTL Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Restore folder moved successfully.
C:\Users\xxxxx\Desktop\Windows 7 Restore.lnk moved successfully.
C:\ProgramData\~32104184r moved successfully.
C:\ProgramData\~32104184 moved successfully.
C:\ProgramData\32104184 moved successfully.
========== FILES ==========
File/Folder C:\Users\xxxxx\AppData\Roaming\srvblck2.tmp not found.
File/Folder C:\Users\xxxxx\AppData\Roaming\xmldm not found.
File/Folder C:\Users\xxxxx\AppData\Roaming\UAs not found.
File/Folder C:\Users\xxxxx\AppData\Roaming\kock not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: xxxxx
->Temp folder emptied: 601528 bytes
->Temporary Internet Files folder emptied: 54014747 bytes
->Java cache emptied: 615237 bytes
->Google Chrome cache emptied: 19518711 bytes
->Flash cache emptied: 878 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2896873 bytes
->Flash cache emptied: 622 bytes
User: xxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 928591548 bytes
->Java cache emptied: 1162564 bytes
->Google Chrome cache emptied: 6357193 bytes
->Flash cache emptied: 1209 bytes
User: xx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 414957065 bytes
->Java cache emptied: 507532 bytes
->Flash cache emptied: 782 bytes
User: x
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144238963 bytes
->Flash cache emptied: 4078 bytes
User: Public
->Temp folder emptied: 0 bytes
User: xxxx
->Temp folder emptied: 258040 bytes
->Temporary Internet Files folder emptied: 197638922 bytes
->Java cache emptied: 377870 bytes
->Flash cache emptied: 1271 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.690,00 mb
OTL by OldTimer - Version 3.2.24.0 log created on 06132011_212700 2. Log aus SuperAntiSpy Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/13/2011 at 10:15 PM
Application Version : 4.54.1000
Core Rules Database Version : 7259
Trace Rules Database Version: 5071
Scan type : Complete Scan
Total Scan Time : 00:29:56
Memory items scanned : 774
Memory threats detected : 0
Registry items scanned : 9145
Registry threats detected : 0
File items scanned : 37685
File threats detected : 240
Adware.Tracking Cookie
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@zanox-affiliate[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@sevenoneintermedia.112.2o7[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@liveperson[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@ad.ad-srv[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@overture[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@macromedia[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@adfarm1.adition[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@invitemedia[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@yadro[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@atdmt[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@sales.liveperson[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@ad3.adfarm1.adition[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@traffictrack[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@liveperson[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@zanox[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@doubleclick[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@ad.zanox[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@msnportal.112.2o7[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxxx@webmasterplan[2].txt
.smartadserver.com [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
metroleap.rotator.hadj7.adjuggler.net [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
metroleap.rotator.hadj7.adjuggler.net [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
adserver.adreactor.com [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad.dyntracker[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@webmasterplan[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@www6.addfreestats[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@adfarm1.adition[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@tradedoubler[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@adx.chip[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@zanox-affiliate[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@adserver.adtechus[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad.zanox[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad.adserver01[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@sales.liveperson[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@doubleclick[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@traffictrack[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad.yieldmanager[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@imrworldwide[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@zanox[2].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@invitemedia[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad2.adfarm1.adition[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@ad3.adfarm1.adition[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@liveperson[1].txt
C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxxx@liveperson[3].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@atdmt[1].txt
C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Cookies\Low\gast@questionmarket[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.zanox[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tradedoubler[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.glispa[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@advertise[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@traffictrack[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@media6degrees[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.cpcadnet[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad4.adfarm1.adition[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.watchmygf[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@myroitracking[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@apmebf[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@count.asnetworks[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@webmasterplan[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@liveperson[3].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.adserver01[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.yieldmanager[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tracking.quisma[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adviva[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ru4[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.adnet[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@atdmt[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adfarm1.adition[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad3.adfarm1.adition[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@sales.liveperson[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.quartermedia[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@specificclick[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tracking202.info-planet[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.crakmedia[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@secmedia[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adxpose[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adx.chip[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@clicksor[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.cpcadnet[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ads.creative-serving[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adtech[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@invitemedia[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.usenext[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@bs.serving-sys[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@doubleclick[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@click.xmlmonetize[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@clicks.thespecialsearch[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[3].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@exoclick[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@imrworldwide[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@liveperson[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@mediabrandsww[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@revsci[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@serving-sys[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@tracking.mlsat02[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@zanox-affiliate[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@zanox[2].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxx@stat.aldi[1].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxx@stat.aldi[3].txt
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxx@im.banner.t-online[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad.yieldmanager[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@tradedoubler[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@imrworldwide[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad2.adfarm1.adition[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@zanox[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@tracking.quisma[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@revsci[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ads.creative-serving[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@traffictrack[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@atdmt[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@advertise[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@doubleclick[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad.adition[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@serving-sys[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@content.yieldmanager[3].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad.adnet[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad1.adfarm1.adition[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@webmasterplan[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@eas.apm.emediate[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@content.yieldmanager[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@tribalfusion[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@studivz.adfarm1.adition[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@ad4.adfarm1.adition[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@media6degrees[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@adfarm1.adition[2].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@adxpose[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\xx@invitemedia[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xx@im.banner.t-online[1].txt
C:\Users\xx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xx@ads.immobilienscout24[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@tradedoubler[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@webmasterplan[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@fl01.ct2.comclick[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@xiti[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad.yieldmanager[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad2.adfarm1.adition[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.googleadservices[5].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad.adnet[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@liveperson[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.googleadservices[3].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@mediaplex[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@server.iad.liveperson[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@traffictrack[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@atdmt[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad4.adfarm1.adition[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@thomascookag.122.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@questionmarket[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ads.immobilienscout24[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adfarm1.adition[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@advertising[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@zanox[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@tracking.metalyzer[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad.zanox[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@statcounter[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad3.adfarm1.adition[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@liveperson[3].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@count.primawebtools[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@cewecolor.112.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@adtech[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@im.banner.t-online[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.googleadservices[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@doubleclick[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@zanox-affiliate[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@movitex.122.2o7[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@2o7[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@serving-sys[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@ad-serverparc[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@track.youniversalmedia[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@apmebf[2].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.googleadservices[4].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@www.etracker[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@in.getclicky[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@tracking.quisma[1].txt
C:\Users\x\AppData\Roaming\Microsoft\Windows\Cookies\Low\x@msnportal.112.2o7[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@ad2.adfarm1.adition[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@zanox-affiliate[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@www.zanox-affiliate[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\xxxx@im.banner.t-online[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@tracking.mlsat02[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad2.adfarm1.adition[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@smartadserver[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@traffictrack[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@doubleclick[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad.dyntracker[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@microsoftsto.112.2o7[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adfarm1.adition[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ads.bleepingcomputer[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adtech[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@xm.xtendmedia[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@tracking.quisma[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@tribalfusion[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ads.brandwire[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@burstnet[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ads.creative-serving[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.usenext[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@liveperson[3].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@imrworldwide[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@atdmt[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@unitymedia[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@mediaplex[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adviva[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad.zanox[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@macromedia[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad1.adfarm1.adition[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@content.yieldmanager[3].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad3.adfarm1.adition[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@content.yieldmanager[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@insightexpressai[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.zanox-affiliate[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@fastclick[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad.adserver01[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.cpcadnet[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.googleadservices[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.burstnet[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@tradedoubler[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@serving-sys[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@sales.liveperson[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.cpcadnet[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@cdn.jemamedia[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ru4[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@zanox[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adx.chip[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@liveperson[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@advertise[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@adxpose[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@specificclick[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@kontera[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@collective-media[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@invitemedia[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@apmebf[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ww251.smartadserver[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@zanox-affiliate[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad.adnet[1].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@ad.yieldmanager[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@click.xmlmonetize[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@webmasterplan[2].txt
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Cookies\xxxx@www.pixeltrack66[2].txt 3. und der QuickScan von OTL Code:
OTL logfile created on: 13.06.2011 22:31:42 - Run 6
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\xxxx\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 69,17% Memory free
5,74 Gb Paging File | 4,56 Gb Available in Paging File | 79,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 677,54 Gb Total Space | 524,91 Gb Free Space | 77,47% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,94 Gb Free Space | 64,68% Space Free | Partition Type: NTFS
Computer Name: MEDIONE4100D | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\xxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Modules (SafeList) ==========
MOD - C:\Users\xxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NDNdisprot) -- C:\Windows\System32\drivers\NDNdisprot.sys (Windows (R) 2000 DDK provider)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011.06.12 08:37:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\xxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.06.13 21:41:57 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.13 21:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.06.13 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.06.13 21:41:51 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.06.13 21:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.13 19:03:45 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2011.06.13 19:03:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.13 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.13 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.13 19:03:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.13 17:59:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.13 17:59:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\temp
[2011.06.13 17:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.06.13 17:52:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.06.13 14:54:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.12 08:29:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.12 08:29:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.12 08:29:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.12 08:29:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.12 08:29:15 | 000,000,000 | ---D | C] -- C:\Qoobox_alt
[2011.06.11 19:24:23 | 000,000,000 | ---D | C] -- C:\Programme\NOS
[2011.06.11 19:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2011.06.11 15:12:40 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.06.11 15:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.06.10 22:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.06.10 22:48:43 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2011.06.10 22:48:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Mozilla
[2011.06.10 22:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011.06.10 22:48:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2011.06.10 22:48:28 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2011.06.05 13:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.20 17:47:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Plasmoo
[2011.05.16 18:52:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 30 Days ==========
[2011.06.13 22:27:04 | 000,010,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.13 22:27:04 | 000,010,096 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.13 22:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.13 22:20:09 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.13 22:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.13 22:19:44 | 2313,084,928 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.13 21:41:53 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.06.13 19:03:34 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.12 08:37:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.06.11 17:01:45 | 000,000,000 | ---- | M] () -- C:\Users\xxxxx\defogger_reenable
[2011.06.11 15:12:45 | 000,001,220 | ---- | M] () -- C:\Users\xxxxx\Desktop\Spybot - Search & Destroy.lnk
[2011.06.10 22:48:49 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.06.10 22:09:37 | 000,001,079 | ---- | M] () -- C:\Users\xxxxx\Desktop\Free FLV Converter.lnk
[2011.06.09 22:22:16 | 000,658,002 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.09 22:22:16 | 000,611,076 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.09 22:22:16 | 000,130,538 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.09 22:22:16 | 000,107,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.05 13:26:11 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.23 22:33:55 | 289,975,938 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.20 17:48:16 | 000,001,201 | ---- | M] () -- C:\Users\xxxxx\Desktop\DVDVideoSoft Free Studio.lnk
[2011.05.20 17:47:47 | 000,001,360 | ---- | M] () -- C:\Users\xxxxx\Desktop\Free YouTube to MP3 Converter.lnk
========== Files Created - No Company Name ==========
[2011.06.13 21:41:53 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.06.13 19:03:34 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.12 08:29:42 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.12 08:29:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.12 08:29:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.12 08:29:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.12 08:29:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.11 17:01:45 | 000,000,000 | ---- | C] () -- C:\Users\xxxxx\defogger_reenable
[2011.06.11 15:12:45 | 000,001,220 | ---- | C] () -- C:\Users\xxxxx\Desktop\Spybot - Search & Destroy.lnk
[2011.06.10 22:48:49 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.06.09 21:32:18 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.09 21:32:18 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.06.09 21:32:18 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.06.09 21:32:18 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\TVUPlayer.lnk
[2011.06.09 21:32:18 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\TerraTec Home Cinema.lnk
[2011.05.16 18:52:16 | 289,975,938 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.06.22 20:36:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.06.22 20:36:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.05.10 13:02:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010.05.10 11:16:18 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.05.10 11:16:18 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.05.10 11:16:17 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.05.10 11:16:16 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.03.23 12:54:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.03.18 13:32:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.03.18 13:32:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.03.18 13:32:23 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.03.18 13:32:22 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,658,002 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,538 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,404,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,611,076 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,262 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 00:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2010.07.16 21:13:04 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Amazon
[2010.12.21 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DVDVideoSoft
[2011.01.11 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.21 19:40:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\elsterformular
[2010.09.16 19:36:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\FreeFLVConverter
[2011.05.06 18:20:54 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\gtk-2.0
[2010.08.22 14:31:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Helios
[2011.06.10 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2010.08.30 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Klett
[2010.07.22 20:22:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\MAGIX
[2011.05.06 17:56:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\OpenOffice.org
[2011.04.19 21:51:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\TerraTec
[2010.07.05 22:38:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Windows Live Writer
[2011.05.10 08:17:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > Da war doch irgendwo noch der :pfui: Windows 7 Recovery :kloppen:
Nach einer Neuanmeldung sind schon zwei IE Prozesse aktiv (im Taskmanager zu sehen), ist das normal?
Und mbam bringt Failed to perform desired action Error 2
Gruß, Stefan |