Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor (https://www.trojaner-board.de/96354-popups-meldung-this-assembly-is-protected-by-unregistered-version-of-eziriz-net-reactor.html)

stiffler76 07.03.2011 22:32
popups mit der meldung " This assembly is protected by an unregistered version of Eziriz NET Reactor
 
Hallo zusammen,
ich habe mit bedauern feststellen müssen das hier wohl schon mehrere mein problem haben! ich bekomme andauern diese popup, nachem ich versucht habe eine software zu instalieren! markusg hat anscheinend eine lösung und ich hoffe das du mir helfen kannst! anbei die liste von OTL.OTL Logfile:
Code:
OTL logfile created on: 07.03.2011 21:27:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Stiffler76\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 228,89 Gb Total Space | 161,15 Gb Free Space | 70,40% Space Free | Partition Type: NTFS
Drive E: | 228,90 Gb Total Space | 176,09 Gb Free Space | 76,93% Space Free | Partition Type: NTFS
Drive F: | 228,89 Gb Total Space | 105,07 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
Drive G: | 244,83 Gb Total Space | 201,02 Gb Free Space | 82,11% Space Free | Partition Type: NTFS
 
Computer Name: STIFFLER76-PC | User Name: Stiffler76 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stiffler76\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\STIFFL~1\AppData\Local\Temp\autoconvs.exe ()
PRC - C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\Stiffler76\AppData\Local\Apps\2.0\E4OQMMR9.9VK\KOEPCT9Q.G0X\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin)
PRC - C:\Programme\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
PRC - C:\Programme\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Programme\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Stiffler76\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UI Assistant Service) -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (ui11rdr) -- C:\Windows\System32\drivers\ui11rdr.SYS (1&1 Internet AG)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (CTERFXFX.SYS) -- C:\Windows\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- C:\Windows\System32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (TTUSB2BDA) -- C:\Windows\System32\drivers\ttusb2bda.sys (TechnoTrend GmbH)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F D1 CD F5 86 8E CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.07 20:52:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.07 20:52:43 | 000,000,000 | ---D | M]
 
[2010.09.17 21:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Extensions
[2011.03.07 11:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions
[2011.03.07 20:52:39 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\DTToolbar@toolbarnet.com
[2011.01.12 21:40:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\LogMeInClient@logmein.com
[2011.01.12 22:39:52 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\toolbar@ask.com
[2010.10.17 12:26:18 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Stiffler76\AppData\Roaming\mozilla\Firefox\Profiles\zklhekvf.default\extensions\vshare@toolbar
[2011.01.03 10:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.21 09:57:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.01.03 10:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.12.21 09:57:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.01.03 10:06:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.03 10:06:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Programme\Nuance\PDF Create 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKCU..\Run: [Auto Check Utility] C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe ()
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Stiffler76\AppData\Local\Apps\2.0\E4OQMMR9.9VK\KOEPCT9Q.G0X\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OpAgent] File not found
O4 - HKCU..\Run: [Windows Audio Service] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.07 21:23:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.03.07 21:03:55 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Local\SkinSoft
[2011.03.07 20:36:25 | 000,000,000 | -H-D | C] -- C:\Users\Stiffler76\AppData\Local\{C6F4E9F9-4DBD-418E-BACA-D1B4E57A24E1}
[2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz
[2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\.NET Reactor SDK Test Apps
[2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.NET Reactor
[2011.03.07 20:19:59 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\Avira
[2011.03.04 15:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV
[2011.03.04 14:54:33 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\TechnoTrend
[2011.03.04 14:54:33 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\My Videos
[2011.03.04 14:53:05 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Desktop\Kö-Galerie
[2011.03.04 14:35:39 | 000,000,000 | ---D | C] -- C:\Windows\Decoder
[2011.03.04 14:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TT-Viewer
[2011.03.04 14:35:10 | 000,000,000 | ---D | C] -- C:\Programme\TT-Viewer
[2011.03.04 14:34:39 | 000,098,304 | ---- | C] (MyCompanyName) -- C:\Windows\System32\ttMultiplex.ax
[2011.03.04 14:34:38 | 000,208,896 | ---- | C] (CyberLink Corp.) -- C:\Windows\System32\CLDemuxer.ax
[2011.03.04 14:34:38 | 000,159,744 | ---- | C] (TechnoTrend AC) -- C:\Windows\System32\ttFileRead.ax
[2011.03.04 14:34:38 | 000,114,688 | ---- | C] (TechnoTrend AG) -- C:\Windows\System32\ttCheckTS.ax
[2011.03.04 14:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechnoTrend
[2011.03.04 14:33:25 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ttSplitSwitch.ax
[2011.03.04 14:33:18 | 000,000,000 | ---D | C] -- C:\Programme\TechnoTrend
[2011.03.04 14:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.03.04 14:29:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2011.03.04 14:17:34 | 000,000,000 | ---D | C] -- C:\Programme\PlayReady
[2011.03.04 14:09:10 | 000,572,800 | ---- | C] (TechnoTrend GmbH) -- C:\Windows\System32\drivers\ttusb2bda.sys
[2011.03.04 14:00:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.03.04 14:00:25 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.03.04 14:00:25 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.03.04 14:00:25 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.03.04 14:00:25 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.03.04 14:00:25 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.03.04 14:00:25 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.03.04 14:00:25 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.03.04 14:00:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.03.04 14:00:24 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.03.04 14:00:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.03.04 14:00:24 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.03.04 14:00:23 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.03.04 14:00:23 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.03.04 14:00:23 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.03.04 14:00:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.03.04 14:00:23 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.03.04 14:00:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.03.04 14:00:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.03.04 14:00:23 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.03.04 14:00:23 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.03.04 14:00:22 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.03.04 14:00:22 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.03.04 14:00:22 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.03.04 14:00:22 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.03.04 14:00:22 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.03.04 14:00:22 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.03.04 14:00:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.03.04 14:00:21 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.03.04 14:00:21 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.03.04 14:00:21 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.03.04 14:00:21 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.03.04 14:00:21 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.03.04 14:00:21 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.03.04 14:00:21 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.03.04 14:00:20 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.03.04 14:00:20 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.03.04 14:00:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.03.04 14:00:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.03.04 14:00:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.03.04 14:00:20 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.03.04 14:00:20 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.03.04 14:00:19 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.03.04 14:00:19 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.03.04 14:00:19 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.03.04 14:00:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.03.04 14:00:19 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.03.04 14:00:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.03.04 14:00:18 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.03.04 14:00:18 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.03.04 14:00:18 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.03.04 14:00:18 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.03.04 14:00:18 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.03.04 14:00:18 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.03.04 14:00:17 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.03.04 14:00:14 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.03.04 14:00:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.03.04 14:00:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.03.04 14:00:13 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.03.04 14:00:13 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.03.04 14:00:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.03.04 14:00:13 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.03.04 14:00:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.03.04 13:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader
[2011.03.04 13:35:36 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2011.02.23 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Local\Canon Easy-PhotoPrint EX
[2011.02.23 22:05:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.02.13 23:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
[2011.02.13 23:12:10 | 000,000,000 | ---D | C] -- C:\Programme\OnlineFotoservice
[2011.02.13 22:39:47 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011_mcf-Dateien
[2011.02.13 20:34:22 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Documents\restore
[2011.02.13 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2011.02.13 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2011.02.13 19:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
[2011.02.13 19:23:53 | 000,000,000 | ---D | C] -- C:\Programme\CeWe Color
[2011.02.11 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\AppData\Roaming\MyPhoneExplorer
[2011.02.11 22:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2011.02.11 22:50:15 | 000,000,000 | ---D | C] -- C:\Programme\MyPhoneExplorer
[2011.02.10 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Stiffler76\Desktop\Adobe Acrobat X
[2009.06.23 10:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009.06.23 10:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\System32\killapps.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.07 21:25:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.07 21:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.07 21:25:27 | 2616,909,824 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.07 21:24:46 | 000,030,096 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx
[2011.03.07 21:24:46 | 000,030,096 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx
[2011.03.07 21:24:46 | 000,027,288 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx
[2011.03.07 21:24:46 | 000,027,288 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx
[2011.03.07 21:24:46 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00511102}.rfx
[2011.03.07 21:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.07 21:00:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.07 21:00:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.07 21:00:03 | 000,012,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.07 21:00:03 | 000,006,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.07 20:58:59 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 20:58:59 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.04 14:35:15 | 000,000,976 | ---- | M] () -- C:\Users\Stiffler76\Desktop\TT-Viewer.lnk
[2011.03.04 14:34:43 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\TT-Media Center.lnk
[2011.03.04 14:33:28 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\BDA-Data.lnk
[2011.03.04 13:35:55 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.03.02 19:28:15 | 000,001,856 | ---- | M] () -- C:\Users\Stiffler76\Desktop\UseNeXT.lnk
[2011.02.27 18:47:32 | 000,129,024 | -H-- | M] () -- C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe
[2011.02.23 22:06:54 | 000,803,865 | ---- | M] () -- C:\Users\Stiffler76\Desktop\Tob der Baumeister.jpg
[2011.02.14 20:19:54 | 000,462,330 | ---- | M] () -- C:\Users\Stiffler76\Desktop\Info-Flyer_2011.pdf
[2011.02.13 23:15:53 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[2011.02.13 23:15:53 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2011.02.13 22:40:01 | 000,042,589 | ---- | M] () -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011.mcf
[2011.02.13 19:28:11 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
 
========== Files Created - No Company Name ==========
 
[2011.03.07 20:15:57 | 000,129,024 | -H-- | C] () -- C:\Users\Stiffler76\AppData\Roaming\AutoChks.exe
[2011.03.04 14:35:15 | 000,000,976 | ---- | C] () -- C:\Users\Stiffler76\Desktop\TT-Viewer.lnk
[2011.03.04 14:34:43 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\TT-Media Center.lnk
[2011.03.04 14:34:39 | 000,176,128 | ---- | C] () -- C:\Windows\System32\ttTSSource.ax
[2011.03.04 14:34:39 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ttFileWrite.ax
[2011.03.04 14:34:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ttPushOSD.ax
[2011.03.04 14:34:39 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ttTeleTxt.ax
[2011.03.04 14:33:28 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\BDA-Data.lnk
[2011.03.04 14:33:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ttSiFi.ax
[2011.03.04 14:33:25 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ttSuck.ax
[2011.03.04 14:33:25 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ttNetworkprovider.ax
[2011.03.04 13:35:55 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2011.02.23 22:06:36 | 000,803,865 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Tob der Baumeister.jpg
[2011.02.14 20:19:53 | 000,462,330 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Info-Flyer_2011.pdf
[2011.02.13 23:15:53 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\OnlineFotoservice.lnk
[2011.02.13 22:39:46 | 000,042,589 | ---- | C] () -- C:\Users\Stiffler76\Documents\Mein CEWE FOTOBUCH_13_02_2011.mcf
[2011.02.13 19:28:11 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk
[2011.02.13 19:28:11 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\Mein CEWE FOTOBUCH.lnk
[2011.02.10 16:37:10 | 003,313,820 | ---- | C] () -- C:\Users\Stiffler76\Desktop\Kö-Galerie_Schlüsselbestellung_Mieter_2011.pdf
[2011.01.08 15:43:59 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.01.08 15:42:24 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010.12.21 10:10:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.17 21:48:10 | 000,026,624 | ---- | C] () -- C:\Windows\System32\VNCpm.dll
[2010.10.30 09:01:18 | 000,000,013 | ---- | C] () -- C:\Windows\compedia.ini
[2010.10.17 14:18:57 | 000,003,584 | ---- | C] () -- C:\Users\Stiffler76\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.22 20:38:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.22 20:38:31 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.19 21:04:56 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2010.09.19 21:04:56 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.09.18 19:17:51 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010.09.18 19:17:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010.07.26 14:18:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.07.26 14:18:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.07.26 14:18:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.07.26 14:18:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,408,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:48 | 000,012,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,006,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.23 11:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009.06.23 11:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009.06.23 10:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2009.06.23 10:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\System32\psconv.exe
[2009.06.23 10:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\System32\ctdnlstr.dat
[2009.06.23 10:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2009.06.23 10:23:20 | 000,013,312 | ---- | C] () -- C:\Windows\System32\regplib.exe
[2009.06.23 10:22:36 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2009.06.23 10:20:44 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2009.06.23 10:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2009.06.23 10:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2009.06.23 10:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\System32\enlocstr.exe
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.12 00:11:58 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.08.13 19:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2006.10.02 16:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB
 
< End of report >
--- --- ---

cosinus 08.03.2011 11:33
Kommen da noch mehr Logfiles? Nur dieses von OTL kann nicht alles sein.

stiffler76 08.03.2011 16:43
ich habe nur diesen einen bis jetzt gemacht! muss ich noch einen anderen machen? sorry für die mühe!
werde mal kurz zum zahnarzt gehen und bin dann wieder da!

cosinus 08.03.2011 17:09
Ja, im grunde erstmal das hier:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

stiffler76 09.03.2011 13:32
so hier die logs! be bei mir kommt nur ein log von otl.

cosinus 09.03.2011 15:09
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

stiffler76 09.03.2011 20:59
Das ist der Log vor der reinigung!

stiffler76 09.03.2011 21:12
sorry auf ein neues! der otl log ist von gerade und der andere ist vor der reinigung entstanden

cosinus 10.03.2011 12:42
Zitat:
c:\program files\ea sports\fussball manager 11\activation.exe
Aus welcher Quelle stammt dieser Fußball Manager?

stiffler76 10.03.2011 13:18
Zum fm ist aus der videothek gewesen!

cosinus 10.03.2011 13:26
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell - "" = AutoRun
O33 - MountPoints2\{e91143e0-e778-11df-b751-001560edf4d7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{eab8d3b8-c29b-11df-8acd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup.exe
[2011.03.07 20:36:25 | 000,000,000 | -H-D | C] -- C:\Users\Stiffler76\AppData\Local\{C6F4E9F9-4DBD-418E-BACA-D1B4E57A24E1}
[2011.03.07 20:36:17 | 000,000,000 | ---D | C] -- C:\Programme\Eziriz
[2011.02.13 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2011.02.13 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FED912DB
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:26 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28