Home » Viren, Trojaner & Malware Forum » TR/agent814 wegkriegen! » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

TR/agent814 wegkriegen!

24.12.2010, 14:03

uemit28

Member

Beiträge: 20

#1 Hi Computer freunde, schon sied letzter woche habe ich einen virus Namens: TR/agent814 ich habe meinen pc durch antivir checken lassen aber ich kann es nicht löschen kann mir wer helfen?

mfg.

25.12.2010, 00:04

Swisstreasure

Moderator

Beiträge: 5694

#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.

• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.

Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Arbeite folgendes ab:
http://board.protecus.de/t40182.htm

25.12.2010, 13:50

uemit28

Member

Themenstarter

Beiträge: 20

#3 Also swisstreasure erstmal danke aber ich weißß jetzt nicht wo ich die logfiles rein tuhen soll also in welchen thread

25.12.2010, 13:56

Swisstreasure

Moderator

Beiträge: 5694

#4 Hier in diesen Thread

25.12.2010, 14:40

uemit28

Member

Themenstarter

Beiträge: 20

#5 Hier sind die folgende logfiles:

Von OTL:
OTL logfile created on: 25.12.2010 13:41:38 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\umit\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

895.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 13.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 48.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 281.39 Gb Total Space | 92.51 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive D: | 7.81 Gb Total Space | 2.96 Gb Free Space | 37.88% Space Free | Partition Type: NTFS

Computer Name: UMIT-PC | User Name: umit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\umit\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Users\umit\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\umit\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GMSIPCI) -- E:\INSTALL\GMSIPCI.SYS File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys ( )
DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys ( )
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (drhard) -- C:\Windows\System32\drivers\drhard.sys (Licensed for Gebhard Software)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (FileDisk) -- C:\Windows\System32\drivers\filedisk.sys (Bo Brantén)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.09 12:09:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.19 12:33:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.19 12:33:36 | 000,000,000 | ---D | M]

[2010.02.26 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\mozilla\Extensions
[2010.12.24 18:22:02 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions
[2010.10.03 11:24:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.04 23:36:01 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2010.09.11 10:30:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.08.25 21:14:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.21 08:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.31 18:32:17 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.10.31 18:32:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.30 01:26:28 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010.09.12 12:15:30 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.02.26 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\firefox@tvunetworks.com
[2010.07.01 16:51:23 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\illimitux@illimitux.net
[2010.03.30 01:34:08 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\mozilla\Firefox\Profiles\1w53xim9.default\extensions\personas@christopher.beard
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\umit\AppData\Roaming\Mozilla\FireFox\Profiles\1w53xim9.default\searchplugins\conduit.xml
[2010.11.19 15:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.16 07:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.10.09 10:49:38 | 002,340,280 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFp522.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
[2010.10.03 10:30:36 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.17 03:11:10 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010.10.03 10:30:36 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.16 15:24:13 | 000,000,143 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
[2010.10.03 10:30:36 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.03 10:30:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.03 10:30:37 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioBar Toolbar) - {5B291E6C-9A74-4034-971B-A4B007A0B315} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\tbVeoh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{A7283282-6FE9-82F6-BC0E-73075198024B}] C:\Users\umit\AppData\Roaming\Teirp\otko.exe (Avira GmbH)
O4 - HKCU..\Run: [AtBrstub] C:\Users\umit\AppData\Local\Temp\cmmofunc.DLL ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\umit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\umit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.livetv.ru/livetv.ru/cab/tvants.cab.rar (TVAnts ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB69} http://80.237.209.20/objects/NpFp522.dll (Flatcast Producer 5.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} http://80.237.209.20/objects/NpFv522.dll (Flatcast Viewer 5.2)
O18 - Protocol\Handler\toolbarchrome {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - C:\Program Files\RadioBar\toolbar.ni.dll (IMEDIX WEB TECHNOLOGIES LTD.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\umit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\umit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27 - HKLM IFEO\javaws.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\realplay.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\rnxproc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\veohwebplayer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\Shell - "" = AutoRun
O33 - MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\Shell - "" = AutoRun
O33 - MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\Shell - "" = AutoRun
O33 - MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\Shell\AutoRun\command - "" = J:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.12.23 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\umit\Desktop\Shakugan no Shana
[2010.12.22 23:04:14 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.22 23:04:12 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.22 23:04:12 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.22 23:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2010.12.22 22:43:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.12.20 02:23:32 | 000,000,000 | ---D | C] -- C:\Users\umit\AppData\Roaming\Afod
[2010.12.19 14:43:08 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msflxgrd.ocx
[2010.12.19 14:43:08 | 000,010,556 | ---- | C] (Bo Brantén) -- C:\Windows\System32\drivers\filedisk.sys
[2010.12.19 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\PSP Brew
[2010.12.18 20:12:35 | 000,000,000 | -H-D | C] -- C:\Users\umit\AppData\Local\Windows
[2010.12.18 20:12:34 | 000,000,000 | -H-D | C] -- C:\Users\umit\AppData\Local\Server
[2010.12.17 11:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp
[2010.12.15 15:17:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.12.15 13:03:08 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 13:03:06 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 13:03:06 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 13:03:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 13:03:03 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 13:03:01 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 13:03:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 13:03:01 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 13:02:57 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 13:02:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 13:02:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 13:02:55 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 13:02:55 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 13:02:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 13:02:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 13:02:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 13:02:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 13:02:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 13:02:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 13:02:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 13:02:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 13:02:54 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 13:02:54 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 13:02:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 13:02:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 13:02:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 17:00:55 | 000,000,000 | ---D | C] -- C:\Users\umit\Desktop\Neuer Ordner
[2010.12.11 21:41:15 | 000,000,000 | ---D | C] -- C:\Users\umit\Documents\BFBC2
[2010.12.11 21:39:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\AGEIA
[2010.12.11 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010.12.11 21:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.12.11 21:39:06 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.12.11 21:39:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.12.11 21:39:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.12.11 21:39:04 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.12.11 21:39:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.12.11 21:39:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.12.11 21:39:00 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.12.11 21:39:00 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.12.11 21:38:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.12.11 21:38:59 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.12.11 21:38:57 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.12.11 21:38:57 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.12.11 21:38:57 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.12.11 21:38:57 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.12.11 21:38:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.12.11 21:38:56 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.12.11 21:38:56 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.12.11 21:38:54 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.12.11 21:38:54 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.12.11 21:38:54 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.12.11 21:38:54 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.12.11 21:38:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.12.11 21:38:53 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.12.11 21:38:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.12.11 21:38:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.12.11 21:38:53 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.12.11 21:38:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.12.11 21:38:50 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.12.11 21:38:50 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.12.11 21:38:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.12.11 21:38:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.12.11 21:38:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.12.11 21:38:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.12.11 21:38:47 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.12.11 21:38:46 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.12.11 21:38:45 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.12.11 21:38:45 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.12.11 21:38:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.12.11 21:38:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.12.11 21:38:44 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.12.11 21:38:42 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.12.11 21:38:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.12.11 21:38:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.12.11 21:38:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.12.11 21:38:39 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.12.11 21:38:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.12.11 21:38:39 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.12.11 21:38:38 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.12.11 21:38:37 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.12.11 21:38:37 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.12.11 21:38:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.12.11 21:38:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.12.11 21:38:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.12.11 21:38:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.12.11 21:38:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.12.11 21:38:34 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.12.11 21:38:34 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.12.11 21:38:33 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.12.11 21:38:32 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.12.11 21:38:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.12.11 21:38:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.12.11 21:38:28 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.12.11 21:38:28 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.12.11 21:38:28 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.12.11 21:38:27 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.12.11 21:38:26 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.12.11 21:38:26 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.12.11 21:38:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.12.11 21:38:21 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.12.11 21:37:46 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.12.11 21:37:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.12.11 21:37:45 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.12.11 21:37:45 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.12.11 21:37:45 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.12.11 21:37:45 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.12.11 21:37:44 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.12.11 21:37:43 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.12.11 21:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010.12.09 16:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2010.12.09 12:49:54 | 000,000,000 | ---D | C] -- C:\Users\umit\babam
[2010.12.09 00:19:33 | 000,000,000 | ---D | C] -- C:\Users\umit\YENI SARKILAR
[2010.12.05 18:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\abgx360
[2010.12.04 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\umit\AppData\Roaming\abgx360
[2010.11.27 18:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\UnderCoverXP
[2010.11.27 02:49:28 | 000,000,000 | ---D | C] -- C:\Users\umit\Desktop\Avi
[2009.09.29 08:08:50 | 000,486,912 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530.sys
[2009.09.29 08:08:50 | 000,007,680 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530m.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.12.25 13:31:27 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.25 13:31:27 | 000,036,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.25 13:29:30 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.12.25 13:29:27 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 13:29:27 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.25 13:29:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.25 13:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.25 13:29:11 | 938,696,704 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.25 13:29:07 | 180,427,587 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.25 03:28:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.25 02:15:44 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.25 02:15:43 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.25 02:15:43 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.25 02:15:43 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.24 19:52:57 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for umit.job
[2010.12.24 16:01:44 | 003,512,448 | ---- | M] () -- C:\Users\umit\Desktop\Drake Bell Jingle Bells with lyrics.mp3
[2010.12.24 15:43:16 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.12.24 14:19:19 | 000,046,251 | ---- | M] () -- C:\Users\umit\Desktop\244001-bigthumbnail.jpg
[2010.12.23 07:12:46 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4239914910-3291006147-3918684634-1000UA.job
[2010.12.23 07:12:46 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4239914910-3291006147-3918684634-1000Core.job
[2010.12.22 23:04:08 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.22 23:04:08 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.12.22 18:18:32 | 005,231,722 | ---- | M] () -- C:\Users\umit\Desktop\SAM_0793.JPG
[2010.12.22 18:18:32 | 005,215,164 | ---- | M] () -- C:\Users\umit\Desktop\SAM_0790.JPG
[2010.12.22 18:18:32 | 004,974,562 | ---- | M] () -- C:\Users\umit\Desktop\SAM_0794.JPG
[2010.12.22 18:18:32 | 004,944,163 | ---- | M] () -- C:\Users\umit\Desktop\SAM_0792.JPG
[2010.12.19 12:22:52 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E7921B39-FFBC-448E-B237-2B93EBA9581A}.job
[2010.12.19 12:17:52 | 000,257,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.17 13:30:01 | 000,164,864 | ---- | M] () -- C:\Users\umit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.14 14:05:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.14 14:00:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.14 13:19:28 | 000,001,356 | ---- | M] () -- C:\Users\umit\AppData\Local\d3d9caps.dat
[2010.12.09 16:09:31 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.12.07 18:28:50 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.11.30 15:06:00 | 000,008,192 | -H-- | M] () -- C:\Users\umit\Desktop\photothumb.db
[2010.11.27 18:32:57 | 000,000,757 | ---- | M] () -- C:\Users\umit\Desktop\UnderCoverXP.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.12.24 16:01:28 | 003,512,448 | ---- | C] () -- C:\Users\umit\Desktop\Drake Bell Jingle Bells with lyrics.mp3
[2010.12.24 14:19:16 | 000,046,251 | ---- | C] () -- C:\Users\umit\Desktop\244001-bigthumbnail.jpg
[2010.12.23 03:22:06 | 005,231,722 | ---- | C] () -- C:\Users\umit\Desktop\SAM_0793.JPG
[2010.12.23 03:22:06 | 004,974,562 | ---- | C] () -- C:\Users\umit\Desktop\SAM_0794.JPG
[2010.12.23 03:22:05 | 005,215,164 | ---- | C] () -- C:\Users\umit\Desktop\SAM_0790.JPG
[2010.12.23 03:22:05 | 004,944,163 | ---- | C] () -- C:\Users\umit\Desktop\SAM_0792.JPG
[2010.12.22 23:04:08 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.22 23:04:08 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.12.19 12:21:11 | 938,696,704 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.13 12:39:02 | 180,427,587 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.09 16:10:02 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.09 16:09:31 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2010.11.27 18:32:57 | 000,000,757 | ---- | C] () -- C:\Users\umit\Desktop\UnderCoverXP.lnk
[2010.06.16 07:18:19 | 000,411,368 | ---- | C] () -- C:\Windows\System32\deployJava1.dll
[2010.06.12 14:12:40 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.06.02 22:27:45 | 000,000,016 | ---- | C] () -- C:\Users\umit\AppData\Roaming\qcopjv.dat
[2010.06.02 12:09:30 | 003,870,720 | ---- | C] () -- C:\Windows\System32\qt-mt323.dll
[2010.05.27 13:49:11 | 000,000,012 | ---- | C] () -- C:\Users\umit\AppData\Roaming\vqdlkr.dat
[2010.05.24 18:45:10 | 000,000,012 | ---- | C] () -- C:\Users\umit\AppData\Roaming\khiteb.dat
[2010.05.14 21:54:45 | 000,000,016 | ---- | C] () -- C:\Users\umit\AppData\Roaming\qvjsge.dat
[2010.03.14 01:09:05 | 000,000,183 | ---- | C] () -- C:\Windows\aimpr.ini
[2010.02.27 00:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.02.16 17:19:16 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.16 17:19:15 | 000,036,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.20 15:33:17 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.11.09 20:41:54 | 000,000,778 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.20 20:04:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.28 18:37:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.09.28 18:31:21 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.09.27 17:32:15 | 000,164,864 | ---- | C] () -- C:\Users\umit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.27 13:22:54 | 000,000,552 | ---- | C] () -- C:\Users\umit\AppData\Local\d3d8caps.dat
[2009.09.27 12:58:42 | 000,001,356 | ---- | C] () -- C:\Users\umit\AppData\Local\d3d9caps.dat
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\gpyapi.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.12.04 20:33:22 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\abgx360
[2009.10.11 16:27:54 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Acoustica
[2010.12.22 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Afod
[2009.10.11 15:40:20 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Ashampoo
[2010.03.30 21:58:08 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Audacity
[2010.12.15 16:30:15 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\DNA
[2010.11.11 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\DVDVideoSoft
[2010.08.25 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.13 09:35:35 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Flatcast
[2010.11.20 21:25:50 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\GameTuts
[2010.03.05 23:08:34 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\GetRightToGo
[2010.09.16 15:25:41 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\GrabPro
[2010.11.07 13:20:16 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Gutscheinmieze
[2009.12.20 00:01:44 | 000,000,000 | -H-D | M] -- C:\Users\umit\AppData\Roaming\ijjigame
[2010.03.14 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\KeePass
[2010.01.10 02:03:12 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Moyea
[2010.12.19 14:18:35 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Muafy
[2010.12.19 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Mumei
[2009.10.12 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Nokia
[2010.09.17 07:48:39 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Orbit
[2009.10.10 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\PC Suite
[2010.09.16 15:26:09 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\ProgSense
[2009.09.28 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Samsung
[2010.10.12 17:47:35 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\TeamViewer
[2009.11.09 01:05:14 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Teirp
[2010.09.17 07:52:05 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\TubeBox
[2010.12.24 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\TuneUp Software
[2010.11.24 16:09:28 | 000,000,000 | ---D | M] -- C:\Users\umit\AppData\Roaming\Ulead Systems
[2010.12.25 03:44:35 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.19 12:22:52 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E7921B39-FFBC-448E-B237-2B93EBA9581A}.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 64 bytes -> C:\Users\umit\Desktop\13062010019.mp4:TOC.WMV
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4

< End of report >

25.12.2010, 16:01

Swisstreasure

Moderator

Beiträge: 5694

#6 Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

:OTL
O4 - HKCU..\Run: [{A7283282-6FE9-82F6-BC0E-73075198024B}] C:\Users\umit\AppData\Roaming\Teirp\otko.exe (Avira GmbH)
O4 - HKCU..\Run: [AtBrstub] C:\Users\umit\AppData\Local\Temp\cmmofunc.DLL ()
O4 - HKLM..\Run: [] File not found
O33 - MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\Shell - "" = AutoRun
O33 - MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\Shell - "" = AutoRun
O33 - MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\Shell - "" = AutoRun
O33 - MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\Shell\AutoRun\command - "" = J:\Startme.exe -- File not found
@Alternate Data Stream - 64 bytes -> C:\Users\umit\Desktop\13062010019.mp4:TOC.WMV
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Vollständiger Suchlauf)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von diesem Downloadspiegel herunter:

Malwarebytes

* Anwendbar auf Windows 2000, XP, Vista und Windows 7.
* Installiere das Programm in den vorgegebenen Pfad.
* Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
* Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
* Aktiviere "Komplett Scan durchführen" => Scan.
* Wähle alle verfügbaren Laufwerke aus und starte den Scan.
* Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
* Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
* Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
* Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
* Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
* Berichte, wie der Rechner nun läuft.

25.12.2010, 18:28

uemit28

Member

Themenstarter

Beiträge: 20

#7 Logfile :

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{A7283282-6FE9-82F6-BC0E-73075198024B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7283282-6FE9-82F6-BC0E-73075198024B}\ not found.
C:\Users\umit\AppData\Roaming\Teirp\otko.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AtBrstub deleted successfully.
C:\Users\umit\AppData\Local\Temp\cmmofunc.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0adefbf6-d0e7-11df-af5d-cc53d8aef2b7}\ not found.
File K:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c8d2121-086a-11df-8fc7-002185fa028e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c8d2121-086a-11df-8fc7-002185fa028e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c8d2121-086a-11df-8fc7-002185fa028e}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bc5f02e-ab5a-11de-a646-806e6f6e6963}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1175d96-56a3-11df-8c21-b9ee1837779a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d1175d96-56a3-11df-8c21-b9ee1837779a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1175d96-56a3-11df-8c21-b9ee1837779a}\ not found.
File J:\Startme.exe not found.
ADS C:\Users\umit\Desktop\13062010019.mp4:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:671329E4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: umit
->Temp folder emptied: 162230751 bytes
->Temporary Internet Files folder emptied: 34718547 bytes
->Java cache emptied: 76162116 bytes
->FireFox cache emptied: 94473232 bytes
->Google Chrome cache emptied: 121124548 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 42342 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 30024 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3755648 bytes
RecycleBin emptied: 15916525130 bytes

Total Files Cleaned = 15'649.00 mb

OTL by OldTimer - Version 3.2.18.0 log created on 12252010_181837

Files\Folders moved on Reboot...
File\Folder C:\Users\umit\AppData\Local\Temp\~DFB9FC.tmp not found!
File\Folder C:\Users\umit\AppData\Local\Temp\~DFBA10.tmp not found!
File\Folder C:\Users\umit\AppData\Local\Temp\~DFBA90.tmp not found!
File\Folder C:\Users\umit\AppData\Local\Temp\~DFBAA4.tmp not found!
C:\Users\umit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

25.12.2010, 20:39

uemit28

Member

Themenstarter

Beiträge: 20

#8 Malwarebytes Logfile:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5392

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.12.2010 20:38:57
mbam-log-2010-12-25 (20-38-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 307714
Laufzeit: 1 Stunde(n), 59 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 55

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Gameztar Toolbar (Adware.Gameztar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A7283282-6FE9-82F6-BC0E-73075198024B} (Trojan.ZbotR.Gen) -> Value: {A7283282-6FE9-82F6-BC0E-73075198024B} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\gameztar toolbar (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670 (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Skins (Adware.DoubleD) -> Not selected for removal.

Infizierte Dateien:
c:\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll (Adware.WidgiToolbar) -> Not selected for removal.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Not selected for removal.
c:\program files\pdfforge toolbar\widgihelper.exe (Adware.WidgiToolbar) -> Not selected for removal.
c:\programdata\{0188c6a8-b559-4c1f-aa44-d0347c445c52}\OFFLINE\48C8FBD2\B94081D6\productinfo.dll (Adware.DoubleD) -> Not selected for removal.
c:\programdata\{0188c6a8-b559-4c1f-aa44-d0347c445c52}\OFFLINE\mfilebagide.dll\bag\LRI.dll (Adware.DoubleD) -> Not selected for removal.
c:\programdata\{0188c6a8-b559-4c1f-aa44-d0347c445c52}\OFFLINE\mfilebagide.dll\bag\mvbterm.exe (Adware.ColorSoft) -> Not selected for removal.
c:\programdata\{0188c6a8-b559-4c1f-aa44-d0347c445c52}\OFFLINE\mfilebagide.dll\bag\productinfo.dll (Adware.DoubleD) -> Not selected for removal.
c:\Users\umit\documents\downloads\worldmt2 (1).exe (Trojan.Downloader) -> Not selected for removal.
c:\_OTL\movedfiles\12252010_181837\C_Users\umit\AppData\Local\Temp\cmmofunc.dll (Trojan.Agent) -> Not selected for removal.
c:\_OTL\movedfiles\12252010_181837\C_Users\umit\AppData\Roaming\Teirp\otko.exe (Trojan.Agent) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_logo.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_option.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_rss.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_search.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_smiley_config.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_01.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_02.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_03.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_04.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_05.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_06.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\pixel.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\productinfo.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\profile.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\searchenginelist.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\tbcore.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\toolbarlayout.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\updatecentre.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Data\updatecentrebk.mx (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_02.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\About.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\component_combobox.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_logo.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_option.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_option_menu.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss_menu.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss_menu.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_search.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_01.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_01.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_02.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_03.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_03.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_04.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_04.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_05.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_05.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_06.mg (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_06.png (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin1.skf (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin2.skf (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin3.skf (Adware.DoubleD) -> Not selected for removal.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin4.skf (Adware.DoubleD) -> Not selected for removal.

25.12.2010, 20:45

Swisstreasure

Moderator

Beiträge: 5694

#9 Wieso hats Du bei gameztar toolbar nicht löschen lassen?

25.12.2010, 20:46

uemit28

Member

Themenstarter

Beiträge: 20

#10 dachte ich solle die nicht löschen weil die von c:/ ist

25.12.2010, 20:52

uemit28

Member

Themenstarter

Beiträge: 20

#11 soll ich die jetzt auch löschen kann ich auch einfach nur die datei durch checken lassen

25.12.2010, 20:59

uemit28

Member

Themenstarter

Beiträge: 20

#12 ok habe das auch gemacht und das ist dabei rausgekommen

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5392

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.12.2010 20:58:40
mbam-log-2010-12-25 (20-58-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 45
Laufzeit: 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 45

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\gameztar toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670 (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_rss.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_smiley_config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\module_webdropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\productinfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\searchenginelist.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\toolbarlayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\updatecentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Data\updatecentrebk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\component_combobox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_option_menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss_menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_rss_menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Icons\module_webdropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
c:\program files\gameztar toolbar\2.1.3.6670\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

25.12.2010, 23:20

Swisstreasure

Moderator

Beiträge: 5694

#13 Und wie läufts zur Zeit? Mach einen Fullscan mit Avira.

26.12.2010, 13:43

uemit28

Member

Themenstarter

Beiträge: 20

#14 jop mache ich dann melde ich mich wieda

27.12.2010, 02:16

uemit28

Member

Themenstarter

Beiträge: 20

#15 Also Hier ist mein zweiter problem ist das bei der vist home edition (32 bit) FAST immer bei den grünen balken hängen bleibt und ich dann immer resseten muss.

kann mir wer helfen?

ach und das problem habe ich schon seit einiger zeit...

mfg

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2