Programmupdates finden Internetverbindung nicht - Virus?

#0
12.04.2011, 15:24
Member

Beiträge: 19
#1 Hallo!

Hab Avira, AdAware, Tune Up, DivX usw. updaten wollen bzw. sollte automatisch alle paar Tage gemacht werden. Meldung "Keine Internetverbindung " oder ähnliches erfolgt, obwohl ich eine intakte Internetverbindung habe. (Browser offen) Bei einem Virenscann mit den oben genannten Antivirenprogrammen wurden 3 Malware Viren gefunden (2 Trojan.JS. Director. bh sowie 1 Win32.TrojanClicker.VBiFrame) gefunden und in Quarantäne gestellt.

Automatisch upgedatet wurde schon länger (3 Wochen nicht), leider hab dass erst jetzt bemerkt. Ich denke die Malware Viren sind dafür verantwortlich. Nun hoffe ich mit eurer Hilfe die Viren komplett beseitigen und somit das Updateproblem beheben zu können.


Code

OTL Extras logfile created on: 04/12/2011 2:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

959.00 Mb Total Physical Memory | 224.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76.68 Gb Total Space | 48.93 Gb Free Space | 63.81% Space Free | Partition Type: NTFS

Computer Name: PAULETA-5CZYV42 | User Name: Klaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\dc++\Risiko2\riskii.exe" = C:\dc++\Risiko2\riskii.exe:*:Enabled:Risk II -- (Deep Red Games Ltd)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{13D41D72-0284-4931-A261-F86F6565D4B4}" = SiSRaidPackage
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Conceptronic 300N Wireless Adapter (v3.0)
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = Controller
"{95F48480-6D51-49A5-BFC3-7D8043AC5386}" = XP-Clean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B3332FCA-3B51-4053-8C2D-9F7ACFE6065A}" = Wocarson Windows Genuine Advantage Validation v1.9.9.1 Cracked V2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Controller" = Controller
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit Reader" = Foxit Reader
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RealPlayer 12.0" = RealPlayer
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Spark 2.5.8" = Spark 2.5.8
"tele.ring Mobile Internet" = tele.ring Mobile Internet
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6b
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm Pro" = ZoneAlarm Pro

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"LiveOdds Application" = LiveOdds Application
"OnlineFestplatte" = aon Online Festplatte (entfernen)
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 04/12/2011 4:49:22 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5008
Description = TrueVector engine: OpenProcessError 87: on process ID 2352, named

Error - 04/12/2011 4:54:24 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5008
Description = TrueVector engine: OpenProcessError 87: on process ID 3612, named

Error - 04/12/2011 4:57:23 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5008
Description = TrueVector engine: OpenProcessError 87: on process ID 3528, named

Error - 04/12/2011 5:31:31 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5008
Description = TrueVector engine: OpenProcessError 87: on process ID 3800, named

Error - 04/12/2011 5:38:36 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5008
Description = TrueVector engine: OpenProcessError 87: on process ID 252, named

Error - 04/12/2011 6:28:36 AM | Computer Name = PAULETA-5CZYV42 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.

Error - 04/12/2011 6:28:36 AM | Computer Name = PAULETA-5CZYV42 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error - 04/12/2011 6:58:23 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB78.tmp".  File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 04/12/2011 6:58:24 AM | Computer Name = PAULETA-5CZYV42 | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 04/12/2011 6:59:00 AM | Computer Name = PAULETA-5CZYV42 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.

[ OSession Events ]
Error - 01/01/2010 12:18:54 PM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 03/17/2010 10:42:31 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 36 seconds with 0 seconds of active time.  This session ended with a crash.

Error - 03/17/2010 10:44:13 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 38 seconds with 0 seconds of active time.  This session ended with a crash.

Error - 04/13/2010 7:52:54 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 44
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 04/13/2010 7:55:56 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 134
seconds with 120 seconds of active time.  This session ended with a crash.

Error - 06/01/2010 11:40:11 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 06/01/2010 11:45:03 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 06/01/2010 11:46:13 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time.  This session ended with a crash.

Error - 06/02/2010 6:56:34 AM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 69 seconds with 60 seconds of active time.  This session ended with a crash.

Error - 01/22/2011 3:33:06 PM | Computer Name = PAULETA-5CZYV42 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 922
seconds with 0 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 04/10/2011 11:13:51 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet:   %%1079

Error - 04/10/2011 2:20:04 PM | Computer Name = PAULETA-5CZYV42 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft XML Core Services
6.0 Service Pack 2 (KB954459)

Error - 04/11/2011 2:28:01 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plustek USB Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1058

Error - 04/11/2011 2:28:01 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet:   %%1079

Error - 04/11/2011 8:18:20 AM | Computer Name = PAULETA-5CZYV42 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft XML Core Services
6.0 Service Pack 2 (KB954459)

Error - 04/12/2011 2:18:10 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plustek USB Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1058

Error - 04/12/2011 2:18:10 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet:   %%1079

Error - 04/12/2011 6:58:24 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Plustek USB Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1058

Error - 04/12/2011 6:58:24 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Upload-Manager" wurde aufgrund folgenden Fehlers nicht
gestartet:   %%1079

Error - 04/12/2011 7:50:34 AM | Computer Name = PAULETA-5CZYV42 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
nicht gestartet:   %%1083


< End of report >


Code

 OTL logfile created on: 04/12/2011 2:42:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

959.00 Mb Total Physical Memory | 224.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76.68 Gb Total Space | 48.93 Gb Free Space | 63.81% Space Free | Partition Type: NTFS

Computer Name: PAULETA-5CZYV42 | User Name: Klaus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Conceptronic\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs Inc.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (HidServ) --  File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (RalinkRegistryWriter) -- C:\Programme\Conceptronic\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (Scutum50) -- C:\WINDOWS\system32\drivers\Scutum50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ACEDRV08) -- C:\WINDOWS\system32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (SiSRaid) -- C:\WINDOWS\System32\DRIVERS\SiSRaid.sys (Silicon Integrated Systems)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.telekom.at/suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.telekom.at
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.at/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {7e111a5c-3d11-4f56-9463-5310c3c69025}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=8803653f0000000000000022f722c6c4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/12/16 10:31:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/03/27 10:56:46 | 000,000,000 | ---D | M]

[2010/08/04 10:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Extensions
[2010/08/04 10:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/12 13:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions
[2010/08/03 10:27:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/03 09:10:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/08/24 14:14:37 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2011/03/30 08:56:49 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011/03/13 12:06:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/03/30 08:56:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\engine@conduit.com
[2011/03/22 23:40:21 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\ffxtlbr@babylon.com
[2010/12/04 00:06:14 | 000,000,000 | ---D | M] (vShare) -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\extensions\vshare@toolbar
[2011/03/23 17:56:34 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\conduit.xml
[2011/03/27 13:15:44 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin-1.xml
[2010/11/14 15:52:04 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin-2.xml
[2010/12/10 20:27:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin-3.xml
[2010/12/10 20:27:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin-4.xml
[2011/04/01 08:50:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin-5.xml
[2010/09/16 18:13:42 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\icqplugin.xml
[2010/12/04 00:06:27 | 000,001,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Mozilla\Firefox\Profiles\gnp2ih5w.default\searchplugins\web-search.xml
[2011/04/02 13:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007/05/28 23:32:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/17 20:11:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/05/18 19:02:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 14:37:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/19 20:50:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 20:24:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 14:46:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/05/20 14:05:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/24 13:15:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMME\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/14 15:51:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/14 15:51:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/14 15:51:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/11/14 15:51:02 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/14 15:51:02 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/12/25 15:08:14 | 000,427,626 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 14748 more lines...
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1300531710875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://fortunelounge.microgaming.com/generic/FlashAX.cab (FlashXControl Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/28 22:59:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell - "" = AutoRun
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell - "" = AutoRun
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.hta
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\runthat\command - "" = G:\components\shelexec.exe start.hta
O33 - MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/04/12 13:55:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Klaus\Recent
[2011/04/12 13:50:34 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/04/12 13:50:33 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/04/12 13:50:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2011
[2011/04/12 13:48:59 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2011/04/12 13:48:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/03/30 08:55:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Anwendungsdaten\Temp
[2011/03/30 08:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\GetRightToGo
[2011/03/30 08:48:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Uniblue
[2011/03/30 08:48:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/03/22 23:52:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\BabylonToolbar
[2011/03/20 10:49:46 | 001,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/03/20 10:48:32 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/03/20 10:48:31 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/03/19 13:54:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Windows Search
[2011/03/19 13:52:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Windows Desktop Search
[2011/03/19 13:38:56 | 000,000,000 | ---D | C] -- C:\Programme\Windows Desktop Search
[2011/03/19 13:38:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/03/19 13:38:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011/03/19 13:38:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011/03/19 13:38:30 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011/03/19 13:36:21 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/03/19 13:35:42 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2
[2011/03/19 13:33:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/03/19 13:33:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2007/07/20 00:48:24 | 001,673,576 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll
[2007/07/20 00:48:24 | 000,503,144 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe
[2007/07/20 00:48:24 | 000,077,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/04/12 14:22:00 | 000,001,208 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-436374069-682003330-1003UA.job
[2011/04/12 13:53:40 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/12 13:50:31 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/04/12 13:50:31 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/04/12 12:59:05 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/04/12 12:58:25 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/12 12:58:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 12:48:05 | 000,000,861 | ---- | M] () -- C:\Dokumente und Einstellungen\Klaus\Desktop\AntiVirUpdate.lnk
[2011/04/12 10:22:00 | 000,001,156 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-436374069-682003330-1003Core.job
[2011/04/07 09:12:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 09:44:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/03/30 19:50:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/03/29 11:53:31 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/27 10:56:48 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/27 10:47:51 | 000,476,804 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/03/27 10:47:51 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 10:47:51 | 000,090,726 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/03/27 10:47:51 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/20 00:22:06 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/19 13:36:11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/19 13:36:11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/19 13:33:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/03/19 13:03:32 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[237 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Klaus\Eigene Dateien\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/04/12 13:50:31 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/04/12 13:50:31 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2011.lnk
[2011/04/12 13:50:30 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2011
[2011/04/12 12:47:48 | 000,000,861 | ---- | C] () -- C:\Dokumente und Einstellungen\Klaus\Desktop\AntiVirUpdate.lnk
[2011/03/19 13:36:27 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2011/03/19 13:36:27 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2011/03/19 13:33:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/03/08 12:49:16 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/02/15 23:13:48 | 000,005,023 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\bltofzsb.qlf
[2010/12/25 14:49:03 | 000,000,024 | ---- | C] () -- C:\WINDOWS\pccuo.ini
[2010/11/14 18:15:51 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/10/15 22:08:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010/10/15 22:08:04 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010/10/15 22:08:04 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010/10/14 13:55:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/09/27 09:02:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/30 15:56:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 12:22:55 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/05/06 12:22:54 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/11/03 15:02:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/26 00:20:28 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/02/11 23:30:02 | 001,481,728 | ---- | C] () -- C:\WINDOWS\System32\LegitCheckControl.dll
[2009/02/11 23:30:02 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2009/02/11 23:30:02 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2008/07/01 13:32:37 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/05/26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/19 15:41:26 | 000,001,435 | ---- | C] () -- C:\WINDOWS\IPokerscope.ini
[2008/01/23 14:11:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/01/23 14:11:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2008/01/23 14:11:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/01/23 14:11:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2007/12/05 12:26:19 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/12/05 12:24:26 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2007/11/16 02:22:49 | 000,000,647 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/09/24 12:01:22 | 000,000,006 | ---- | C] () -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\dm.ini
[2007/07/26 16:08:51 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/12 11:19:19 | 000,000,667 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/06 01:10:51 | 000,079,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Klaus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/29 00:31:58 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/05/29 00:26:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/05/29 00:15:02 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2007/05/29 00:13:37 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/05/29 00:13:17 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/05/29 00:13:08 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/05/29 00:10:51 | 000,090,011 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/05/29 00:10:37 | 000,208,896 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2007/05/29 00:10:37 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2007/05/29 00:10:33 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2007/05/29 00:10:33 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2007/05/29 00:10:33 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2007/05/29 00:10:18 | 000,075,053 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/05/28 23:59:24 | 000,000,240 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2007/05/28 23:46:18 | 000,000,644 | ---- | C] () -- C:\WINDOWS\PartyGrabber.ini
[2007/05/28 23:01:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/28 22:57:03 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/02/15 09:17:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/02/15 09:16:14 | 000,294,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/29 15:34:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2002/11/28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/11/28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/11/28 14:00:00 | 000,476,804 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/11/28 14:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/11/28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/11/28 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/11/28 14:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006290_.tmp.dll
[2002/11/28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/11/28 14:00:00 | 000,090,726 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/11/28 14:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/11/28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/11/28 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/11/28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/11/28 14:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006258_.tmp.dll
[2002/11/28 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/11/28 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/11/28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/07/17 15:51:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\pccuo.dll
[2000/07/17 14:43:16 | 000,001,871 | ---- | C] () -- C:\WINDOWS\~~~runcd.ini

[color=#E56717]========== LOP Check ==========[/color]

[2010/10/14 16:51:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2008/12/17 20:11:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010/10/07 16:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2008/01/07 12:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MGS
[2010/10/07 16:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2010/10/16 11:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2009/05/19 10:14:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/04/12 13:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/10/07 16:10:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32}
[2011/04/12 13:48:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/10/07 14:58:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960}
[2011/03/30 08:48:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2010/09/17 18:49:25 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/10/07 16:10:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7}
[2010/09/19 16:09:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/03/22 23:52:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\BabylonToolbar
[2009/10/28 02:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\DMCache
[2011/03/30 08:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\GetRightToGo
[2009/10/14 11:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Goto.Games
[2009/09/26 00:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\ICQ
[2007/05/29 00:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\ICQ Toolbar
[2007/05/29 00:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\ICQLite
[2010/10/07 16:11:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\mquadr.at
[2010/09/20 09:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\PQube
[2010/08/16 10:19:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Pro Cycling Manager 2007
[2008/10/05 21:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Pro Cycling Manager 2008
[2008/06/19 11:05:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\temp
[2010/08/04 10:12:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Thunderbird
[2011/04/12 13:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\TuneUp Software
[2009/12/18 15:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\UB
[2011/03/30 08:48:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Uniblue
[2011/04/12 13:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\uTorrent
[2011/03/19 13:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Windows Desktop Search
[2011/03/19 13:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\Windows Search
[2011/04/12 13:53:40 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C05A8628
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8CEFE51A

< End of report >
  
Seitenanfang Seitenende
12.04.2011, 16:35
Member

Themenstarter

Beiträge: 19
#2 Ach ja ich hab spybot auch auf meinem Rechner laufen. Mit diesem und CCCleanerhab ich nun in der Zwischenzeit auch mal aufgeräumt.
Updaten kann ich jedoch immer noch nicht auch nicht beim spybot oder cccleaner.

Nebenbei: Ein weiters Grundproblem dass ich bisher nicht lösen konnte, ist dass schon viel länger windows updates auch nicht richtig funktionieren. Warum auch immer schafft es mein Pc nicht (oder ich) die neuesten service packs zu speichern und in der vorgegeben reihenfolge updates durchzuführen. Das hat bis jetzt noch keine unmittelbaren Folgen gehabt meiner Meinung nach, aber ich denke dass auch das eine gewisse Lücke im System ist.
Seitenanfang Seitenende
12.04.2011, 17:44
Moderator

Beiträge: 5694
#3 Hallo ;)

Werde mich am späteren Abend mit den weiteren Schritten wieder melden...

Arbeit vor Vergnügen ;)
Seitenanfang Seitenende
12.04.2011, 18:40
Moderator

Beiträge: 5694
#4 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O2 - BHO: (no name) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O9 - Extra Button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell - "" = AutoRun
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell - "" = AutoRun
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.hta
O33 - MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\Shell\runthat\command - "" = G:\components\shelexec.exe start.hta
O33 - MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell - "" = AutoRun
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C05A8628
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8CEFE51A
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
12.04.2011, 20:44
Member

Themenstarter

Beiträge: 19
#5 Danke für die Hilfe soweit.

Hier das Textdokument nach fixieren mit OTL:

Code

 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94EDF7B4-4272-4af3-8F8B-4E2F68E225B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704287-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704287-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704287-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704287-d7a1-11df-a296-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704288-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704288-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17704288-d7a1-11df-a296-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17704288-d7a1-11df-a296-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b59c7b0-53f7-11dd-9ec5-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4559a0b8-ba8c-11df-a24a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45aba296-6ed7-11de-a061-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45aba296-6ed7-11de-a061-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45aba296-6ed7-11de-a061-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d65558a-d219-11df-a28a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d65558a-d219-11df-a28a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d65558a-d219-11df-a28a-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d65558a-d219-11df-a28a-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c92d6a0-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c92d6a0-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c92d6a0-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c92d6a1-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c92d6a1-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c92d6a1-f541-11de-a15e-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2be-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2be-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2be-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2bf-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2bf-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2bf-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2c0-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640be2c0-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640be2c0-ef1f-11de-a159-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76611ffa-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76611ffd-4d91-11dd-9ebd-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89136-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89136-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89136-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89136-d15d-11df-a285-b6925ae90458}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89139-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89139-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a89139-d15d-11df-a285-b6925ae90458}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a89139-d15d-11df-a285-b6925ae90458}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c356c5c-d220-11df-a28d-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c356c5c-d220-11df-a28d-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c356c5c-d220-11df-a28d-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c356c5c-d220-11df-a28d-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{befafb4a-8883-11de-a0a2-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{befafb4a-8883-11de-a0a2-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{befafb4a-8883-11de-a0a2-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{befafb4a-8883-11de-a0a2-00192196e5dc}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c345eca8-d532-11df-a291-00192196e5dc}\ not found.
File G:\components\shelexec.exe start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9962610-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9962610-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9962610-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9962611-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9962611-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9962611-eff0-11de-a15a-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802e-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802e-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802e-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802e-d757-11df-a292-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802f-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802f-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b802f-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b802f-d757-11df-a292-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b8032-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b8032-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd1b8032-d757-11df-a292-00192196e5dc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd1b8032-d757-11df-a292-00192196e5dc}\ not found.
File E:\AutoRun.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C05A8628 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8CEFE51A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Klaus
->Temp folder emptied: 116563 bytes
->Temporary Internet Files folder emptied: 4769009 bytes
->Java cache emptied: 14064360 bytes
->FireFox cache emptied: 63571908 bytes
->Google Chrome cache emptied: 27029523 bytes
->Flash cache emptied: 4421 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33103 bytes

User: postgres.PAULETA-5CZYV42
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4288715 bytes
%systemroot%\System32 .tmp files removed: 59802176 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116366 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04122011_203720

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\ZLT014d4.TMP not found!

Registry entries deleted on Reboot...
Seitenanfang Seitenende
12.04.2011, 20:49
Member

Themenstarter

Beiträge: 19
#6 Tja und bei Schritt3, tritt wieder das Problem auf.

Fehler:
"Program_Error_Updating (12029, 0,WinHttpSendRequest). Kann nicht aktualisieren bzw. updaten.
Seitenanfang Seitenende
12.04.2011, 21:03
Member

Themenstarter

Beiträge: 19
#7 HI again!
Den quickscan hab ich jetzt dennoch durchgeführt und 3 Infizierte Objekte löschen lassen. Nach Neustart ist jedoch der Zustand des Problems dass Updates nicht möglich sind unverändert.

Mfg zelnot26
Seitenanfang Seitenende
12.04.2011, 21:04
Moderator

Beiträge: 5694
#8 Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
12.04.2011, 23:15
Member

Themenstarter

Beiträge: 19
#9 Hier das Log aus der Zwischenablage des ausführlichen Scans
1. Quickscan brachte keine Warnung.


Code

  GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-12 23:11:00
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 ExcelSto rev.____
Running: g4yzi4rn.exe; Driver: C:\DOKUME~1\Klaus\LOKALE~1\Temp\fwedrfow.sys


---- System - GMER 1.0.15 ----

SSDT            B0C77D6E                                                                                                              ZwCreateKey
SSDT            B0C77D64                                                                                                              ZwCreateThread
SSDT            B0C77D73                                                                                                              ZwDeleteKey
SSDT            B0C77D7D                                                                                                              ZwDeleteValueKey
SSDT            sptd.sys                                                                                                              ZwEnumerateKey [0xF7677FB2]
SSDT            sptd.sys                                                                                                              ZwEnumerateValueKey [0xF7678340]
SSDT            B0C77D82                                                                                                              ZwLoadKey
SSDT            sptd.sys                                                                                                              ZwOpenKey [0xF76720B0]
SSDT            \??\C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)                                        ZwOpenProcess [0xAD4E2700]
SSDT            B0C77D55                                                                                                              ZwOpenThread
SSDT            sptd.sys                                                                                                              ZwQueryKey [0xF7678418]
SSDT            sptd.sys                                                                                                              ZwQueryValueKey [0xF7678298]
SSDT            B0C77D8C                                                                                                              ZwReplaceKey
SSDT            B0C77D87                                                                                                              ZwRestoreKey
SSDT            B0C77D78                                                                                                              ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

?               bemyfh.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
?               C:\WINDOWS\system32\drivers\sptd.sys                                                                                  Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           USBPORT.SYS!DllUnload                                                                                                 F655762C 5 Bytes  JMP 86090770
?               System32\Drivers\ajk2v5y5.SYS                                                                                         Das System kann den angegebenen Pfad nicht finden. !
.text           C:\WINDOWS\system32\drivers\ACEDRV08.sys                                                                              section is writeable [0xAD4F5000, 0x328BA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV08.sys                                                                              entry point in ".pklstb" section [0xAD539000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV08.sys                                                                              unknown last section [0xAD555000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                section is writeable [0xAD1C6300, 0x3ACC8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                section is writeable [0xF7AB4300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[412] kernel32.dll!WriteFile                                                     7C810D97 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt]                                               [F768906C] sptd.sys
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                  [F7689018] sptd.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                     [F76AB9AE] sptd.sys
IAT             atapi.sys[ntoskrnl.exe!IoConnectInterrupt]                                                                            [F768906C] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F7672AD4] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F7672C1A] sptd.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [F7672B9C] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [F7673748] sptd.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [F767361E] sptd.sys
IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F768829A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                8635E1E8
Device          \Driver\Tcpip \Device\Ip                                                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device          \Driver\usbohci \Device\USBPDO-0                                                                                      86152790
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                             863601E8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                               863601E8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                  863601E8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                 863601E8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                      86152790
Device          \Driver\usbehci \Device\USBPDO-2                                                                                      860811E8
Device          \Driver\usbohci \Device\USBPDO-3                                                                                      86152790
Device          \Driver\Tcpip \Device\Tcp                                                                                             vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                             Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\prodrv06 \Device\ProDrv06                                                                                     E1C55A18
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                863D21E8
Device          \Driver\Cdrom \Device\CdRom0                                                                                          8619E790
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    863D11E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           863D11E8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    863D11E8
Device          \Driver\Cdrom \Device\CdRom1                                                                                          8619E790
Device          \Driver\prohlp02 \Device\ProHlp02                                                                                     E100CA78
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               856D21E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      856D21E8
Device          \Driver\PCI_NTPNP5090 \Device\0000004e                                                                                sptd.sys
Device          \Driver\Tcpip \Device\Udp                                                                                             vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device          \Driver\Tcpip \Device\RawIp                                                                                           vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device          \Driver\usbohci \Device\USBFDO-0                                                                                      86152790
Device          \Driver\usbohci \Device\USBFDO-1                                                                                      86152790
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     856C81E8
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                     vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device          \Driver\usbohci \Device\USBFDO-2                                                                                      86152790
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           856C81E8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                      860811E8
Device          \Driver\Ftdisk \Device\FtControl                                                                                      863D21E8
Device          \Driver\AFD \Device\Afd                                                                                               vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device          \Driver\SiSRaid \Device\Scsi\SiSRaid1                                                                                 8635F1E8
Device          \Driver\SiSRaid \Device\Scsi\SiSRaid1Port2Path0Target0Lun0                                                            8635F1E8
Device          \Driver\ajk2v5y5 \Device\Scsi\ajk2v5y51                                                                               861241E8
Device          \Driver\ajk2v5y5 \Device\Scsi\ajk2v5y51Port3Path0Target0Lun0                                                          861241E8
Device          \FileSystem\Cdfs \Cdfs                                                                                                8562A1E8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Programme\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x36 0x80 0x8A 0x58 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x06 0x09 0x7F 0xF8 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x06 0xC4 0x52 0x06 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xF8 0xCF 0x05 0x8D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x06 0x09 0x7F 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x06 0xC4 0x52 0x06 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xF8 0xCF 0x05 0x8D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x06 0x09 0x7F 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x06 0xC4 0x52 0x06 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x36 0x80 0x8A 0x58 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x06 0x09 0x7F 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x06 0xC4 0x52 0x06 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 52\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x36 0x80 0x8A 0x58 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x06 0x09 0x7F 0xF8 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x06 0xC4 0x52 0x06 ...
Reg             HKLM\SOFTWARE\Classes\.xaml\bootstrap@                                                                                bootstrap.xaml.1
Reg             HKLM\SOFTWARE\Classes\.xbap\bootstrap@                                                                                bootstrap.xbap.1
Reg             HKLM\SOFTWARE\Classes\.xps\bootstrap@                                                                                 bootstrap.xps.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk                                             0x2C 0x1F 0x4D 0xCF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{64055233-5715-40b0-8e1d-69c2bb7d2093}@Model                                              300
Reg             HKLM\SOFTWARE\Classes\CLSID\{64055233-5715-40b0-8e1d-69c2bb7d2093}@Therad                                             30
Reg             HKLM\SOFTWARE\Classes\CLSID\{64055233-5715-40b0-8e1d-69c2bb7d2093}@MData                                              0x2B 0x8F 0x78 0x29 ...

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
13.04.2011, 15:59
Moderator

Beiträge: 5694
#10 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

BleepingComputer
ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Seitenanfang Seitenende
13.04.2011, 17:19
Member

Themenstarter

Beiträge: 19
#11 Hi
Dass ist leider in die Hose gegangen.
Habe Combo Fix wie angewiesen auf desktop heruntergeladen und gestartet. Musste lavasoft deinstallieren, denn er fand immer wieder adlivewatch aktiviert obwohl ich alles deaktiviert habe.
Danach kam die meldung ComboFix ist abgelaufen und nur eingeschränkt nutzbar ausser ich verbinde mit internet und es wird eine wiederherstellungsdatei heruntergeladen. Dass funktionierte dann auch nicht obwohl ich im internet war. (dass ist ja das eigentliche Grundproblem dass Progamme nicht auf das netz zugreifen obwohl internetverbindung steht). Danach fuhr ich dennoch fort und beim scan nach infizierten dateien verschwand der desktop nach ein paar minuten. Ich musste den pc neustarten weil nichts mehr ging.

Weiss nicht weiter ich hoffe es nicht mehr beschädigt als vorher.

mfg
Seitenanfang Seitenende
13.04.2011, 17:26
Member

Themenstarter

Beiträge: 19
#12 hab jetzt auch keine combofix.txt Datei zum posten.

Einen erneuter Versuch hab ich noch nicht gewagt.
Seitenanfang Seitenende
13.04.2011, 19:49
Moderator

Beiträge: 5694
#13 Woher weisst Du das nichts mehr ging? Combofix kann lange scannen.
Seitenanfang Seitenende
13.04.2011, 20:03
Member

Themenstarter

Beiträge: 19
#14 Weil mein desktop "verschwand" (war nicht der bildschirmschoner) kein programm mehr sichtbar war und ich keine aktion (z.B. Taskmanager aktivieren) mehr ausführen konnte.

Ich habe noch einige minuten abgewartet aber es rührte sich nichts mehr und deßhalb habe ich den pc resetet.

erbitte weitere instruktionen
Seitenanfang Seitenende
13.04.2011, 22:11
Moderator

Beiträge: 5694
#15 Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: