SpyHunter & LiveSecurityPlatinum

Geplagte74 · 20.07.2012, 19:59

Hallo Zusammen,
habe mir heute ebenfalls, wie mehrfach hier beschrieben, SpyHunter runtergeladen in dem Glauben eine andere Gefahr zu bannen

Um dann erst im nachhinein mich ein wenig mehr mit dem Thema zu beschäftigen.

Ich konnte SpyHunter allerdings nicht deinstallieren. So habe ich den Rechner im abgesicherten Modus gestartet, Malware und otl runtergeladen und die Berichte erstellt - werde diese dann auch hier reinstellen.

Meine Frage, wie schlimm stehts um meinen PC und wie werde ich diesen Mist wieder los. Danke jedem im Voraus.
Ach ja hier im Forum auf der Hauptseite stand, ich solle vor der Threaderöffnung nichts löschen. Würde die Trojaner allerdings ungerne auf dem Rechner lassen, darf ich sie nun löschen?

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.20.07

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19272
****me**** :: ****me****-PC [Administrator]

20.07.2012 20:32:05
mbam-log-2012-07-20 (20-51-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 196369
Laufzeit: 5 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Dehoaqovs (Spyware.Zbot.Gen) -> Daten: C:\Users\****me****\AppData\Roaming\Garoy\axvof.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\****me****\AppData\Local\{ebf717de-7e59-256a-a206-78c900f814d0}\n. -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdVantage (Adware.Vomba) -> Daten: C:\Users\****me****\AppData\Roaming\advantage\AdVantage.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8D580596-C50F-2F71-79BC-73CA422A8682} (Trojan.ZbotR.Gen) -> Daten: C:\Users\****me****\AppData\Roaming\Kauvgae\ohfoaz.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Users\****me****\AppData\Roaming\Garoy\axvof.exe (Spyware.Zbot.Gen) -> Keine Aktion durchgeführt.
C:\ProgramData\036DFF85007961DF1C24B73F2F3B6FDA\036DFF85007961DF1C24B73F2F3B6FDA.exe (Trojan.LameShield) -> Keine Aktion durchgeführt.
C:\Users\****me****\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\Users\****me****\AppData\Local\Temp\~!#2FC4.tmp (Spyware.Zbot.Gen) -> Keine Aktion durchgeführt.
C:\Users\****me****\AppData\Local\Temp\~!#E135.tmp (Trojan.LameShield) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\n (Trojan.Dropper.PE4) -> Keine Aktion durchgeführt.
C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\****me****\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Keine Aktion durchgeführt.
C:\Users\****me****\AppData\Roaming\Kauvgae\ohfoaz.exe (Trojan.ZbotR.Gen) -> Keine Aktion durchgeführt.

(Ende)OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.07.2012 20:08:25 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****my*****\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 73,62% Memory free
6,13 Gb Paging File | 5,55 Gb Available in Paging File | 90,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 141,01 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
 
Computer Name: *****my*****-PC | User Name: *****my***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\*****my*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Programme\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Programme\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (ASLDRService) -- C:\Programme\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (ADSMService) -- C:\Programme\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SRTSPX) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found
DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS File not found
DRV - (ipswuio) -- System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ASUSProcObsrv) -- D:\I386\AsProcOb.sys File not found
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic)
DRV - (ghaio) -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Programme\ATKGFNEX\ASMMAP.sys ()
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.02010003&st=12
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{06153290-6F89-4462-B198-FE5368E5BE04}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_de
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2528046
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2528046
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.02010003&st=12&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****my*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\*****my*****\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 17:40:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 01:09:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 17:40:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.22 01:09:32 | 000,000,000 | ---D | M]
 
[2009.10.19 19:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****my*****\AppData\Roaming\mozilla\Extensions
[2012.07.16 14:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****my*****\AppData\Roaming\mozilla\Firefox\Profiles\lh7ngboo.default\extensions
[2012.07.16 14:44:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****my*****\AppData\Roaming\mozilla\Firefox\Profiles\lh7ngboo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\*****my*****\AppData\Roaming\Mozilla\Firefox\Profiles\lh7ngboo.default\searchplugins\conduit.xml
[2012.04.15 22:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.16 11:21:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.18 17:40:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.23 19:56:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.06.18 17:39:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 17:39:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.18 17:39:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.05.27 07:57:06 | 000,000,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ICQSearchober26187638.gif
[2011.09.30 00:10:32 | 000,000,173 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ICQSearchober26187638.src
[2012.06.18 17:39:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 17:39:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 17:39:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 14:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober121631421.gif
[2010.01.10 23:37:04 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober121631421.src
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Programme\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HControlUser] C:\Programme\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [{8D580596-C50F-2F71-79BC-73CA422A8682}] C:\Users\*****my*****\AppData\Roaming\Kauvgae\ohfoaz.exe ()
O4 - HKCU..\Run: [AdVantage] C:\Users\*****my*****\AppData\Roaming\advantage\AdVantage.exe File not found
O4 - HKCU..\Run: [Dehoaqovs] C:\Users\*****my*****\AppData\Roaming\Garoy\axvof.exe ()
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MediaGet2] C:\Users\*****my*****\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk = C:\Users\*****my*****\AppData\Roaming\Microsoft\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
O4 - Startup: C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\*****my*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****my*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E8BC7AF-38BA-480A-A5A4-3B73299C2CEC}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6D6D3A-15AD-416A-B85F-72B33F2B97FE}: DhcpNameServer = 10.206.246.101
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7eec2cfc-a22d-11de-b378-00261818b85b}\Shell - "" = AutoRun
O33 - MountPoints2\{7eec2cfc-a22d-11de-b378-00261818b85b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c3e03cce-9a60-11de-8cd5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c3e03cce-9a60-11de-8cd5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{cd9beb5e-047d-11e1-8359-00261818b85b}\Shell - "" = AutoRun
O33 - MountPoints2\{cd9beb5e-047d-11e1-8359-00261818b85b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.20 19:58:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\*****my*****\Desktop\OTL.exe
[2012.07.20 18:41:13 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012.07.20 18:41:06 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.07.20 18:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.07.20 18:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.07.20 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Wiukog
[2012.07.20 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Weyq
[2012.07.20 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Garoy
[2012.07.20 18:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF85007961DF1C24B73F2F3B6FDA
[2012.07.20 18:20:58 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Kauvgae
[2012.07.20 18:20:58 | 000,000,000 | ---D | C] -- C:\Users\*****my*****\AppData\Roaming\Ipih
[2012.07.16 14:44:03 | 000,405,144 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.07.16 14:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.07.16 10:35:20 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.14 13:39:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****my*****\AppData\Local\*.tmp files -> C:\Users\*****my*****\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 19:58:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\*****my*****\Desktop\OTL.exe
[2012.07.20 19:58:44 | 000,001,356 | ---- | M] () -- C:\Users\*****my*****\AppData\Local\d3d9caps.dat
[2012.07.20 19:56:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 19:44:20 | 000,002,545 | ---- | M] () -- C:\Users\*****my*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2012.07.20 19:44:05 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.07.20 19:44:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.20 19:43:36 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-*****my*****-Startup.job
[2012.07.20 19:41:54 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 19:41:54 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 19:24:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.20 19:21:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.20 18:41:13 | 000,002,077 | ---- | M] () -- C:\Users\*****my*****\Desktop\SpyHunter.lnk
[2012.07.20 18:23:41 | 000,001,972 | ---- | M] () -- C:\Users\*****my*****\Desktop\Live Security Platinum.lnk
[2012.07.20 16:00:01 | 000,247,073 | ---- | M] () -- C:\Users\*****my*****\Desktop\Backwerk.pdf
[2012.07.16 16:15:31 | 000,001,191 | ---- | M] () -- C:\Users\*****my*****\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.16 14:44:08 | 000,001,095 | ---- | M] () -- C:\Users\*****my*****\Desktop\Free YouTube Download.lnk
[2012.07.16 11:19:06 | 000,372,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.14 14:22:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.14 14:22:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 17:13:40 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\*****my*****\AppData\Local\*.tmp files -> C:\Users\*****my*****\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.20 19:52:55 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\U\80000000.@
[2012.07.20 19:52:48 | 000,019,456 | ---- | C] () -- C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\U\800000cb.@
[2012.07.20 18:41:13 | 000,002,077 | ---- | C] () -- C:\Users\*****my*****\Desktop\SpyHunter.lnk
[2012.07.20 18:23:41 | 000,001,972 | ---- | C] () -- C:\Users\*****my*****\Desktop\Live Security Platinum.lnk
[2012.07.20 18:22:19 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\U\00000001.@
[2012.07.20 16:00:01 | 000,247,073 | ---- | C] () -- C:\Users\*****my*****\Desktop\Backwerk.pdf
[2012.07.16 16:15:31 | 000,001,191 | ---- | C] () -- C:\Users\*****my*****\Desktop\Free YouTube to MP3 Converter.lnk
[2012.07.16 14:44:08 | 000,001,095 | ---- | C] () -- C:\Users\*****my*****\Desktop\Free YouTube Download.lnk
[2012.02.22 01:09:31 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.02.22 01:09:31 | 000,002,323 | ---- | C] () -- C:\Windows\unins000.dat
[2012.01.11 21:22:49 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ebf717de-7e59-256a-a206-78c900f814d0}\@
[2012.01.11 21:22:49 | 000,002,048 | -HS- | C] () -- C:\Users\*****my*****\AppData\Local\{ebf717de-7e59-256a-a206-78c900f814d0}\@
[2011.05.27 13:07:24 | 000,090,030 | ---- | C] () -- C:\Users\*****my*****\sgd-anmeldeformular_2363171.pdf
[2011.04.28 22:49:23 | 000,000,000 | ---- | C] () -- C:\Users\*****my*****\AppData\Local\{9F2E8C12-9320-4644-945C-5DB7DC28E27F}
[2011.01.13 20:44:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.16 10:03:39 | 000,000,081 | ---- | C] () -- C:\Users\*****my*****\CTX.DAT
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.06.29 18:33:58 | 000,030,607 | ---- | C] () -- C:\Users\*****my*****\DRP37647773.pdf
[2010.06.23 14:27:28 | 000,868,911 | ---- | C] () -- C:\Users\*****my*****\08_Personalpolitik.pdf
[2009.12.02 11:26:04 | 000,061,065 | ---- | C] () -- C:\Users\*****my*****\postident.pdf
[2009.11.30 17:28:37 | 000,282,086 | ---- | C] () -- C:\Users\*****my*****\Lebenslauf.pdf
[2009.09.05 18:07:11 | 000,009,728 | ---- | C] () -- C:\Users\*****my*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.05 17:25:51 | 000,000,552 | ---- | C] () -- C:\Users\*****my*****\AppData\Local\d3d8caps.dat
[2009.09.05 17:20:06 | 000,001,356 | ---- | C] () -- C:\Users\*****my*****\AppData\Local\d3d9caps.dat
[2008.12.23 13:36:14 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2010.12.13 00:02:01 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Arkadium
[2012.04.18 21:48:34 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Awem
[2012.04.19 01:07:41 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Az-Art
[2012.02.05 16:25:55 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Big Finish
[2012.04.19 00:02:52 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Boomzap
[2010.04.11 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Downloaded Installations
[2012.01.09 00:13:28 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Dropbox
[2012.07.16 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\DVDVideoSoft
[2012.07.16 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.27 09:06:51 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\EPSON
[2010.04.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Foxit
[2012.07.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Garoy
[2011.05.03 11:13:11 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\GetRightToGo
[2011.06.01 11:46:29 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\go
[2010.11.11 12:56:41 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\ICAClient
[2012.07.20 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Ipih
[2012.07.20 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Kauvgae
[2010.01.11 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Nitro PDF
[2012.04.10 11:49:40 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\SoftGrid Client
[2011.07.12 13:25:04 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\TP
[2012.04.11 14:36:09 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Unity
[2009.10.12 23:16:29 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\uTorrent
[2012.04.19 01:24:37 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Vogat Interactive
[2012.07.20 18:23:56 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Weyq
[2009.12.30 09:57:44 | 000,000,000 | RHSD | M] -- C:\Users\*****my*****\AppData\Roaming\WindowsUpdate
[2012.07.20 18:22:37 | 000,000,000 | ---D | M] -- C:\Users\*****my*****\AppData\Roaming\Wiukog
[2012.07.18 19:18:54 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.20 19:43:36 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-*****my*****-Startup.job
[2010.12.17 04:23:28 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B1FDE750-B34C-4518-A2AB-F7C5A6FC815C}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:8AED9359
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:391535F9
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:884C7316
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:268BA8AB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:587F3582
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FB4262DE
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3DB6F365

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.07.2012 20:08:25 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\*****my*****\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 73,62% Memory free
6,13 Gb Paging File | 5,55 Gb Available in Paging File | 90,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 141,01 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
 
Computer Name: *****my*****-PC | User Name: *****my***** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{4DFA6DA8-75D8-4F2B-A1A0-A5E7A3B779C8}" = ASUS Virtual Camera
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{567C654B-7FE9-4970-8323-56E8191D1941}" = ASUS FancyStart
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{66153065-CD04-4AC4-90A4-1F1120137C07}" = A-Plan 2010
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC1F6DA0-21D2-425A-B1B6-5B164A598450}" = SpyHunter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x86 7.0.5.1 WHQL
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProjectPlanner" = ProjectPlanner 3.5.4
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
"Game Organizer" = EasyBits GO
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 17.11.2009 15:56:05 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.11.2009 15:56:06 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.11.2009 15:56:06 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.11.2009 15:56:06 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 17.11.2009 15:56:06 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 11.12.2009 19:31:15 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 24.12.2009 19:16:55 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 24.12.2009 19:32:23 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 24.12.2009 19:33:31 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 08.01.2010 01:56:33 | Computer Name = *****my*****-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 20.07.2012 12:22:20 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung InstallFlashPlayer.exe, Version 11.0.1.152, 
Zeitstempel 0x4e7d1453, fehlerhaftes Modul InstallFlashPlayer.exe, Version 11.0.1.152,
 Zeitstempel 0x4e7d1453, Ausnahmecode 0xc0000005, Fehleroffset 0x000071c2,  Prozess-ID
 0x6b4, Anwendungsstartzeit 01cd6693d0d9d1b0.
 
Error - 20.07.2012 12:23:14 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AvastSvc.exe, Version 6.0.1289.0, Zeitstempel
 0x4e6684a2, fehlerhaftes Modul aswScan.dll, Version 7.0.1441.0, Zeitstempel 0x4fd2240b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00007a93,  Prozess-ID 0x710, Anwendungsstartzeit
 01cd664d3761b5cb.
 
Error - 20.07.2012 12:25:42 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 036DFF85007961DF1C24B73F2F3B6FDA.exe, Version
 0.0.0.0, Zeitstempel 0x4fff7bd7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541,
 Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00041a80,  Prozess-ID
 0xb34, Anwendungsstartzeit 01cd66944d96cd70.
 
Error - 20.07.2012 12:26:16 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 036DFF85007961DF1C24B73F2F3B6FDA.exe, Version
 0.0.0.0, Zeitstempel 0x4fff7bd7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541,
 Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00041a80,  Prozess-ID
 0x1684, Anwendungsstartzeit 01cd669461779bd0.
 
Error - 20.07.2012 12:44:31 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 036DFF85007961DF1C24B73F2F3B6FDA.exe, Version
 0.0.0.0, Zeitstempel 0x4fff7bd7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541,
 Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00041a80,  Prozess-ID
 0x7d8, Anwendungsstartzeit 01cd6696ec6c3370.
 
Error - 20.07.2012 13:24:09 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AvastSvc.exe, Version 6.0.1289.0, Zeitstempel
 0x4e6684a2, fehlerhaftes Modul aswScan.dll, Version 7.0.1441.0, Zeitstempel 0x4fd2240b,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00007a93,  Prozess-ID 0xf58, Anwendungsstartzeit
 01cd669409a85c50.
 
Error - 20.07.2012 13:26:52 | Computer Name = *****my*****-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19272 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1334  Anfangszeit: 01cd669c88697b70  Zeitpunkt
 der Beendigung: 31
 
Error - 20.07.2012 13:43:55 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung CVHSVC.EXE, Version 14.0.6114.5003, Zeitstempel
 0x4f045ee4, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000374, Fehleroffset 0x000b06b7,  Prozess-ID 0xd2c, Anwendungsstartzeit
 01cd669f28c418ae.
 
Error - 20.07.2012 13:44:21 | Computer Name = *****my*****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 036DFF85007961DF1C24B73F2F3B6FDA.exe, Version
 0.0.0.0, Zeitstempel 0x4fff7bd7, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541,
 Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00041a80,  Prozess-ID
 0x1038, Anwendungsstartzeit 01cd669f4b2405ee.
 
Error - 20.07.2012 13:56:50 | Computer Name = *****my*****-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 20.07.2012 13:56:09 | Computer Name = *****my*****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.07.2012 um 19:54:39 unerwartet heruntergefahren.
 
Error - 20.07.2012 13:56:34 | Computer Name = *****my*****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 20.07.2012 13:56:42 | Computer Name = *****my*****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 13:56:50 | Computer Name = *****my*****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 13:56:53 | Computer Name = *****my*****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 13:56:57 | Computer Name = *****my*****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 13:56:58 | Computer Name = *****my*****-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 20.07.2012 13:57:29 | Computer Name = *****my*****-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.07.2012 13:57:29 | Computer Name = *****my*****-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 20.07.2012 13:57:29 | Computer Name = *****my*****-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

cosinus · 23.07.2012, 11:08

Einfach mal richtig lesen!!

Zitat:

=> 1. Starte einen vollständigen Scan mit Anleitung: Malwarebytes Anti-Malware - Funde bitte in Quarantäne und nichts löschen.

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

SpyHunter & LiveSecurityPlatinum

Plagegeister aller Art und deren Bekämpfung: SpyHunter & LiveSecurityPlatinum

SpyHunter & LiveSecurityPlatinum

SpyHunter & LiveSecurityPlatinum

Ähnliche Themen: SpyHunter & LiveSecurityPlatinum