spyware hunter eingefangen

spyrogira · 19.06.2010, 10:14

Hab mir irgendwo den spywarehunter eingefangen
Habe den CCleaner und anschliessend Malwarebytes antimalware laufen lassen
es geht immer wieder ein fenster vom spywarehunter auf
Jetzt hab ich noch hijack this und poste hier meine logfile.
Hoffe ich habe alles bisher richtig gemacht

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:47, on 19.06.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10461 bytes

--- --- ---

was soll ich nun machen?
Danke schonmal

Larusso · 19.06.2010, 12:15

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

spyrogira · 20.06.2010, 10:38

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2010 11:30:44 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\+++++\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 237,96 Gb Free Space | 83,46% Space Free | Partition Type: NTFS
Drive D: | 12,77 Gb Total Space | 2,03 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
Drive E: | 421,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: +++++-PC
Current User Name:++++++
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\+++++\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\+++++\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\ENG64.SYS (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSviA64.sys (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.04.27 21:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.03.12 15:56:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.04 21:49:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.04 21:49:17 | 000,000,000 | ---D | M]
 
[2010.03.11 12:07:26 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\mozilla\Extensions
[2010.03.11 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\mozilla\Firefox\Profiles\fswhctmt.default\extensions
[2010.03.11 12:06:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 09:21:18 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 13:45:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2001.02.27 20:09:05 | 000,000,193 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b4f7fd5e-2ceb-11df-8e20-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4f7fd5e-2ceb-11df-8e20-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2001.02.28 23:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b4f7fd5e-2ceb-11df-8e20-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- [2001.02.28 23:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{b4f7fd5e-2ceb-11df-8e20-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- [2001.02.28 23:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.19 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.06.19 09:39:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.19 09:36:40 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2010.06.14 01:16:40 | 000,000,000 | ---D | C] -- C:\Users\+++o\AppData\Local\Microsoft Games
[2010.06.13 23:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010.06.13 23:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrainGame
[2010.06.10 08:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.06.10 08:12:33 | 000,000,000 | ---D | C] -- C:\Users\Bandalo\AppData\Roaming\Malwarebytes
[2010.06.10 08:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.09 13:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010.06.09 13:43:52 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.06.09 06:54:27 | 000,000,000 | ---D | C] -- C:\Users\+++++\AppData\Roaming\BA59DEB5C758BC903775FFB294B1E41F
[2010.06.08 21:00:19 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.06.08 21:00:18 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.06.08 21:00:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.06.08 21:00:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.06.08 21:00:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.06.08 20:59:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010.06.08 20:49:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.08 20:49:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.03 15:57:21 | 000,000,000 | ---D | C] -- C:\Users++++\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.20 11:31:13 | 001,835,008 | -HS- | M] () -- C:\Users\+++++\NTUSER.DAT
[2010.06.20 11:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.20 11:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.20 10:48:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.20 10:48:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.20 10:47:32 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 21:42:12 | 010,807,114 | -H-- | M] () -- C:\Users+++++\AppData\Local\IconCache.db
[2010.06.19 10:56:35 | 000,002,097 | ---- | M] () -- C:\Users\++++\Desktop\HijackThis.lnk
[2010.06.19 10:13:47 | 000,085,016 | ---- | M] () -- C:\Users++++\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 10:09:01 | 000,000,182 | ---- | M] () -- C:\Users\++++\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:38 | 000,006,898 | ---- | M] () -- C:\Users\++++\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:56 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010.06.19 09:37:37 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.12 23:02:38 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.10 09:56:33 | 000,000,178 | ---- | M] () -- C:\Users\++++\Documents\cc_20100610_095628.reg
[2010.06.10 09:56:07 | 000,004,192 | ---- | M] () -- C:\Users\++++\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:37 | 000,129,212 | ---- | M] () -- C:\Users\++++\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | M] () -- C:\Users\Bandalo\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.06.03 15:58:56 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.19 10:56:35 | 000,002,097 | ---- | C] () -- C:\Users\++++\Desktop\HijackThis.lnk
[2010.06.19 10:08:58 | 000,000,182 | ---- | C] () -- C:\Users\++++\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:35 | 000,006,898 | ---- | C] () -- C:\Users\+++++\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:36 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.10 09:56:31 | 000,000,178 | ---- | C] () -- C:\Users\++++\Documents\cc_20100610_095628.reg
[2010.06.10 09:55:56 | 000,004,192 | ---- | C] () -- C:\Users\++++\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:24 | 000,129,212 | ---- | C] () -- C:\Users\++++\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | C] () -- C:\Users\+++++\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.06.03 15:59:12 | 000,002,344 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.03 15:58:56 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.06.03 15:57:29 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.03 15:57:28 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 09:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTICDMK32.dll
[2009.11.05 02:24:57 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009.11.05 02:24:57 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.04.11 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\Alawar Entertainment
[2010.03.24 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\Aveyond 3
[2010.06.13 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\BA59DEB5C758BC903775FFB294B1E41F
[2010.03.29 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\BlamGames
[2010.05.01 18:29:03 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\HdO Adventure
[2010.04.14 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\Ludia
[2010.03.14 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\+++\AppData\Roaming\md studio
[2010.03.18 22:09:48 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\Merscom
[2010.03.11 12:12:00 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\newfolder3
[2010.03.19 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\OtherSide Realm of Eons
[2010.03.21 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\PlayFirst
[2010.04.21 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\Quirky Games
[2010.04.03 18:05:25 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\Settlement. Colossus
[2010.04.13 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\ShinyTales
[2010.03.25 20:05:34 | 000,000,000 | ---D | M] -- C:\Users\+++++\AppData\Roaming\Silverback Productions
[2010.03.12 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\WildTangent
[2010.06.13 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\++++\AppData\Roaming\_MDLogs
[2010.05.12 14:11:59 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.06.09 13:45:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010.06.20 10:47:32 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010.06.20 10:47:36 | 4260,286,464 | -HS- | M] () -- C:\pagefile.sys
[2010.06.13 23:17:43 | 000,000,446 | ---- | M] () -- C:\rkill.log
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D507B5A8
< End of report >

--- --- ---

das hier war alles was aufging nach dem scan. Hab ich was falsch gemacht?

Larusso · 20.06.2010, 14:00

Ne ist schon Okay.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 2

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von SASW
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

spyrogira · 20.06.2010, 15:19

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4217

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.06.2010 15:16:49
mbam-log-2010-06-20 (15-16-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 125046
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/20/2010 at 04:07 PM

Application Version : 4.39.1002

Core Rules Database Version : 5093
Trace Rules Database Version: 2905

Scan type : Complete Scan
Total Scan Time : 00:38:14

Memory items scanned : 607
Memory threats detected : 0
Registry items scanned : 15138
Registry threats detected : 0
File items scanned : 32628
File threats detected : 77

Adware.Tracking Cookie
cdn5.specificclick.net [ C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5LRYBSZG ]
.adfarm1.adition.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.zanox.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
www.active-tracking.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.www.active-tracking.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.xiti.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.atdmt.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.atdmt.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.traffictrack.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.adtech.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.apmebf.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
tracking.mlsat02.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.zanox-affiliate.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.im.banner.t-online.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
rotator.adjuggler.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
ad.zanox.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.apmebf.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
go.dynamic-tracking.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tracking.quisma.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.ad.adnet.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.webmasterplan.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.tracking.mindshare.de [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.adviva.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.specificclick.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.revsci.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.revsci.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.revsci.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.revsci.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]
.revsci.net [ C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\fswhctmt.default\cookies.sqlite ]

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2010 16:11:57 - Run 5
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\******\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 237,59 Gb Free Space | 83,33% Space Free | Partition Type: NTFS
Drive D: | 12,77 Gb Total Space | 2,03 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ******-PC
Current User Name: ******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys (Symantec Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\ENG64.SYS (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSviA64.sys (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.04.27 21:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.03.12 15:56:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.04 21:49:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.04 21:49:17 | 000,000,000 | ---D | M]
 
[2010.03.11 12:07:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2010.03.11 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\fswhctmt.default\extensions
[2010.03.11 12:06:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 09:21:18 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 13:45:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.20 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.20 15:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.20 15:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.06.20 15:23:48 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.19 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.06.19 09:39:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.19 09:36:40 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2010.06.14 01:16:40 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Microsoft Games
[2010.06.13 23:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010.06.13 23:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrainGame
[2010.06.10 08:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.06.10 08:12:33 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\Malwarebytes
[2010.06.10 08:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.10 08:12:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.09 13:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010.06.09 13:43:52 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.06.09 06:54:27 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Roaming\BA59DEB5C758BC903775FFB294B1E41F
[2010.06.08 21:00:19 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.06.08 21:00:19 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.06.08 21:00:19 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.06.08 21:00:18 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.06.08 21:00:18 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.06.08 21:00:18 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.06.08 21:00:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.06.08 21:00:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.06.08 21:00:18 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.06.08 21:00:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.06.08 20:59:06 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\asycfilt.dll
[2010.06.08 20:59:06 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\asycfilt.dll
[2010.06.08 20:49:54 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.08 20:49:54 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.08 20:49:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.08 20:49:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.03 15:57:21 | 000,000,000 | ---D | C] -- C:\Users\******\AppData\Local\Google
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.20 16:13:40 | 001,835,008 | -HS- | M] () -- C:\Users\******\NTUSER.DAT
[2010.06.20 16:10:33 | 000,035,328 | ---- | M] () -- C:\Users\******\Documents\Malwarebytes.doc
[2010.06.20 15:28:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.20 15:23:51 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.20 14:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.20 10:55:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 10:55:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 10:48:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.20 10:48:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.20 10:47:49 | 000,354,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.20 10:47:32 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 21:42:12 | 010,807,114 | -H-- | M] () -- C:\Users\******\AppData\Local\IconCache.db
[2010.06.19 10:56:35 | 000,002,097 | ---- | M] () -- C:\Users\******\Desktop\HijackThis.lnk
[2010.06.19 10:13:47 | 000,085,016 | ---- | M] () -- C:\Users\******\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 10:09:01 | 000,000,182 | ---- | M] () -- C:\Users\******\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:38 | 000,006,898 | ---- | M] () -- C:\Users\******\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:56 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010.06.19 09:37:37 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.15 13:28:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.15 13:28:48 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.15 13:28:48 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.15 13:28:48 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.15 13:28:48 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.12 23:02:38 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.10 09:56:33 | 000,000,178 | ---- | M] () -- C:\Users\******\Documents\cc_20100610_095628.reg
[2010.06.10 09:56:07 | 000,004,192 | ---- | M] () -- C:\Users\******\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:37 | 000,129,212 | ---- | M] () -- C:\Users\******\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | M] () -- C:\Users\******\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.06.03 15:58:56 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.20 15:23:51 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.20 15:18:34 | 000,035,328 | ---- | C] () -- C:\Users\******\Documents\Malwarebytes.doc
[2010.06.19 10:56:35 | 000,002,097 | ---- | C] () -- C:\Users\******\Desktop\HijackThis.lnk
[2010.06.19 10:08:58 | 000,000,182 | ---- | C] () -- C:\Users\******\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:35 | 000,006,898 | ---- | C] () -- C:\Users\******\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:36 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.10 09:56:31 | 000,000,178 | ---- | C] () -- C:\Users\******\Documents\cc_20100610_095628.reg
[2010.06.10 09:55:56 | 000,004,192 | ---- | C] () -- C:\Users\******\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:24 | 000,129,212 | ---- | C] () -- C:\Users\******\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | C] () -- C:\Users\******\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.06.03 15:59:12 | 000,002,344 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.03 15:58:56 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.06.03 15:57:29 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.03 15:57:28 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 09:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTICDMK32.dll
[2009.11.05 02:24:57 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009.11.05 02:24:57 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D507B5A8
< End of report >

--- --- ---

und einstweilen schonmal vielen vielen Dank!!!!!!!!
Gruß Claudia

Larusso · 20.06.2010, 15:28

Zitat:

Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von SASW
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

spyrogira · 20.06.2010, 15:52

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.06.2010 16:11:57 - Run 5
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*******\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 237,59 Gb Free Space | 83,33% Space Free | Partition Type: NTFS
Drive D: | 12,77 Gb Total Space | 2,03 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *******-PC
Current User Name: *******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{A2147CC9-5DCE-49EC-9550-BB0B94278958}" = Biolab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD &  DVD-Maker
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles - The Chosen Child" = Dream Chronicles: The Chosen Child
"CCleaner" = CCleaner
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold 
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NIS" = Norton Internet Security
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT085917" = Simplz Zoo
"WT085988" = Jewel Charm
"WT087085" = Potion Bar
"WT087118" = Press Your Luck 2010 Edition
"WT087160" = Eden's Quest - The Hunt for Akua
"WT087169" = Escape from Lost Island
"WT087177" = Gear Grinder
"WT087185" = The Enchanted Kingdom - Elisa's Adventure
"WT087565" = Settlement - Colossus
"WT087588" = Heartwild Solitaire - Book Two
"WT087669" = Trine
"WT087701" = Mind's Eye - Secrets of the Forgotten
"WT087808" = Azkend
"WT087863" = Star Defender 3
"WT087870" = FreeCell Wonderland
"WT087974" = Public Enemies - Bonnie and Clyde
"WT088047" = Sparkle
"WT088092" = Cradle Of Persia
"WT088736" = Beat Hazard
"WT089162" = Bubble Snooker
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.05.2010 12:19:35 | Computer Name = *******-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.05.2010 08:13:55 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.05.2010 08:15:28 | Computer Name = *******-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.05.2010 08:15:58 | Computer Name = *******-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 29.05.2010 07:54:26 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 29.05.2010 07:56:02 | Computer Name = *******-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.05.2010 07:56:31 | Computer Name = *******-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 03.06.2010 03:21:18 | Computer Name = *******-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.06.2010 03:22:46 | Computer Name = *******-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.06.2010 03:23:16 | Computer Name = *******-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
[ Hewlett-Packard Events ]
Error - 23.04.2010 15:37:20 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:20 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:35 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:35 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:35 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:35 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings()

   bei System.Windows.Interop.HwndTarget.OnResize()     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32
 msg, IntPtr wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:35 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ausnahme von HRESULT: 0x88980406 PresentationCore    bei System.Windows.Media.Composition.DUCE.Channel.SyncFlush()

   bei System.Windows.Media.Composition.DUCE.CompositionTarget.UpdateWindowSettings(ResourceHandle
 hCompositionTarget, RECT windowRect, Color colorKey, Single constantAlpha, MILWindowLayerType
 windowLayerType, MILTransparencyFlags transparencyMode, Boolean isChild, Boolean
 isRTL, Boolean renderingEnabled, Int32 disableCookie, Channel channel)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget, Nullable`1 channelSet)     bei System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean
 enableRenderTarget)     bei System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr
 lParam)     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr
 wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:36 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein nicht angegebener Fehler ist im Renderthread aufgetreten.
PresentationCore

   bei System.Windows.Media.MediaContext.NotifyPartitionIsZombie(Int32 failureCode)

   bei System.Windows.Media.MediaContext.NotifyChannelMessage()     bei System.Windows.Media.MediaContext.CompleteRender()

   bei System.Windows.Interop.HwndTarget.OnResize()     bei System.Windows.Interop.HwndTarget.HandleMessage(Int32
 msg, IntPtr wparam, IntPtr lparam)     bei System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndWrapper.WndProc(IntPtr
 hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)     bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
 o)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 23.04.2010 15:37:36 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein nicht angegebener Fehler ist im Renderthread aufgetreten.
PresentationCore

   bei System.Windows.Media.MediaContext.NotifyPartitionIsZombie(Int32 failureCode)

   bei System.Windows.Media.MediaContext.NotifyChannelMessage()     bei System.Windows.Media.MediaContext.CompleteRender()

   bei System.Windows.Media.MediaContext.LeaveInterlockedPresentation()     bei System.Windows.Media.MediaContext.DisconnectHandler(Object
 obj)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate 
callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 04.06.2010 16:19:10 | Computer Name = *******-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
[ System Events ]
Error - 09.04.2010 14:31:53 | Computer Name = *******-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 17.04.2010 14:54:49 | Computer Name = *******-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 20.04.2010 16:35:43 | Computer Name = *******-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 25.04.2010 15:02:07 | Computer Name = *******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 16.05.2010 03:20:02 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 HP Health Check Service erreicht.
 
Error - 16.05.2010 03:20:02 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 21.05.2010 03:08:48 | Computer Name = *******-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 30.05.2010 05:18:24 | Computer Name = *******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.06.2010 17:29:11 | Computer Name = *******-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 09.06.2010 07:41:22 | Computer Name = *******-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Easybits Shared Services for Windows" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
 
< End of report >

--- --- ---

spyrogira · 20.06.2010, 21:44

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4217

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.06.2010 22:40:17
mbam-log-2010-06-20 (22-40-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 127985
Laufzeit: 4 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 06/20/2010 bei 11:26 PM

Version der Applikation : 4.39.1002

Version der Kern-Datenbank : 5093
Version der Spur-Datenbank : 2905

Scan Art : kompletter Scann
Totale Scann-Zeit : 00:40:03

Gescannte Speicherelemente : 626
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 15169
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 32729
Erfasste Datei-Elemente : 0

OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2010 23:29:41 - Run 6
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,13 Gb Total Space | 237,11 Gb Free Space | 83,16% Space Free | Partition Type: NTFS
Drive D: | 12,77 Gb Total Space | 2,03 Gb Free Space | 15,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *****-PC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symefa64.sys (Symantec Corporation)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1106000.020\symds64.sys (Symantec Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\EX64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100507.038\ENG64.SYS (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100505.001\IDSviA64.sys (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQNOT/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010.04.27 21:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010.03.12 15:56:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.04 21:49:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.20 19:24:35 | 000,000,000 | ---D | M]
 
[2010.03.11 12:07:26 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.03.11 21:28:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\fswhctmt.default\extensions
[2010.06.20 19:24:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.20 19:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.19 09:21:18 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.09 13:45:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.20 22:19:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Application Data
[2010.06.20 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.20 15:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.20 15:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.06.20 15:23:48 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.19 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.06.19 09:36:40 | 000,000,000 | ---D | C] -- C:\Windows\Msagent
[2010.06.14 01:16:40 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Microsoft Games
[2010.06.13 23:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010.06.13 23:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrainGame
[2010.06.10 08:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.06.10 08:12:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2010.06.10 08:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.10 08:12:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.10 08:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.09 13:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010.06.09 13:43:52 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.06.09 06:54:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\BA59DEB5C758BC903775FFB294B1E41F
[2010.06.03 15:57:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Google
[2010.05.13 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Google
[2010.05.13 17:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.05.13 17:37:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.05.01 18:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Awem
[2010.05.01 18:29:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\HdO Adventure
[2010.04.21 21:40:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Quirky Games
[2010.04.21 20:15:13 | 000,000,000 | R-SD | C] -- C:\Users\*****\Documents\My Stationery
[2010.04.14 19:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingdom
[2010.04.14 19:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SZ
[2010.04.14 19:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EdensQuest
[2010.04.14 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Ludia
[2010.04.14 18:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ludia
[2010.04.14 09:07:49 | 000,226,816 | ---- | C] (honest technology) -- C:\Windows\SysWow64\htvcdsvcd.ax
[2010.04.14 09:07:49 | 000,081,920 | ---- | C] (MyCompanyName) -- C:\Windows\SysWow64\ezrgb24.ax
[2010.04.14 09:07:49 | 000,000,000 | ---D | C] -- C:\Windows\Vbox
[2010.04.14 09:07:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Iosubsys
[2010.04.14 09:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewTech Infosystems
[2010.04.14 09:04:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\CyberLink
[2010.04.14 09:04:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\CyberLink
[2010.04.13 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\ShinyTales
[2010.04.12 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Targem
[2010.04.12 19:29:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Games
[2010.04.12 19:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MythPeople
[2010.04.11 20:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Nevosoft
[2010.04.11 17:52:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Alawar Entertainment
[2010.04.11 17:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Entertainment
[2010.04.09 21:34:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\CrashDumps
[2010.04.08 22:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.04.08 22:47:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.04.08 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.04.08 17:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.08 17:07:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.04.03 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Settlement. Colossus
[2010.03.31 20:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dream Chronicles - The Chosen Child
[2010.03.29 19:45:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\BlamGames
[2010.03.29 19:38:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Omnifone_Ltd
[2010.03.28 12:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010.03.26 22:40:13 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\My Games
[2010.03.25 20:05:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Silverback Productions
[2010.03.24 21:19:05 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Big Rig Europe
[2010.03.24 20:56:00 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Aveyond 3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.20 23:32:16 | 001,835,008 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT
[2010.06.20 23:28:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.20 20:28:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.20 19:23:45 | 001,129,736 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\Cat.DB
[2010.06.20 18:54:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.20 17:02:52 | 000,092,160 | ---- | M] () -- C:\Users\*****\Documents\OTL Extras logfile created o1.doc
[2010.06.20 17:02:31 | 000,190,976 | ---- | M] () -- C:\Users\*****\Documents\Malwarebytes.doc
[2010.06.20 17:02:24 | 000,097,792 | ---- | M] () -- C:\Users\*****\Documents\OTL Extras logfile created on.doc
[2010.06.20 15:23:51 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.20 10:55:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 10:55:27 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.20 10:48:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.20 10:47:49 | 000,354,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.20 10:47:32 | 3195,211,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.19 21:42:12 | 010,807,114 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.06.19 10:56:35 | 000,002,097 | ---- | M] () -- C:\Users\*****\Desktop\HijackThis.lnk
[2010.06.19 10:13:47 | 000,085,016 | ---- | M] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.19 10:09:01 | 000,000,182 | ---- | M] () -- C:\Users\*****\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:38 | 000,006,898 | ---- | M] () -- C:\Users\*****\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:56 | 000,000,499 | ---- | M] () -- C:\Windows\win.ini
[2010.06.19 09:37:37 | 000,002,003 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.15 13:28:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.15 13:28:48 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.15 13:28:48 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.15 13:28:48 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.15 13:28:48 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.12 23:02:38 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.10 09:56:33 | 000,000,178 | ---- | M] () -- C:\Users\*****\Documents\cc_20100610_095628.reg
[2010.06.10 09:56:07 | 000,004,192 | ---- | M] () -- C:\Users\*****\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:37 | 000,129,212 | ---- | M] () -- C:\Users\*****\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | M] () -- C:\Users\*****\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.06.03 15:58:56 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.17 01:06:09 | 000,009,951 | ---- | M] () -- C:\Users\*****\Documents\Word 2007-Dokument (neu).docx
[2010.05.13 17:37:52 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.14 09:38:52 | 012,480,078 | ---- | M] () -- C:\Users\*****\Documents\australia.ncd
[2010.04.14 09:17:36 | 547,326,630 | ---- | M] () -- C:\Users\*****\Documents\funhouse.ncd
[2010.04.14 09:09:38 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 09:09:38 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 09:09:38 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TM.blf
[2010.04.14 09:07:44 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 6.5 Gold.lnk
[2010.04.14 09:06:25 | 000,001,024 | RH-- | M] () -- C:\Windows\SysWow64\NTICDMK32.dll
[2010.04.08 16:59:26 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010.03.31 20:11:39 | 000,002,156 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles - The Chosen Child.lnk
[2010.03.31 20:11:39 | 000,001,300 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2010.03.27 02:57:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1106000.020\isolate.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.20 17:02:51 | 000,092,160 | ---- | C] () -- C:\Users\*****\Documents\OTL Extras logfile created o1.doc
[2010.06.20 17:02:24 | 000,097,792 | ---- | C] () -- C:\Users\*****\Documents\OTL Extras logfile created on.doc
[2010.06.20 15:23:51 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.20 15:18:34 | 000,190,976 | ---- | C] () -- C:\Users\*****\Documents\Malwarebytes.doc
[2010.06.19 10:56:35 | 000,002,097 | ---- | C] () -- C:\Users\*****\Desktop\HijackThis.lnk
[2010.06.19 10:08:58 | 000,000,182 | ---- | C] () -- C:\Users\*****\Documents\cc_20100619_100856.reg
[2010.06.19 10:08:35 | 000,006,898 | ---- | C] () -- C:\Users\*****\Documents\cc_20100619_100831.reg
[2010.06.19 09:38:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.19 09:37:36 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010.06.10 09:56:31 | 000,000,178 | ---- | C] () -- C:\Users\*****\Documents\cc_20100610_095628.reg
[2010.06.10 09:55:56 | 000,004,192 | ---- | C] () -- C:\Users\*****\Documents\cc_20100610_095554.reg
[2010.06.10 09:55:24 | 000,129,212 | ---- | C] () -- C:\Users\*****\Documents\cc_20100610_095501.reg
[2010.06.10 08:31:26 | 000,001,889 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk
[2010.06.10 08:12:27 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.09 13:45:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.06.03 15:59:12 | 000,002,344 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.06.03 15:58:56 | 000,002,288 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.06.03 15:57:29 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.03 15:57:28 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.17 01:05:31 | 000,009,951 | ---- | C] () -- C:\Users\*****\Documents\Word 2007-Dokument (neu).docx
[2010.05.13 17:37:51 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 7.lnk
[2010.04.14 09:38:43 | 012,480,078 | ---- | C] () -- C:\Users\*****\Documents\australia.ncd
[2010.04.14 09:14:09 | 547,326,630 | ---- | C] () -- C:\Users\*****\Documents\funhouse.ncd
[2010.04.14 09:07:44 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\NTI CD & DVD-Maker 6.5 Gold.lnk
[2010.04.14 09:06:25 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTICDMK32.dll
[2010.04.14 08:27:25 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 08:27:25 | 000,524,288 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 08:27:25 | 000,065,536 | -HS- | C] () -- C:\Users\*****\NTUSER.DAT{9d5f2a9c-478e-11df-beb0-00269ef32972}.TM.blf
[2010.03.31 20:11:39 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles - The Chosen Child.lnk
[2009.11.05 02:24:57 | 000,000,289 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2009.11.05 02:24:57 | 000,000,230 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.04.11 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Alawar Entertainment
[2010.03.24 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Aveyond 3
[2010.06.13 23:17:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BA59DEB5C758BC903775FFB294B1E41F
[2010.03.29 19:45:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\BlamGames
[2010.05.01 18:29:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\HdO Adventure
[2010.04.14 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ludia
[2010.03.14 19:54:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\md studio
[2010.03.18 22:09:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Merscom
[2010.03.11 12:12:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\newfolder3
[2010.03.19 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OtherSide Realm of Eons
[2010.03.21 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst
[2010.04.21 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Quirky Games
[2010.04.03 18:05:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Settlement. Colossus
[2010.04.13 21:32:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ShinyTales
[2010.03.25 20:05:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Silverback Productions
[2010.03.12 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WildTangent
[2010.06.13 23:28:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\_MDLogs
[2010.05.12 14:11:59 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D507B5A8
< End of report >

--- --- ---

--- --- ---

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, June 20, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 20, 2010 13:42:10
Records in database: 4301923
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 267752
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:01:22

File name / Threat / Threats count
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-762238e5 Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.

Sodele.. ich hoffe ich habe soweit alles richtig gemacht
Am Computer kann ich nix negatives feststellen. (soweit ich das als absoluter Laie behaupten kann)

Danke nochmal einstweilen!!!!!!!!!

Larusso · 21.06.2010, 14:50

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: []  File not found
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[emptyflash]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update XX) von Oracle. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u20-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars (Yahoo Toolbar) nicht mitinstallieren.

Berichte bitte ob alles problemlos geklappt hat

spyrogira · 21.06.2010, 20:38

hab das falsche gepostet.... folgt noch

spyrogira · 21.06.2010, 20:50

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: *****
->Temp folder emptied: 121608894 bytes
->Temporary Internet Files folder emptied: 5818901 bytes
->Java cache emptied: 29609222 bytes
->FireFox cache emptied: 65058472 bytes
->Flash cache emptied: 2725 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 820813 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530912 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 213,00 mb

[EMPTYFLASH]

User: All Users

User: *****
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06212010_214423

Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

spyrogira · 21.06.2010, 21:13

so habe java installiert. Hoffe,, dass ich alles richtig gemacht habe. Muss ich das Java nicht immer mal wieder aktualisieren? Fang ich mir dann wieder was ein? Was kann ich noch tun um das zu verhindern?

und ich kann nur nochmal tausend dank sagen!!!!! Ihr macht hier echt einen super job!!!!

Larusso · 22.06.2010, 14:34

Klar muss man das aktualisieren. Sollte aber eigentlich von selbst gemacht werden

Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

spyrogira · 22.06.2010, 20:17

war mal wieder zu schnell mit dem schreiben.....

spyrogira · 22.06.2010, 22:29

Mozilla hab ich eh schon

und alles andere hab ich gemacht. add-ons installiert und soweit ich beurteilen kann ist jetzt alles okay.

Nun will ich nochmal ganz ganz herzlichen Dank sagen!!!

und ich hoffe diese Probleme gehören nun der Vergangenheit an

Grüße von Claudia

spyware hunter eingefangen

Plagegeister aller Art und deren Bekämpfung: spyware hunter eingefangen