Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Symantec meldet geblockte von mir ausgehende Spam-Mails.

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Plagegeister aller Art und deren Bekämpfung: Symantec meldet geblockte von mir ausgehende Spam-Mails.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 11.08.2010, 19:28   #1
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Seit einigen Tagen erscheinen nach dem Start meines Laptops unzählige Meldungen des Symantec E-Mail scanners, in denen es heisst, ausgehende Mails wären aufgrund eigenartiger Inhalte geblockt. (Ich weiß natürlich nicht, ob nicht die ein oder andere Mail durchschlüpft.)
Suche via Google warf mich immer wieder zurück in dieses Forum, zu beiträgen wie http://www.trojaner-board.de/49543-h...eine-spam.html .
Da ich aber ein recht großer Idiot bin, jedenfalls was die Technologie angeht, und mir nicht sicher war ob letztendlich mein Problem das der Anderen sei (da manche Details natürlich differieren) halfen mir diese kaum Threads weiter.

Dieser (vermutliche) Trojaner auf meinem Laptop meldet sich, wie bereits erwähnt, durch pop-ups von Norton's Symantec, welcher mir berichtet dass die ausgehenden Mails geblockt wurden. Erlaube ich Symantec Maßnahmen zu ergreifen, erhalte ich nur eine Nachricht die mir sagt, woran es liegen könne, wenn Mails nicht durchgelassen wurden. Dies beendet meist die Welle von Spam-Mails, Task-Manager tut dies ebenfalls, nach einiger Zeit.

Seltsam ist nur, dass diese Spamflut scheinbar nur über T-Online-Server fließt und mein Yahoo Account in Ruhe gelassen wird. (Sehe keine Mails im Ausgang/bekam keine Hass-Mail von Freunden)

Nun, da es die Performance meines Rechners nicht spürbar beeinflusst wird, würde mich das Ganze nicht wirklich nerven.
Allerdings möchte ich nicht, dass andere aufgrund meiner Dummheit andere Leiden müssen. Die Titel der Mails sind recht eindeutig, Viagra-Spam etc.
Doch weiß ich nicht, ob Dateien auf meinem Laptop korrumpiert wurden (was ja höchstwahrscheinlich der Fall sein wird) und als freischaffender Künstler, der digitale Bilder an Kunden verschickt ist das natürlich überhaupt nicht optimal. Auftraggeber und Freunde freuen sich nur selten über so ein nerviges Virenpäckchen.

Die meisten werden mir raten meinen PC neu zu formatieren/ Windows neu zu installieren, worauf es wohl auch letztendlich hinauslaufen wird wie ich vermute, jedoch lag meinem Laptop damals keine zweite Windows-Kopie bei.

Desweiteren bin ich besorgt, dass ich meinen neu-formatierten PC durch das hochladen von Sicherheitskopien, die ich zuvor auf eine externe Festplatte zog abermals verseuchen würde.

Ich entschuldige mich erneut über meine Inkompetenz in solchen Dingen und hoffe das Forum hiermit nicht zu sehr voll zu müllen, als Host für Spam-Attacken möchte ich ungerne selbst zum Spammer werden.

EDIT:
Geholfen wäre mir mit alternativen Lösungsvorschlägen welche die Formatierung ausschliessen würde, auch wenn das mehr als unwahrscheinlich ist.
MfG
Ticklishsocks.
Geändert von Ticklishsock (11.08.2010 um 19:49 Uhr) Grund: Kernfrage war nicht offensichtlich

Alt 11.08.2010, 19:32   #2
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.




Und was willste jetzt genau von uns ?
Helfen beim formatieren oder die Malware killen ?
__________________

__________________
Alt 11.08.2010, 19:46   #3
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Hallo,
danke für die rasche Antwort.
Geholfen wäre mir mit einem Rat, ob es eine andere Möglichkeit bis auf die Formatierung gäbe, eine Lösung, Tipps Dritte zu schützen, um welchen Trojaner es sich handlen könnte, etc.

Es tut mir leid, dass sich meine Anfrage nicht wirklich aus meinem Text schließen lässt, ich werde das sofort ändern.
__________________
Alt 11.08.2010, 20:06   #4
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig und genau durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 11.08.2010, 20:22   #5
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Vielen Dank, ich werde mich morgen melden, nachdem ich diese Schritte abgearbeitet habe.

Es ist zwar noch nicht ganz "Morgen", doch da es schneller ging als erwartet, hier sind die Logs:

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 23:41:22 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Tobia\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,06 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 34,46 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive E: | 7,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WURSTTHEKE
Current User Name: Tobia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.11 21:46:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tobia\Desktop\MFTools\OTL.exe
PRC - [2010.04.28 16:18:06 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Tobia\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009.07.29 01:56:20 | 005,325,657 | ---- | M] () -- d:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2009.07.12 03:32:32 | 005,113,430 | ---- | M] () -- D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.01.19 12:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009.01.19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008.09.22 22:36:48 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.08.20 12:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.30 03:44:28 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.04.30 03:25:36 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.03.18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.02.22 19:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.23 05:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2008.01.21 04:24:17 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2008.01.21 04:23:40 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.29 23:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.05 03:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.02.02 17:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
PRC - [2007.01.04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006.11.20 16:30:54 | 000,250,368 | ---- | M] (The Privoxy team - www.privoxy.org) -- D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.11 21:46:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Tobia\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.07.20 14:25:56 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.20 18:53:07 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.01.19 12:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.03.18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.08.31 11:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 14:35:00 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007.08.22 01:21:00 | 000,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.04 23:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009.08.18 10:00:00 | 001,323,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090818.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2009.08.18 10:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090818.021\NAVENG.SYS -- (NAVENG)
DRV - [2009.06.24 01:02:48 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.06.16 12:44:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.06.16 12:44:44 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.05.19 23:27:16 | 000,272,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090811.004\IDSvix86.sys -- (IDSvix86)
DRV - [2009.03.17 12:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.02.19 13:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 13:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 13:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 13:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 13:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 13:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008.10.15 04:04:40 | 000,296,704 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008.10.15 04:00:48 | 000,484,736 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2008.10.15 04:00:48 | 000,038,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2008.10.06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008.09.24 06:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.20 12:02:10 | 002,160,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.08.18 15:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.07.20 11:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.06.30 13:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.09 10:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.06 04:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.06.02 20:50:44 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.05.19 07:45:24 | 000,380,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.28 19:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.28 17:09:46 | 000,995,328 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PKWCap.sys -- (PKWCap)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.21 06:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 00:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.02.01 00:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 23:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 20:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.08.08 17:39:00 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007.03.19 16:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2007.02.16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007.02.15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.11 04:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.08.28 23:54:56 | 000,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2001.04.09 22:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\PenClass.sys -- (PenClass)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.29 15:43:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.29 15:43:40 | 000,000,000 | ---D | M]
 
[2009.06.20 18:43:33 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\mozilla\Extensions
[2010.08.11 15:43:01 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\mozilla\Firefox\Profiles\sw725uwf.default\extensions
[2010.07.30 20:29:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobia\AppData\Roaming\mozilla\Firefox\Profiles\sw725uwf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.20 20:26:25 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Tobia\AppData\Roaming\mozilla\Firefox\Profiles\sw725uwf.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.04.21 12:07:06 | 000,000,957 | ---- | M] () -- C:\Users\Tobia\AppData\Roaming\Mozilla\FireFox\Profiles\sw725uwf.default\searchplugins\conduit.xml
[2010.08.09 15:29:37 | 000,000,961 | ---- | M] () -- C:\Users\Tobia\AppData\Roaming\Mozilla\FireFox\Profiles\sw725uwf.default\searchplugins\icqplugin-1.xml
[2010.05.18 21:41:18 | 000,000,958 | ---- | M] () -- C:\Users\Tobia\AppData\Roaming\Mozilla\FireFox\Profiles\sw725uwf.default\searchplugins\icqplugin.xml
[2010.05.11 21:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.25 16:23:25 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007.04.16 19:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010.04.01 16:51:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 16:51:20 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 16:51:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 16:51:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 16:51:20 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [jckcomkaØ] C:\Users\Tobia\jckcomkaØ.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Tobia\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [Steam] d:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] d:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4l2gbqq.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa0vq0k0fa.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf9a0vqq.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gglgwg1wwb.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i98xxsi6ccx.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jzeze76u.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccw40wcmww.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe) - C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\msgvn.exe) - C:\Users\Tobia\msgvn.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\xcjv.exe) - C:\Users\Tobia\AppData\Roaming\xcjv.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\dgixy.exe) - C:\Users\Tobia\AppData\Roaming\dgixy.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\ozzfhv.exe) - C:\Users\Tobia\AppData\Roaming\ozzfhv.exe ()
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.14 17:32:50 | 000,000,044 | ---- | M] () - D:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.04.14 05:17:18 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{23e31497-5e18-11de-9f26-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{23e31497-5e18-11de-9f26-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009.07.17 00:13:07 | 001,246,440 | R--- | M] (BioWare)
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\AutoRun\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\explore\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\open\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{83635647-5da2-11de-b082-002185e15930}\Shell - "" = AutoRun
O33 - MountPoints2\{83635647-5da2-11de-b082-002185e15930}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\AutoRun\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\explore\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\open\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.11 22:03:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.11 22:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.11 21:47:39 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\Malwarebytes
[2010.08.11 21:47:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.11 21:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.11 21:47:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.11 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Desktop\MFTools
[2010.08.08 15:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.08.08 11:32:58 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\CrashRpt
[2010.08.08 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\Procaster
[2010.08.08 11:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2010.07.30 23:36:20 | 000,000,000 | ---D | C] -- C:\Users\Tobia\Documents\OneNote-Notizbücher
[2010.07.29 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\.minecraft
[2010.06.27 10:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\IGN_DLM
[2010.06.09 21:11:56 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2010.06.05 10:53:40 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Local\Futuremark
[2010.05.28 20:12:29 | 000,000,000 | ---D | C] -- C:\Users\Tobia\AppData\Roaming\LolClient
[2010.05.25 08:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.05.22 10:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.05.22 10:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger_Plus_Live_Germany
[2010.05.17 16:29:37 | 000,000,000 | -HSD | C] -- C:\found.000
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.11 23:41:04 | 007,077,888 | -HS- | M] () -- C:\Users\Tobia\NTUSER.DAT
[2010.08.11 23:36:42 | 000,042,559 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.11 23:36:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 23:36:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.11 23:36:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.11 23:36:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 23:35:57 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 23:33:33 | 003,137,459 | -H-- | M] () -- C:\Users\Tobia\AppData\Local\IconCache.db
[2010.08.11 22:15:39 | 000,524,288 | -HS- | M] () -- C:\Users\Tobia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.11 22:15:39 | 000,065,536 | -HS- | M] () -- C:\Users\Tobia\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.11 22:01:25 | 000,000,743 | ---- | M] () -- C:\Users\Tobia\Desktop\NTREGOPT.lnk
[2010.08.11 22:01:25 | 000,000,724 | ---- | M] () -- C:\Users\Tobia\Desktop\ERUNT.lnk
[2010.08.11 21:58:02 | 000,042,559 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.11 21:47:19 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 21:45:58 | 000,284,915 | ---- | M] () -- C:\Users\Tobia\Desktop\Gmer.zip
[2010.08.11 21:43:20 | 000,410,834 | ---- | M] () -- C:\Users\Tobia\Desktop\Load.exe
[2010.08.11 07:05:19 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe
[2010.08.11 02:33:07 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gglgwg1wwb.exe
[2010.08.10 15:15:20 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf9a0vqq.exe
[2010.08.10 06:10:35 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccw40wcmww.exe
[2010.08.10 05:52:54 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe
[2010.08.09 23:19:22 | 000,000,582 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Tobia.job
[2010.08.09 15:14:05 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe
[2010.08.09 06:09:26 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4l2gbqq.exe
[2010.08.08 11:29:37 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010.08.08 02:54:54 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jzeze76u.exe
[2010.08.07 23:22:05 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010.08.07 10:16:50 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa0vq0k0fa.exe
[2010.08.07 02:54:06 | 000,043,008 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i98xxsi6ccx.exe
[2010.07.31 22:10:13 | 000,190,634 | ---- | M] () -- C:\Users\Tobia\Logo-Hund-2.jpg
[2010.07.31 22:10:10 | 000,190,561 | ---- | M] () -- C:\Users\Tobia\Logo-Hund-3.jpg
[2010.07.30 23:58:22 | 000,000,819 | ---- | M] () -- C:\Users\Tobia\.recently-used.xbel
[2010.07.30 23:54:31 | 000,000,104 | ---- | M] () -- C:\Users\Tobia\Desktop\Papierkorb - Verknüpfung.lnk
[2010.07.30 23:47:20 | 000,243,200 | RHS- | M] () -- C:\Users\Tobia\AppData\Roaming\ozzfhv.exe
[2010.07.30 23:37:12 | 000,003,656 | -HS- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2
[2010.07.30 23:36:18 | 000,001,167 | ---- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.07.19 04:07:03 | 362,009,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.07.13 22:33:51 | 000,016,951 | ---- | M] () -- C:\Users\Tobia\Desktop\Fish.jpg
[2010.07.04 13:18:47 | 000,000,651 | ---- | M] () -- C:\Users\Public\Desktop\Metal Slug Brutal.lnk
[2010.07.02 09:39:41 | 000,038,408 | ---- | M] () -- C:\Users\Tobia\Documents\PIC_09-09-03_18-06-39.jpg
[2010.07.02 09:38:48 | 000,047,444 | ---- | M] () -- C:\Users\Tobia\Documents\PIC_09-09-03_18-11-43(1).jpg
[2010.06.26 03:08:02 | 001,463,366 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.26 03:08:02 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.26 03:08:02 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.26 03:08:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.26 03:08:02 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.11 03:26:25 | 000,303,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.01 23:56:40 | 000,015,360 | ---- | M] () -- C:\Users\Tobia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.25 08:08:03 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.11 22:20:22 | 000,293,376 | ---- | C] () -- C:\Users\Tobia\Desktop\gmer.exe
[2010.08.11 22:01:25 | 000,000,743 | ---- | C] () -- C:\Users\Tobia\Desktop\NTREGOPT.lnk
[2010.08.11 22:01:25 | 000,000,724 | ---- | C] () -- C:\Users\Tobia\Desktop\ERUNT.lnk
[2010.08.11 21:47:19 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 21:45:57 | 000,284,915 | ---- | C] () -- C:\Users\Tobia\Desktop\Gmer.zip
[2010.08.11 21:43:19 | 000,410,834 | ---- | C] () -- C:\Users\Tobia\Desktop\Load.exe
[2010.08.11 07:05:23 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe
[2010.08.11 02:33:11 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gglgwg1wwb.exe
[2010.08.10 15:15:25 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf9a0vqq.exe
[2010.08.10 06:10:39 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccw40wcmww.exe
[2010.08.10 05:52:58 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe
[2010.08.09 15:14:10 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe
[2010.08.09 06:09:29 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4l2gbqq.exe
[2010.08.08 11:29:37 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2010.08.08 02:54:57 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jzeze76u.exe
[2010.08.07 23:22:05 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2010.08.07 10:16:55 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa0vq0k0fa.exe
[2010.08.07 02:54:11 | 000,043,008 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i98xxsi6ccx.exe
[2010.07.31 22:09:25 | 000,190,634 | ---- | C] () -- C:\Users\Tobia\Logo-Hund-2.jpg
[2010.07.31 22:09:25 | 000,190,561 | ---- | C] () -- C:\Users\Tobia\Logo-Hund-3.jpg
[2010.07.30 23:58:22 | 000,000,819 | ---- | C] () -- C:\Users\Tobia\.recently-used.xbel
[2010.07.30 23:54:31 | 000,000,104 | ---- | C] () -- C:\Users\Tobia\Desktop\Papierkorb - Verknüpfung.lnk
[2010.07.30 23:47:22 | 000,243,200 | RHS- | C] () -- C:\Users\Tobia\AppData\Roaming\ozzfhv.exe
[2010.07.30 23:37:11 | 000,003,656 | -HS- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2
[2010.07.30 23:36:18 | 000,001,167 | ---- | C] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.07.13 22:33:46 | 000,016,951 | ---- | C] () -- C:\Users\Tobia\Desktop\Fish.jpg
[2010.07.04 13:18:47 | 000,000,651 | ---- | C] () -- C:\Users\Public\Desktop\Metal Slug Brutal.lnk
[2010.07.02 09:39:40 | 000,038,408 | ---- | C] () -- C:\Users\Tobia\Documents\PIC_09-09-03_18-06-39.jpg
[2010.07.02 09:38:48 | 000,047,444 | ---- | C] () -- C:\Users\Tobia\Documents\PIC_09-09-03_18-11-43(1).jpg
[2010.05.25 08:08:03 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.02.01 19:36:38 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2010.02.01 19:36:38 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.06.20 15:27:27 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.10.15 04:08:25 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.10.15 03:39:08 | 000,001,477 | ---- | C] () -- C:\Windows\TVNXPDrv.ini
[2008.10.15 03:38:52 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.10.15 02:12:07 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.10.15 02:12:07 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.10.14 12:51:35 | 000,001,438 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.03.24 09:24:46 | 000,028,672 | ---- | C] () -- C:\Windows\System32\frapsvid.dll
 
========== LOP Check ==========
 
[2010.07.29 19:54:38 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\.minecraft
[2009.07.18 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\acccore
[2010.05.08 13:14:16 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Beat Hazard
[2009.08.10 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Bioshock
[2010.04.14 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\GetRightToGo
[2010.05.20 18:58:56 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\gtk-2.0
[2010.06.20 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\ICQ
[2010.05.28 20:12:29 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\LolClient
[2010.05.07 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.05.11 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Miranda
[2009.10.03 10:01:06 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Mount&Blade
[2009.06.20 15:31:31 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Protector Suite
[2009.12.21 20:51:48 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\runic games
[2010.04.28 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\SanDisk
[2010.04.28 19:01:48 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\SYSTEMAX Software Development
[2009.10.26 16:36:39 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\Tropico 3 Demo
[2010.05.09 14:47:46 | 000,000,000 | ---D | M] -- C:\Users\Tobia\AppData\Roaming\TS3Client
[2010.08.11 22:15:18 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008.10.15 02:38:14 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.08.11 23:35:57 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.14 18:03:21 | 000,001,087 | -H-- | M] () -- C:\IPH.PH
[2009.06.20 15:28:16 | 000,000,171 | ---- | M] () -- C:\msicssetup.log
[2010.08.11 23:35:55 | 3533,967,360 | -HS- | M] () -- C:\pagefile.sys
[2009.06.20 16:24:37 | 000,000,026 | ---- | M] () -- C:\usm.txt
[2009.06.20 15:28:50 | 006,490,890 | ---- | M] () -- C:\worksinstall.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.27 04:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2010.01.27 17:37:36 | 000,001,674 | -H-- | M] () -- C:\Users\Tobia\AppData\Roaming\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-11 01:02:47
< End of report >
--- --- ---


Extras.txt:

OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 23:41:22 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Tobia\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 1,06 Gb Free Space | 2,41% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 34,46 Gb Free Space | 13,99% Space Free | Partition Type: NTFS
Drive E: | 7,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: WURSTTHEKE
Current User Name: Tobia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053224BE-55C7-4936-87B7-9D585CB62D2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{08564B48-ED2A-4574-BCA0-43B6F50ACCAB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0D99E561-7747-49D9-8657-A492942E23C1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{252F05C5-5F81-4D0A-BB85-7C93CBC1A464}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4660412B-C292-4BDC-8AC2-557E0B6F3D52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{70D0EF3B-888E-4C31-A75C-A6D40E8181C7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{850A6230-C4F2-4B80-8B66-023198FB0078}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C3024134-4E48-44C2-B38F-E893D1BD8E7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DD75E74C-E54E-435B-8BF7-7EB1C116E845}" = lport=8377 | protocol=17 | dir=in | name=league of legends launcher | 
"{DDAC6C0A-CFE3-4494-8242-71CE7F909876}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DE009866-A952-488A-80A2-DD31B23A9E80}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E09DDF40-C189-4BE3-8472-0D35AD597BC0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E131D3B9-84A6-4A0D-AEAD-CD24A4A87052}" = lport=8377 | protocol=6 | dir=in | name=league of legends launcher | 
"{F649D964-AAB2-4BAD-BAAD-65E882BBA7C3}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CD2FEB-4757-4A75-9453-E7DEDB48D4FB}" = protocol=6 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe | 
"{03BF5308-33C3-43D0-86E1-07B9C4A6370E}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\garrysmod\hl2.exe | 
"{06AD3941-ED82-4498-BD27-366DEECA3437}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{09A7DF9D-0581-4B7C-80DA-F31CD0A0066D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{0F249E20-544F-4AD7-B15C-265CD3122D48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{10516D85-A8CC-465D-A71D-738E1592650F}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{17841381-48CC-4DAD-A976-1A076E062307}" = protocol=6 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{1847B9E0-5A01-4C46-9ACF-8196615CB5AA}" = protocol=17 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{1C4AF2A7-6F7E-4007-9240-2EA32057CC2F}" = protocol=6 | dir=in | app=d:\program files\mass effect 2\binaries\masseffect2.exe | 
"{23B6C2B8-414E-4DB9-B14A-FB8F64A782D3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\zombie panic! source\hl2.exe | 
"{2BEBFFF4-B568-45A7-A2B9-A56DD62EC77C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2BFA15A8-8969-4EA4-8C58-A3DD872D5810}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2F7E1EAC-C71C-457B-B6C8-1C10973F197A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{30785503-15C5-4A3A-908F-4A19559E12F8}" = protocol=6 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{33E7FA8B-0217-457C-9F7F-8F42EE0B8B07}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{37596F0F-C492-4B08-B32B-EF3C01840F40}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{3C6B0A4F-8FA3-46EB-ACB8-76B2FE9FE0E8}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\zombie panic! source\hl2.exe | 
"{3E6DD974-4820-459D-AFDC-5E6843D8F116}" = protocol=17 | dir=in | app=d:\riot games\league of legends\game\league of legends.exe | 
"{3F016BFA-5A74-4FE1-91EB-129DA6F55AE7}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{49DAE8C9-CDA0-4F66-8283-9138C0D01165}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe | 
"{4A8346C1-AAC3-40B8-8CCD-A94861A71EB2}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\the scourge project ep 1 - 2 demo\binaries\win32\scourgegame.exe | 
"{4AC3CBCF-00DC-47EA-88E8-9BE2AE626636}" = protocol=17 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{4C1F9298-77FE-469B-ADEC-521086DAC1A6}" = protocol=17 | dir=in | app=d:\program files\mass effect\binaries\masseffect.exe | 
"{4CAE5065-FB7A-4855-B3C2-29E6A378FCAC}" = protocol=6 | dir=in | app=d:\program files\mass effect\binaries\masseffect.exe | 
"{4D83F791-D429-46F0-A0A5-3B9791FD7078}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{52C420B0-6EE4-42BF-8026-CB2E27089135}" = protocol=6 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{54862E74-EBD9-4EC5-A365-1EEA50A55108}" = protocol=17 | dir=in | app=d:\program files\mass effect 2\binaries\masseffect2.exe | 
"{55854C52-A574-4269-B847-08FED5D5286D}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{57960E79-4C09-4B9D-9EA5-CAE79C677D06}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\max and the magic marker demo\max.exe | 
"{5A147172-301C-40B3-9D29-C340CA2D30CA}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{60FF4984-D767-4159-BF62-33EE2791E002}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daorigins.exe | 
"{62AC7184-5876-444A-9EB8-8CEF6DDE3CB0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{67C4133D-373A-45EC-BA32-94BECD2579AF}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\garrysmod\hl2.exe | 
"{6837FAE8-C884-44E2-9E6E-92E51D1AEB4E}" = protocol=6 | dir=in | app=d:\riot games\league of legends\game\league of legends.exe | 
"{71EB6A43-98F5-472E-B544-51E0F45EEBA9}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battleforge\battleforge.exe | 
"{72B86192-9697-4720-ABAB-24D1801C2BF6}" = protocol=17 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{72E5A75C-8E4B-4244-A011-CEFD874C177C}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{772182DA-534D-47FE-8740-A9361E485356}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | 
"{77354E28-9FA8-4C63-9C18-CAD21B26DE23}" = protocol=6 | dir=in | app=d:\riot games\league of legends\air\lolclient.exe | 
"{78BB79FD-F35B-4FB3-9288-021BC8852896}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{83ACD313-FAEF-4BAB-A210-F152FD310B57}" = protocol=6 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{8821F8D0-5AD2-488C-8BC2-972EE0FE68D0}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{926156B2-A594-46A6-AA72-ABA8028FF400}" = protocol=6 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{93C019BF-15EA-42E3-8C1C-C34B838F4BDC}" = protocol=17 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{95AF8DA1-C330-4184-A4AC-73100BDA8784}" = protocol=6 | dir=in | app=d:\program files\mass effect\masseffectlauncher.exe | 
"{95D6EFD9-B261-4DBC-A158-43533A9F7301}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | 
"{97C1BED6-D422-415F-AAC8-8D1B0B2C4DAC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\the scourge project ep 1 - 2 demo\binaries\win32\scourgegame.exe | 
"{988164BF-3625-4590-ADF8-EA9070912B64}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{993093CE-B8AC-461D-B72F-DDAB42679A09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9D12B871-19F9-460E-AA60-4825F9D1E900}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9EB6E436-559D-4B38-99FE-8B73F8A97095}" = protocol=17 | dir=in | app=d:\program files\mass effect 2\masseffect2launcher.exe | 
"{A0B36739-9C71-4052-8D00-772EC166E4DE}" = protocol=17 | dir=in | app=d:\program files\mass effect\masseffectlauncher.exe | 
"{A170A5E4-F8C8-44C3-A7B3-A0863720C918}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"{A1948CD5-31A1-4922-B8DD-EFED91F253C4}" = protocol=17 | dir=in | app=d:\program files\eidos\kane and lynch dead men\kaneandlynch.exe | 
"{A57066C7-6AFA-4B17-8059-F45409985330}" = protocol=6 | dir=in | app=d:\program files\eidos\kane and lynch dead men\kaneandlynch.exe | 
"{AAE8C6C8-8783-4196-8425-856382ECCBD9}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{AB42D078-33EF-456E-BE3E-5545CAC93807}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B03426A9-0FD7-4ED5-AD0F-658026F70F3A}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B481FCB4-6515-4FB7-B6E5-12E21FA428A3}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{B536CAAC-AAB3-486A-9033-0F06B3D659E5}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battleforge\battleforge.exe | 
"{B5A83F0A-131D-4647-A72F-024501D68F33}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B69ED136-E229-453F-8DB3-99070FE6D9D6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\age of chivalry\hl2.exe | 
"{BA399E53-22EE-40BE-9104-0CEFDC69655C}" = protocol=17 | dir=in | app=d:\program files\icq7.1\icq.exe | 
"{C1F8520B-1095-44D2-B515-AAA55C16E759}" = protocol=6 | dir=in | app=d:\program files\mass effect 2\masseffect2launcher.exe | 
"{C3542116-0211-48F8-9B1C-F9B53743BBA1}" = protocol=17 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{C6E4E5AA-01B3-4DC9-AB5F-FD85B6F1FEA9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{CD106582-E88B-4394-AA7E-4DEE3BCFB69C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D36BCAC0-CAB7-4A04-9ABB-40EE37D7F234}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D4F9DB90-433C-4995-B35B-05A7F9F843AF}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{DAEDE79C-A06E-4AC5-97F4-6CD177E21791}" = protocol=17 | dir=in | app=d:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{DC9A883F-AEA4-4F00-AD83-D8B2E9315A10}" = protocol=17 | dir=in | app=d:\program files\dragon age\daoriginslauncher.exe | 
"{DE197E46-7659-4D00-925B-A80504D50EB9}" = protocol=17 | dir=in | app=d:\riot games\league of legends\air\lolclient.exe | 
"{E23135AC-C798-43B8-9919-4AAB43BADFF1}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{EA3B6527-CC9E-4D74-A9BE-E4DD508925B3}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{F089473A-674E-4554-A033-46B57CC13D55}" = protocol=6 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{F0D0B70A-7BAD-43F6-93AD-4A82F923C8BF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F23C5AA5-1248-4901-B02C-1CD6F78FE8ED}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{F3885FD5-8B3C-473E-8A4A-0B62EBDE7B64}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\max and the magic marker demo\max.exe | 
"{F3A3554D-EDE3-4070-BE69-3B18439FB826}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7E9606A-36D0-42EE-99E6-102274D2B8B2}" = protocol=6 | dir=in | app=d:\program files\icq7.1\aolload.exe | 
"{FAED840A-3404-45A2-A8C7-1DED9F5D1F32}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\age of chivalry\hl2.exe | 
"TCP Query User{6026D315-06C0-4385-A524-F947ED26DB1E}D:\program files\steam\steamapps\wontdieforyoursins\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\team fortress 2\hl2.exe | 
"UDP Query User{58155752-0A88-4D33-A303-1BE34A0D5EE8}D:\program files\steam\steamapps\wontdieforyoursins\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\wontdieforyoursins\team fortress 2\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{16A81B06-AF93-4C4C-8448-17B10F980B13}" = Symantec Real Time Storage Protection Component
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2158685C-E2B3-4026-B0A1-0FFE31837AFD}" = PlayLinc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CBCDE92-F30D-4761-82B2-485D7296B6CC}" = SymNet
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60147180-8370-44BC-9BBD-E554D86F0BA3}" = Livestream Procaster
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7F6FA05E-B935-43E3-83CE-75A84A70BACF}_is1" = Metal Slug Brutal v1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_HOMESTUDENTR_{C913F31D-FF3E-47F6-95E6-7E417D37A76E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_HOMESTUDENTR_{C913F31D-FF3E-47F6-95E6-7E417D37A76E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_HOMESTUDENTR_{C913F31D-FF3E-47F6-95E6-7E417D37A76E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_HOMESTUDENTR_{3C7DCB2F-8EA1-4558-B8F5-1107C4055A0B}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_HOMESTUDENTR_{E3B92295-785F-4FF7-8BE1-67E86F5F8140}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0408-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Greek) 2007
"{90120000-00A1-0408-0000-0000000FF1CE}_HOMESTUDENTR_{C913F31D-FF3E-47F6-95E6-7E417D37A76E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958AF490-810C-4D3E-AA82-EBA2CE41DA20}" = Station Launcher
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD4A8EAF-259A-4604-BA37-40E7DE742A12}" = Ambereh
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_7" = AIM 7
"ERUNT_is1" = ERUNT 1.1j
"Fraps" = Fraps (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pen Tablet Driver" = Stifttablett
"Privoxy" = Privoxy 3.0.6
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 17500" = Zombie Panic! Source
"Steam App 17510" = Age of Chivalry
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 50830" = Max and the Magic Marker - Demo
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 630" = Alien Swarm
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tor" = Tor 0.2.1.19
"TVAfaDrv" = MSI DVB-T USB BDA Driver
"TVNXPDrv" = MSI TV Tuner Card BDA Driver
"Vidalia" = Vidalia 0.1.15
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2010 17:29:55 | Computer Name = Wursttheke | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Informationsebene: error  Initialisierung des COM-Subsystems ist fehlgeschlagen.
 Fehlercode: 0x80004005.
 
Error - 11.08.2010 17:36:23 | Computer Name = Wursttheke | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.08.2010 17:36:55 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 11.08.2010 17:36:55 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 3026
Description = 
 
Error - 11.08.2010 17:38:00 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 11.08.2010 17:38:40 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 11.08.2010 17:38:40 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 3026
Description = 
 
Error - 11.08.2010 17:39:01 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 11.08.2010 17:39:36 | Computer Name = Wursttheke | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 11.08.2010 17:42:55 | Computer Name = Wursttheke | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

--- --- ---


Alt 11.08.2010, 23:11   #6
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Gmer.txt:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-11 23:32:24
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Tobia\AppData\Local\Temp\fxlcyaog.sys


---- System - GMER 1.0.15 ----

SSDT            882E6B88                                                                                                                               ZwAlertResumeThread
SSDT            882E7968                                                                                                                               ZwAlertThread
SSDT            882E1980                                                                                                                               ZwAllocateVirtualMemory
SSDT            881DBA08                                                                                                                               ZwAlpcConnectPort
SSDT            882E7568                                                                                                                               ZwCreateMutant
SSDT            882E1B50                                                                                                                               ZwCreateThread
SSDT            882E71B0                                                                                                                               ZwDebugActiveProcess
SSDT            882E17A0                                                                                                                               ZwFreeVirtualMemory
SSDT            882E7720                                                                                                                               ZwImpersonateAnonymousToken
SSDT            88304158                                                                                                                               ZwImpersonateThread
SSDT            882E16A0                                                                                                                               ZwMapViewOfSection
SSDT            882E7488                                                                                                                               ZwOpenEvent
SSDT            882E1A70                                                                                                                               ZwOpenProcessToken
SSDT            882E61A8                                                                                                                               ZwOpenSection
SSDT            882E13E0                                                                                                                               ZwOpenThreadToken
SSDT            882D3D90                                                                                                                               ZwResumeThread
SSDT            882E1300                                                                                                                               ZwSetContextThread
SSDT            882E14D0                                                                                                                               ZwSetInformationProcess
SSDT            882E1210                                                                                                                               ZwSetInformationThread
SSDT            882E6288                                                                                                                               ZwSuspendProcess
SSDT            882E2008                                                                                                                               ZwSuspendThread
SSDT            882E1C30                                                                                                                               ZwTerminateProcess
SSDT            882E1130                                                                                                                               ZwTerminateThread
SSDT            882E15C0                                                                                                                               ZwUnmapViewOfSection
SSDT            882E1890                                                                                                                               ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 350                                                                                                        820C1A14 8 Bytes  [88, 6B, 2E, 88, 68, 79, 2E, ...]
.text           ntkrnlpa.exe!KeSetTimerEx + 364                                                                                                        820C1A28 4 Bytes  [80, 19, 2E, 88]
.text           ntkrnlpa.exe!KeSetTimerEx + 370                                                                                                        820C1A34 4 Bytes  [08, BA, 1D, 88]
.text           ntkrnlpa.exe!KeSetTimerEx + 428                                                                                                        820C1AEC 4 Bytes  [68, 75, 2E, 88]
.text           ntkrnlpa.exe!KeSetTimerEx + 454                                                                                                        820C1B18 4 Bytes  [50, 1B, 2E, 88]
.text           ...                                                                                                                                    
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                               section is writeable [0x8E204320, 0x3F54F7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!FindResourceExA                                                 76AC08DD 7 Bytes  JMP 2806C4F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!FindResourceA                                                   76AC09A5 5 Bytes  JMP 2806C460 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!CreateEventA                                                    76AD4AD8 5 Bytes  JMP 2806BFC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!LockResource                                                    76AD7F1F 5 Bytes  JMP 2806C6A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!FindResourceExW                                                 76AD813B 7 Bytes  JMP 2806C3E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!LoadResource                                                    76AD8213 7 Bytes  JMP 2806C580 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!FindResourceW                                                   76AD97C7 5 Bytes  JMP 2806C360 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] kernel32.dll!SizeofResource                                                  76AD97E5 7 Bytes  JMP 2806C630 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] ADVAPI32.dll!CryptDeriveKey                                                  75CAE6F6 7 Bytes  JMP 2806BAD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] ADVAPI32.dll!CryptDecrypt                                                    75CAE8D9 7 Bytes  JMP 2806BB30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!SetWindowPlacement                                                76E779BB 5 Bytes  JMP 2806FB00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!SetWindowRgn                                                      76E795E2 7 Bytes  JMP 2806FBA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!LoadImageW                                                        76E7D61D 5 Bytes  JMP 280702B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!LoadIconW                                                         76E7EC94 5 Bytes  JMP 28070430 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!CreateWindowExW                                                   76E83D67 5 Bytes  JMP 2806DB40 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!GetWindowLongW                                                    76E8F67F 7 Bytes  JMP 28070560 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!PeekMessageW                                                      76E8FD9F 5 Bytes  JMP 2806E560 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!TrackPopupMenuEx                                                  76EA0F4D 5 Bytes  JMP 2806EBE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!CreateDialogParamW                                                76EA1C58 5 Bytes  JMP 2806FC50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] USER32.dll!MessageBoxIndirectW                                               76ECD56B 5 Bytes  JMP 2806FE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] SHELL32.dll!Shell_NotifyIconW                                                75FDC808 5 Bytes  JMP 2806D230 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] ole32.dll!CoRegisterClassObject                                              75AB45AC 5 Bytes  JMP 2806CA00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] ole32.dll!CoInitializeEx                                                     75AEB89A 5 Bytes  JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] ole32.dll!CoCreateInstance                                                   75AEE188 5 Bytes  JMP 2806CC80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] WININET.dll!HttpSendRequestA                                                 759D0F35 5 Bytes  JMP 28073550 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] WININET.dll!HttpOpenRequestA                                                 759D54E6 5 Bytes  JMP 28073350 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] WININET.dll!InternetCloseHandle                                              759DAE0B 5 Bytes  JMP 280735F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3204] WININET.dll!InternetReadFile                                                 759DEE5F 5 Bytes  JMP 280734B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Yuna Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[1624] @ C:\Windows\system32\NETAPI32.dll [PSAPI.DLL!GetModuleBaseNameW]  [7579159E] C:\Windows\system32\PSAPI.DLL (Process Status Helper/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                     prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\prohlp02 \Device\ProHlp02                                                                                                      8CAE1D68

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Log von MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4420

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.08.2010 22:14:36
mbam-log-2010-08-11 (22-14-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138671
Laufzeit: 9 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 87

Infizierte Speicherprozesse:
C:\Users\Tobia\AppData\Roaming\Microsoft\gyjaf.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Users\Tobia\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fehourus (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msconfig (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jckcomkað (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.Palevo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows firewall (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe,C:\Users\Tobia\msgvn.exe,C:\Users\Tobia\AppData\Roaming\dgixy.exe,C:\Users\Tobia\AppData\Roaming\xcjv.exe,explorer.exe,C:\Users\Tobia\ AppData\Roaming\ozzfhv.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Tobia\AppData\Roaming\Microsoft\gyjaf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\kmwx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Tobia\jckcomkaÐ.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\pooduzih.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe (Worm.Autorun.B) -> Delete on reboot.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0bw0q0l.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bww9w1mw.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kkffa7vq1qk.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlgglqwggw.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qqkaav1qk.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvqffaavllf.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwmmrwcmhc.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\029.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\035.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\038.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\042.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\071.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\07170.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\074.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\0847.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\092935.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\1269.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\128595.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\1406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\14162.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\164.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\167.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\226.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\250880.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\4845353.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\4866755.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\500205.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\513687.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\527.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\534.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\5577324.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\59769.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\624.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\628.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\632.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\6345233.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\643.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\6465.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\667.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\703797.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\7197.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\273200.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\~TM101F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\~TM3DB1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\~TM7282.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\~TMDE44.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\~TME16.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\776.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\785.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\795.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\80339.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\80417.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\836.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\8463205.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\863.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\90557.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\927.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\930.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\939.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\9440547.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\D4B9.tmp (Trojan.Kryptik) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\crf.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\9809.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\993.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\3032.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\355.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\372.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\378.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\380.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\385.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\423.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\451971.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\4603.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\4610730.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Tobia\msgvn.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\Tobia\AppData\Roaming\xcjv.exe (Worm.Palevo) -> Delete on reboot.
C:\Users\Tobia\AppData\Roaming\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Local\Temp\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Tobia\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Users\Tobia\AppData\Roaming\dgixy.exe (Worm.Palevo) -> Delete on reboot.


Komplikationen die aufgetreten sind:

- beim Durchlauf von TFC fuhr der PC herunter (Normaler Vorgang?)

- beim Durchlauf von erunt.exe erschien ein Pop-Up mit der Nachricht, einige Log-Files können nicht gelöscht werden, ein weiterer Teil des Pop-Ups besagte es solle ein Neustart vollführt werden. Der Neustart wurde nach beendigung des Scans gestartet.
Geändert von Ticklishsock (11.08.2010 um 23:15 Uhr) Grund: Tippfehler

Alt 12.08.2010, 20:35   #7
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [jckcomkaØ] C:\Users\Tobia\jckcomkaØ.exe File not found
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4l2gbqq.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe ().exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa0vq0k0fa.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf9a0vqq.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gglgwg1wwb.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i98xxsi6ccx.exe ()
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jzeze76u.exe ()
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe) - C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\msgvn.exe) - C:\Users\Tobia\msgvn.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\xcjv.exe) - C:\Users\Tobia\AppData\Roaming\xcjv.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\dgixy.exe) - C:\Users\Tobia\AppData\Roaming\dgixy.exe File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Tobia\AppData\Roaming\ozzfhv.exe) - C:\Users\Tobia\AppData\Roaming\ozzfhv.exe ()
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\AutoRun\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\explore\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\Shell\open\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{83635647-5da2-11de-b082-002185e15930}\Shell - "" = AutoRun
O33 - MountPoints2\{83635647-5da2-11de-b082-002185e15930}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\AutoRun\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\explore\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O33 - MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\Shell\open\command - "" = F:\DRUGIM\ljudima.exe -- File not found
O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccw40wcmww.exe ()
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von dem aufgeführten Link herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.
BleepingComputer
Firefox User: Mit Rechtsklick und "Ziel speichern unter" downloaden
**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.


Bitte poste in deiner nächsten Antwort
OTLFix Log
Combofix.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 13.08.2010, 05:44   #8
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Um meinen PC nicht weiter zu zerstören:
Habe versucht Norton Internet Security zu deaktivieren, habe allerdings nicht herausgefunden wie ich den Spy-ware-schutz ausschalten kann. Da durch das Ausführen von Combo-Fix eventuelle Fehler auftauchen könnten, sollte ich das ja wohl nicht riskieren.

Das Problem dabei ist, dass das Abonnement abgelaufen ist und ich Norton nicht einfach durch Einstellungen vollständing deaktivieren kann, sondern die einzelnen Optionen manuell ausschalten muss.
Allerdings setzen sich die Einstellungen von Intrusion Prevention jedes mal wieder auf aktiv nachdem ich das Fenster geschlossen habe.

Alt 13.08.2010, 11:31   #9
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Wenn das Abo eh abgelaufen ist, warum nicht gleich weg damit ?
Gibt bessere Freeware, ich bin keine´Freund von Norton

Gib mir mal bescheid, Norton ist nicht so einfach zu deinstallieren.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 13.08.2010, 11:47   #10
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Alles klar, mir wurde eh schon oft von Freunden (mehr oder weniger freundlich) geraten, doch endlich mal Norton in die Wüste zu schicken.

Alt 13.08.2010, 12:02   #11
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Schritt 1

Besuche bitte die Supportseite von Symantec.
Wähle Deine Verison und folge den Anweisungen ab Schritt 2 um Norton zu deinstallieren.


Schritt 2

Bitte downloade und Installiere Dir eines der folgenden AVPs.

Schritt 3

Fahre mit den vorhergehenden Schritten fort (afaik mit Combofix)



Bitte poste in deiner nächsten Antwort
OTLfix Log
Combofix.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 13.08.2010, 13:32   #12
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


(Wählte AVG)

OTL.txt:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{542e4d79-1970-4e95-9862-fdb96f61b280}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\jckcomkaØ deleted successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4l2gbqq.exe moved successfully.
File C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0O4 - Startup: C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe not found.
File C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe ().exe not found.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fa0vq0k0fa.exe moved successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fvvqf9a0vqq.exe moved successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gglgwg1wwb.exe moved successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i98xxsi6ccx.exe moved successfully.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jzeze76u.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\RECYCLER\S-1-5-21-3219471608-6437960914-846369492-9024\yv8g67.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tobia\msgvn.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tobia\AppData\Roaming\xcjv.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tobia\AppData\Roaming\dgixy.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Tobia\AppData\Roaming\ozzfhv.exe deleted successfully.
C:\Users\Tobia\AppData\Roaming\ozzfhv.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58df71a3-600f-11de-b11f-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58df71a3-600f-11de-b11f-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58df71a3-600f-11de-b11f-002185e15930}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58df71a3-600f-11de-b11f-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83635647-5da2-11de-b082-002185e15930}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83635647-5da2-11de-b082-002185e15930}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83635647-5da2-11de-b082-002185e15930}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83635647-5da2-11de-b082-002185e15930}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c65ed23e-754d-11de-ba45-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c65ed23e-754d-11de-ba45-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c65ed23e-754d-11de-ba45-002185e15930}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c65ed23e-754d-11de-ba45-002185e15930}\ not found.
File F:\DRUGIM\ljudima.exe not found.
C:\Users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mccw40wcmww.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tobia
->Temp folder emptied: 390617942 bytes
->Temporary Internet Files folder emptied: 50019620 bytes
->Java cache emptied: 80406824 bytes
->FireFox cache emptied: 92987180 bytes
->Flash cache emptied: 217269 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 282231423 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10696945 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 865,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08122010_231113

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETD98C.tmp not found!

Registry entries deleted on Reboot...


Combo-Fix.txt :

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-12.03 - Tobia 13.08.2010  14:12:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.2002 [GMT 2:00]
ausgeführt von:: c:\users\Tobia\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-13 bis 2010-08-13  ))))))))))))))))))))))))))))))
.

2010-08-13 12:19 . 2010-08-13 12:20	--------	d-----w-	c:\users\Tobia\AppData\Local\temp
2010-08-13 12:19 . 2010-08-13 12:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-13 11:50 . 2010-08-13 11:50	--------	d-----w-	c:\users\Tobia\AppData\Local\AVG Security Toolbar
2010-08-13 11:40 . 2010-08-13 11:40	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-08-13 11:40 . 2010-08-13 11:40	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-08-13 11:39 . 2010-08-13 11:39	--------	d-----w-	c:\programdata\AVG Security Toolbar
2010-08-13 11:38 . 2010-08-13 11:38	52872	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-08-13 11:38 . 2010-08-13 11:38	25168	----a-w-	c:\windows\system32\drivers\AVGIDSvx.sys
2010-08-13 11:38 . 2010-08-13 11:38	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-13 11:38 . 2010-08-13 11:38	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-13 11:38 . 2010-08-13 11:38	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-08-13 11:37 . 2010-08-13 11:37	24856	----a-w-	c:\windows\system32\drivers\avgfwd6x.sys
2010-08-13 11:36 . 2010-08-13 11:36	--------	d-----w-	c:\program files\AVG
2010-08-13 11:35 . 2010-08-13 11:36	--------	d-----w-	c:\programdata\avg9
2010-08-13 11:20 . 2010-08-13 11:20	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vv2qlaa1llg.exe
2010-08-13 11:20 . 2010-08-13 11:20	37888	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l2gaqq1aa.exe
2010-08-13 05:09 . 2010-08-13 05:09	37888	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aavllfv9q.exe
2010-08-13 05:09 . 2010-08-13 05:09	37888	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laavlaqq1a.exe
2010-08-13 05:09 . 2010-08-13 05:09	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvqllf5vq.exe
2010-08-13 03:40 . 2010-08-13 03:40	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqffaavkkf.exe
2010-08-13 03:40 . 2010-08-13 03:40	37888	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff2avkk1vvq.exe
2010-08-12 21:11 . 2010-08-12 21:11	--------	d-----w-	C:\_OTL
2010-08-12 00:49 . 2010-08-12 00:49	42496	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bww86mhmhm.exe
2010-08-11 23:44 . 2010-08-11 23:44	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sn2x0xnsns7.exe
2010-08-11 21:55 . 2010-08-11 21:55	42496	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmx1mccxx71.exe
2010-08-11 21:55 . 2010-08-11 21:55	42496	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8mmhmhc.exe
2010-08-11 21:55 . 2010-08-11 21:55	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rmc0rrhhmh.exe
2010-08-11 20:01 . 2010-08-11 20:01	--------	d-----w-	c:\program files\ERUNT
2010-08-11 19:47 . 2010-08-11 19:47	--------	d-----w-	c:\users\Tobia\AppData\Roaming\Malwarebytes
2010-08-11 19:47 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 19:47 . 2010-08-11 19:47	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-11 19:47 . 2010-08-11 19:47	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-11 19:47 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-11 15:42 . 2010-05-27 19:16	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-11 15:20 . 2010-06-08 17:00	3598216	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-11 15:20 . 2010-06-08 17:00	3545992	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-11 15:20 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-08-11 15:20 . 2010-06-18 14:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 15:20 . 2010-06-18 14:43	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-11 15:20 . 2010-06-16 15:59	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-11 05:05 . 2010-08-11 05:05	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe
2010-08-10 03:52 . 2010-08-10 03:52	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe
2010-08-09 13:14 . 2010-08-09 13:14	43008	--sh--r-	c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe
2010-08-08 13:52 . 2010-08-08 13:52	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-08 09:32 . 2010-08-08 09:32	--------	d-----w-	c:\users\Tobia\AppData\Local\CrashRpt
2010-08-08 09:29 . 2010-08-08 09:34	--------	d-----w-	c:\users\Tobia\AppData\Local\Procaster
2010-08-08 09:29 . 2010-08-08 09:32	--------	d-----w-	c:\program files\Livestream Procaster
2010-07-29 17:49 . 2010-07-29 17:54	--------	d-----w-	c:\users\Tobia\AppData\Roaming\.minecraft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 12:06 . 2009-09-15 14:26	--------	d-----w-	c:\users\Tobia\AppData\Roaming\Tor
2010-08-13 12:06 . 2009-06-29 18:20	--------	d-----w-	c:\users\Tobia\AppData\Roaming\Skype
2010-08-13 12:04 . 2009-06-21 15:41	--------	d-----w-	c:\users\Tobia\AppData\Roaming\WTablet
2010-08-13 11:18 . 2008-10-15 01:34	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-08-13 11:18 . 2008-10-15 01:34	--------	d-----w-	c:\programdata\Symantec
2010-08-13 06:01 . 2009-06-29 18:26	--------	d-----w-	c:\users\Tobia\AppData\Roaming\skypePM
2010-08-13 03:41 . 2009-09-15 14:26	--------	d-----w-	c:\users\Tobia\AppData\Roaming\Vidalia
2010-08-12 21:11 . 2010-05-22 08:50	--------	d-----w-	c:\program files\Messenger_Plus_Live_Germany
2010-08-12 13:15 . 2008-10-15 00:02	42559	----a-w-	c:\programdata\nvModes.dat
2010-08-12 01:01 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-08 13:52 . 2009-09-25 16:43	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-07 21:23 . 2009-07-18 19:49	--------	d-----w-	c:\programdata\Yahoo! Companion
2010-08-07 21:22 . 2009-07-18 19:47	--------	d-----w-	c:\program files\Yahoo!
2010-07-21 18:10 . 2009-06-26 17:24	--------	d-----w-	c:\program files\Common Files\Steam
2010-07-10 06:27 . 2008-10-15 00:44	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-29 12:57 . 2008-10-14 23:46	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-28 16:17 . 2010-08-11 15:21	833024	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-11 15:21	78336	----a-w-	c:\windows\system32\ieencode.dll
2010-06-27 08:53 . 2010-06-27 08:29	--------	d-----w-	c:\users\Tobia\AppData\Roaming\IGN_DLM
2010-06-26 01:08 . 2008-10-15 03:18	628730	----a-w-	c:\windows\system32\perfh007.dat
2010-06-26 01:08 . 2008-10-15 03:18	126454	----a-w-	c:\windows\system32\perfc007.dat
2010-06-26 01:02 . 2008-10-15 00:50	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-21 13:18 . 2010-08-11 15:21	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-06-20 21:31 . 2010-05-11 19:30	--------	d-----w-	c:\users\Tobia\AppData\Roaming\ICQ
2010-06-19 09:03 . 2010-04-03 07:37	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-06-18 16:43 . 2010-08-11 15:21	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-06-15 16:11 . 2010-06-15 16:11	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 15:31 . 2010-08-11 15:21	274432	----a-w-	c:\windows\system32\schannel.dll
2010-05-26 16:16 . 2010-06-10 22:47	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 22:47	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-22 12:24 . 2009-06-20 13:18	70672	----a-w-	c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 12:14 . 2010-07-06 11:07	221568	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-06-30 12:23	2102600	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-06-30 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-30 01:55	4232968	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-30 01:55	4232968	----a-w-	c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Steam"="d:\program files\steam\steam.exe" [2010-05-07 1238352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Vidalia"="d:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-07-12 5113430]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SansaDispatch"="c:\users\Tobia\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-04-28 79872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-30 49928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 149280]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-13 2065760]

c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
8mmhmhc.exe [2010-8-11 42496]
8qkf9a0.exe [2010-8-10 43008]
aavllfv9q.exe [2010-8-13 37888]
bww86mhmhm.exe [2010-8-12 42496]
cmx1mccxx71.exe [2010-8-11 42496]
ff2avkk1vvq.exe [2010-8-13 37888]
l2gaqq1aa.exe [2010-8-13 37888]
laavlaqq1a.exe [2010-8-13 37888]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2010-7-30 3656]
qk4fvvqffa.exe [2010-8-9 43008]
rmc0rrhhmh.exe [2010-8-11 43008]
sn2x0xnsns7.exe [2010-8-12 43008]
vqffaavkkf.exe [2010-8-13 43008]
vv2qlaa1llg.exe [2010-8-13 43008]
vvqllf5vq.exe [2010-8-13 43008]
wmrmrbwmm.exe [2010-8-11 43008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
Privoxy.lnk - d:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]
TabUserW.exe.lnk - c:\windows\System32\WTablet\TabUserW.exe [2009-6-21 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-30 01:43	96008	----a-w-	c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-26 159744]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-06-30 431432]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 PKWCap;PKWCap service;c:\windows\system32\DRIVERS\PKWCap.sys [2008-04-28 995328]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-08-13 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-13 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-08-13 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-13 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-13 243024]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-08-13 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-13 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-08-13 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-08-13 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-08-13 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-08-13 27216]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2567732
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - d:\program files\ICQ7.1\ICQ.exe
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Tobia\AppData\Roaming\Mozilla\Firefox\Profiles\sw725uwf.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Tobia\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{542e4d79-1970-4e95-9862-fdb96f61b280} - (no file)
Toolbar-{542e4d79-1970-4e95-9862-fdb96f61b280} - (no file)
WebBrowser-{542E4D79-1970-4E95-9862-FDB96F61B280} - (no file)
AddRemove-Yahoo! Software Update - c:\progra~1\Yahoo!\SOFTWA~1\UNINST~1.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-13 14:20
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  SansaDispatch = c:\users\Tobia\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe??0???????/sansa/Application/SansaUpdaterInstall_1_018.exe?N??8???11.txt 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2810075975-951050563-849983458-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7c,53,a3,b3,cb,e2,df,c5,2b,f4,57,15,0e,25,bd,87,ad,20,fe,01,e1,f8,e1,
   4a,ff,e2,f5,c2,7c,61,9c,b9,7f,2e,6f,5f,55,27,62,9c,0f,82,70,c1,10,03,0a,6c,\
"??"=hex:11,ee,58,4c,48,78,6f,26,9e,09,44,53,57,68,cf,fa

[HKEY_USERS\S-1-5-21-2810075975-951050563-849983458-1000\Software\SecuROM\License information*]
"datasecu"=hex:dd,64,53,0f,a0,f6,91,34,72,ac,38,2b,85,2b,58,11,60,cc,30,12,15,
   de,c2,9c,6b,dd,a8,62,db,f4,f7,74,7e,4b,8e,1a,65,39,fb,61,71,41,2d,97,70,d4,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Zeit der Fertigstellung: 2010-08-13  14:26:13
ComboFix-quarantined-files.txt  2010-08-13 12:26

Vor Suchlauf: 2.067.030.016 Bytes frei
Nach Suchlauf: 2.154.364.928 Bytes frei

- - End Of File - - A0D0004C476335EECBB7F0A610A23C2E
--- --- ---
Alt 13.08.2010, 17:16   #13
Larusso
/// Selecta Jahrusso
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Schritt 1

Downloade Dir bitte ZipIt
  • Speichere die Datei auf dem Desktop
  • Starte die ZipIt2.exe mit Doppelklick
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun folgenden Text in das Skriptfeld von ZipIt.
    Code:
    ATTFilter
    c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8mmhmhc.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aavllfv9q.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bww86mhmhm.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmx1mccxx71.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff2avkk1vvq.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l2gaqq1aa.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laavlaqq1a.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rmc0rrhhmh.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sn2x0xnsns7.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqffaavkkf.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vv2qlaa1llg.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvqllf5vq.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe
  • Klicke nun den Zip Button.
Du findest dann eine <Dein Benutzername>.zip Datei auf dem Desktop. Lade diese bitte hier hoch.
  • Klicke auf Durchsuchen. Navigiere zu der vorher erstellten .zip Datei.
  • Kopiere nun folgenden Link in die
    Link zum Thema im Forum Box
    Zitat:
    http://www.trojaner-board.de/89383-symantec-meldet-geblockte-von-mir-ausgehende-spam-mails-2.html#post554442
  • Trage deinen Nicknamen ein und klicke Hochladen.
Teile mir mit wenn der Upload geklappt hat.


Schritt 2

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
http://www.trojaner-board.de/89383-symantec-meldet-geblockte-von-mir-ausgehende-spam-mails-2.html#post554442

KillAll::
Collect::
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8mmhmhc.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8qkf9a0.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\aavllfv9q.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bww86mhmhm.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cmx1mccxx71.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ff2avkk1vvq.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\l2gaqq1aa.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laavlaqq1a.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qk4fvvqffa.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rmc0rrhhmh.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sn2x0xnsns7.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vqffaavkkf.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vv2qlaa1llg.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vvqllf5vq.exe
c:\users\Tobia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmrmrbwmm.exe

Folder::
c:\programdata\Symantec
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 3

Starte bitte OTL und klicke den QuickScan Button


Bitte poste in deiner nächsten Antwort
Combofix.txt
OTL.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 13.08.2010, 18:32   #14
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Schritt 1 erfolgreich abgeschlossen

Alt 13.08.2010, 22:30   #15
Ticklishsock
 
Symantec meldet geblockte von mir ausgehende Spam-Mails. - Standard

Symantec meldet geblockte von mir ausgehende Spam-Mails.


Wäre nur halb so spaßig, wenn ich ein einfacher Fall wäre.
Nachdem ComboFix einen Reboot anlegte, erschien ein Fenster mit dem Text "Bitte Warten.", nach ca. fünf-sechs Stunden jedoch stürtzte die ganze Sache ab.

Soll ich ein neues CFScript.txt Dokument erstellen und das ganze erneut versuchen?
(AVG war Deaktiviert, alle offenen Programme wurden vor dem Start von ComboFix geschlossen).

Antwort
Seite 1 von 3 1 23

Themen zu Symantec meldet geblockte von mir ausgehende Spam-Mails.
ausgehende, ausgehende mails, beendet, dateien, e-mail, ebenfalls, emails, externe festplatte, festplatte, forum, google, kunde, lag, mails, maßnahme, meldungen, neu, nicht sicher, norton, performance, pop-ups, problem, scan, spam-mails, start, symantec, task-manager, trojaner, verschickt, viagra, virus, voll, windows, windows-kopie, yahoo


« Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys | Antivir-Meldung: TR/PSW.Papras.AB »


Ähnliche Themen: Symantec meldet geblockte von mir ausgehende Spam-Mails.


  1. Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (1)
  2. GData Internet Security meldet infizierte ausgehende Mails
    Plagegeister aller Art und deren Bekämpfung - 28.05.2014 (13)
  3. Mailer Daemon Mails von GMX-Konto - Spam oder sendet Outlook selbstständig Mails?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (8)
  4. Win 7 64: Avira meldet diverse Funde, regelmäßige Floodings, geblockte Websiteaufrufe von "SYSTEM"
    Log-Analyse und Auswertung - 04.11.2013 (6)
  5. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  6. Symantec meldet: Trojan.Zeroaccess.B | Trojan.Gen.2 | services.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  7. ausgehende Mails werden gestoppt
    Alles rund um Windows - 10.08.2012 (1)
  8. PC langsam, Trojaner infiziert, Avira und Symantec meldet
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (17)
  9. Symantec DE-Cleaner meldet Hosts als infiziert
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (1)
  10. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare [Update]
    Nachrichten - 10.07.2010 (0)
  11. Eigentor von Symantec: Eigene WM-Website voller Spam-Kommentare
    Nachrichten - 09.07.2010 (0)
  12. CPU 100% ? Dauerhafte ausgehende und eingehende E-mails?
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (3)
  13. Symantec AntiVirus meldet: Adware.VirtuMonde
    Log-Analyse und Auswertung - 14.12.2007 (41)
  14. Symantec Online meldet ADWARE.PREFIX
    Log-Analyse und Auswertung - 01.07.2007 (4)
  15. Ausgehende Mails werden manipuliert
    Log-Analyse und Auswertung - 28.02.2007 (5)
  16. Spam-Mails
    Überwachung, Datenschutz und Spam - 07.11.2006 (5)
  17. Scannt Norton AntiVirus 2003 ausgehende mails?
    Antiviren-, Firewall- und andere Schutzprogramme - 26.02.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Symantec meldet geblockte von mir ausgehende Spam-Mails. - Seit einigen Tagen erscheinen nach dem Start meines Laptops unzählige Meldungen des Symantec E-Mail scanners, in denen es heisst, ausgehende Mails wären aufgrund eigenartiger Inhalte geblockt. (Ich weiß natürlich nicht, - Symantec meldet geblockte von mir ausgehende Spam-Mails....
Archiv
Du betrachtest: Symantec meldet geblockte von mir ausgehende Spam-Mails. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131