Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: System Tool 2011 Extreme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2010, 12:18   #1
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Hallo ich ahbe ein ziemlich großes Problem, gestern abend ging mein PC quasi in die Brüche. Ich habe mir den System Tool Virus eingefangen seit dem geht nichts mehr.

Vorweg, es gab ein paar anzeichen vorher wie zum Beispiel Trojaner die gelöscht werden mussten (Antivir hat sie erkannt).
Außerdem kam bei Google Bilder die Meldung: "Kann nicht ausgeführt werden, ihr PC sendet automatische Anfragen" (so weit ich weiß kann das auf ein Botnetzwerk hinweisen, habe selbst überhaupt keine ahnung habs nur gegooglet.

Nunja gestern Abend surfte ich im Internet, als sich plötzlich mein Hintergrund änderte und mir System Tools alle 5 Sek. mit seiner "Sie haben 10 000 Viren Meldung" auf die nerven ging.
Wenns nur das wäre hätte ich auch keine Probleme, aber es kamen noch weitere Sachen hinzu die mir das PC Leben dann doch erschwerten.

1. Ich kann nichts mehr ausführen, kein hijack oder antivir ( welches sich, wen wunderts, komplett verkrümmelt hat ).
Ich kann noch das Internet ausführen, jedoch öffnet sich Opera garnicht, Firefox stürzt jede Minute ab ohen Grund und Chrome hat auch keine Lust.
Das einzigste was Problem los lief war Internet Explorer.

2. Task Manager funktioniert nicht mehr ( es kommt eine Meldung mit schwarzem bildschirm)

3. Systemwiederherstellung reagierte nicht mehr.

4. Der PC stürzte 2mal ab und es erschien ein Bluescreen mit der Meldung das ich den PC kaltstarten sollte und mir wenns niochmal passiert sorgen machen sollte (so in etwa ).
Bluescreen kam in beiden fällen, dazu muss ichs agen das der schonmal kam vor einigen Monaten, aber da wars halt das erste Mal und ich hab mir keine Gedanken gemacht.

Das ganze ist im normalen Modus.


Eben habe ich den PC über den abgesicherten Modus angemacht, und bis jetzt läuft alles.
Antivir macht egrade einen Systemcheck.
Ich kann auch System wiederherstellung amchen, sodass System Tools 2011 nicht drauf ist.
Das ist wenigstens mal eine Möglichkeit IRGENDETWAS zu machen...

Meine Frage, wie gehe ich am besten vor um den Virus restlos zu entfernen?

Ich würde erst Antivir zuende checken lassen, dann Systemwiederherstellung und alle Virenprogramme durchlaufen lassen die finden kann.
Allerdings scheint der Virus ja tief zu sitzen wenn sogar Bluescreen erscheint oder irrre ich mich?


Ganz schön langer Text, helft mir bitte trotzdem


DANKE


Edit: hijack file habe ich eben an diesem PC ausgewertet (externe festplatte sei dank) und er hat nichts gefunden.
Edit2: kann das evtl. daran liegen, das ich es im abgesicherten modus hab laufen lassen? kenn mich nicht aus ;D

ich habe jetzt im abgesicherten Modus Spybot durchlaufen lassen und CCleaner.

Spybot hat 106 Fehler behoben und der Virus scheint weg zu sein, wie es im moment scheint. das heißt es funktioniert alles wieder.

da der virus aber bestimmt nicht restlos weg ist, brauch ich immer noch hilfe..
welche logs soll ich posten? ich brauch meinen PC heute noch

Alt 30.12.2010, 15:37   #2
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Hallo pir4nha und willkommen am Trojaner Board,

je nach noch vorhandenem Befall kann so eine Bereinigung schon mal ein paar Tage dauern und an einem Tag wird das meist nix, das solltest du erstmal im Vorraus wissen (Wir Helfer können auch nicht nonstop online sein)


Vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:



Poste zuerst einmal die schon erstellten Logs, also von Avira Antivir und das von Spybot. Das Logfile von HijackThis ist nicht nötig.
Erstelle stattdessen mit dem folgenden Tool neue Logfiles und poste sie hierher:



Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

__________________

Alt 30.12.2010, 16:35   #3
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Code:
ATTFilter
OTL logfile created on: 30.12.2010 16:13:32 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\...\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: .. | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
 
[2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions
[2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au
[2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam
[2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml
[2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml
[2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml
[2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml
[2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml
[2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.15 18:57:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions
[2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14749 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng46 Toolbar) - {86BF3498-8C44-4C3D-BBFB-05BD50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe
[2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
[2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Malwarebytes
[2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
[2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\backups
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\.\Desktop\spybotsd162.exe
[2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
[2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe
[2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000
[2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Adobe
[2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\Render
[2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\PSDS
[2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Adobe
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Opera
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Opera
[2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
[2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Avira
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe
[2010.12.30 16:08:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
[2010.12.30 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.30 14:09:58 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.30 14:09:58 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.30 14:09:58 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.30 14:09:58 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.30 14:09:58 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.30 14:07:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.30 14:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.30 14:04:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 13:53:07 | 000,066,999 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-2.jpg
[2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.12.30 13:33:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
[2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\.\Desktop\spybotsd162.exe
[2010.12.30 12:31:12 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
[2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe
[2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\.\Desktop\nature-signature.jpg
[2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\.\Desktop\allianz_arena_2.jpg
[2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\.\Desktop\Real Render by TribunX.7z
[2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\.\Desktop\dergruene.rar
[2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\.\Desktop\W_Solo.jpg
[2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:56:23 | 000,159,557 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-1.jpg
[2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\.\Desktop\COD.psd
[2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\.\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\.\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\.\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-284412.png
[2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd
[2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-177338.jpg
[2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.png
[2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:06 | 000,066,999 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-2.jpg
[2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\.\Desktop\nature-signature.jpg
[2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users.\Desktop\allianz_arena_2.jpg
[2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\.\Desktop\LIL-Wayne-psd51253.png
[2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\.\Desktop\dergruene.rar
[2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\.\Desktop\Real Render by TribunX.7z
[2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\.\Desktop\W_Solo.jpg
[2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:56:21 | 000,159,557 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-1.jpg
[2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\.\Desktop\INFECTED.ttf
[2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\.\Desktop\COD.psd
[2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\.\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\.\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\.\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-284412.png
[2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3 by KeReN-R.abr
[2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd
[2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\..\Desktop\wallpaper-297605.png
[2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-177338.jpg
[2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\.\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\.\AppData\Roaming\clipboard.txt
[2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
 
========== LOP Check ==========
 
[2010.10.01 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Alien Skin
[2010.03.18 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Canon
[2010.12.30 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\DNA
[2010.11.22 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\gtk-2.0
[2010.12.17 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Hiku
[2010.12.28 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\ICQ
[2010.05.03 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\iTSfv
[2010.12.17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Ogetv
[2010.03.15 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\OpenOffice.org
[2010.12.22 12:28:48 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Opera
[2010.03.21 20:32:12 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Teeworlds
[2010.10.02 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\TS3Client
[2010.12.16 10:24:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         


extra:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2010 16:13:32 - Run 1
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
 
Computer Name: -PC | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"iTSfv_is1" = iTSfv 5.61.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fraps" = Fraps
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Softonic-Eng46 Toolbar" = Softonic-Eng46 Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47770" = Medal of Honor Beta
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2010 21:16:51 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:17:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:22:13 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:22:14 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 29.12.2010 21:24:36 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 30.12.2010 06:36:15 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = VSS | ID = 8193
Description = 
 
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = System Restore | ID = 8193
Description = 
 
Error - 30.12.2010 06:48:32 | Computer Name = -PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cchrome.exe, Version: 0.0.0.0, Zeitstempel:
 0x4cffee6d  Name des fehlerhaften Moduls: chrome.dll, Version: 8.0.552.224, Zeitstempel:
 0x4cffee38  Ausnahmecode: 0x80000003  Fehleroffset: 0x000d1649  ID des fehlerhaften Prozesses:
 0x5a4  Startzeit der fehlerhaften Anwendung: 0x01cba80f0f22ac3e  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Google\Chrome\Application\cchrome.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\chrome.dll
Berichtskennung:
 576b3937-1402-11e0-b727-ad342654e7b7
 
Error - 30.12.2010 08:00:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description = 
 
[ System Events ]
Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren.
 
Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren.
 
Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren.
 
Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren.
 
Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren.
 
Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren.
 
Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren.
 
Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren.
 
Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren.
 
 
< End of report >
         

antivirr hab ich nicht zuende gemacht und spybot find ichd en log nicht.
__________________

Alt 30.12.2010, 16:58   #4
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Schau wegen Spybot mal hier:


1.) Berichte in Spybot Search&Destroy anzeigen lassen

Spybot starten => im Menü Modus => erweiterter Modus einstellen => links auf Werkzeuge klicken => Berichte anzeigen => Bericht anzeigen => Bericht kopieren und hier einfügen. Ältere Berichte kannst Du über "Frühere Berichte ansehen" anzeigen lassen.



Und falls Avira Funde gemacht hat:


2.) Avira Antivir - Was wurde gefunden?

Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
  • Starte Avira Antivir
  • Unter dem Reiter Übersicht auf Ereignisse klicken
  • Dort bitte überprüfen, dass oben Alle angehakt sind und unter Filter nur das Kästchen Fund, die anderen bitte auslassen.
  • Alle Funde markieren (Sofern vorhanden)
  • Oben auf den runden Pfeil klicken (Ausgewählte Ereignisse exportieren)
  • Unter dem vorgegebenen Namen abspeichern und den Inhalt dieser .txt-Datei hier ebenfalls posten.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 30.12.2010, 17:11   #5
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



okay antivir hat nichts gefunden


spybotlog:
Code:
ATTFilter
--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi
2010-11-30 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2010-12-14 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2010-11-30 Includes\Hijackers.sbi
2010-11-30 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2010-12-14 Includes\KeyloggersC.sbi
2010-12-14 Includes\Malware.sbi
2010-12-28 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-12-14 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-12-14 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-12-28 Includes\Spyware.sbi
2010-12-28 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2010-12-17 Includes\TrojansC-02.sbi
2010-12-16 Includes\TrojansC-03.sbi
2010-12-16 Includes\TrojansC-04.sbi
2010-12-28 Includes\TrojansC-05.sbi
2010-12-28 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
   file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
   size: 35760
    MD5: 466CE40EAA865752F4930A472563E4E1

Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
   file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
   size: 47904
    MD5: 5ECB6C431E7F4F4BF3113B5145F6EF41

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
   file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
   size: 281768
    MD5: 61941D4566C3B09F377E0E1A97BD0D9A

Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
   file: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
   size: 1226608
    MD5: A58E05767687E1E636D160ECEA9BC8ED

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
   file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
   size: 421160
    MD5: E5B82EA4B98828D50C61137BFA8793F1

Located: HK_LM:Run, LogMeIn Hamachi Ui
command: "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
   file: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
   size: 1910152
    MD5: 9099462DE4CB8AFA9FD66832B8EFE00F

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files (x86)\QuickTime\QTTask.exe
   size: 421888
    MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
   file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   size: 246504
    MD5: E0D6538B62C79FCBF0B27F95FAF3208B

Located: HK_CU:Run, Sidebar
  where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
   file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
   size: 1173504
    MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
  where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
   file: C:\Windows\System32\mctadmin.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
  where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
   file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
   size: 1173504
    MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin
  where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
   file: C:\Windows\System32\mctadmin.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Pando Media Booster
  where: S-1-5-21-1130963293-2590934308-1779700388-1001...
command: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
   file: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
   size: 2937528
    MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF

Located: Startup (allgemein), GamersFirst LIVE!.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
   file: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
   size: 2845552
    MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA

Located: Startup (Benutzer), OpenOffice.org 3.2.lnk
  where: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
   file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
   size: 384000
    MD5: 28675E96E9CC2A81C0B0E182674E03C7



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: AcroIEHelperStub
        CLSID name: Adobe PDF Link Helper
              Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
         Long name: AcroIEHelperShim.dll
        Short name:       ACROIE~2.DLL
    Date (created): 21.12.2009 17:27:44
Date (last access): 16.05.2010 18:33:24
 Date (last write): 21.12.2009 17:27:44
          Filesize:              75200
        Attributes:           archive 
               MD5: DC1E56092CC57FB4605B088D3DCCBF7A
             CRC32:           FF82C62B
           Version:          9.3.0.148

{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Canon Easy-WebPrint EX BHO
        CLSID name: Canon Easy-WebPrint EX BHO
              Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\
         Long name:       ewpexbho.dll
        Short name:                   
    Date (created): 15.03.2010 22:10:16
Date (last access): 15.03.2010 22:10:16
 Date (last write): 25.11.2009 11:16:22
          Filesize:             202080
        Attributes:           archive 
               MD5: 6A37CDFFE611498A0AA90B6FC6A2A1B5
             CRC32:           964CC614
           Version:            1.1.0.0

{86bf3498-8c44-4c3d-bbfb-05bd50858039} (Softonic-Eng46 Toolbar)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Softonic-Eng46 Toolbar
              Path: C:\Program Files (x86)\Softonic-Eng46\
         Long name:         tbSoft.dll
        Short name:                   
    Date (created): 09.05.2010 13:00:18
Date (last access): 09.05.2010 13:00:18
 Date (last write): 22.02.2010 11:05:02
          Filesize:            2353176
        Attributes:           archive 
               MD5: 1FECF655218FDF7329BEA67F519C8642
             CRC32:           EEFAFA9D
           Version:            5.3.5.4

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live ID-Anmelde-Hilfsprogramm
              Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 21.09.2010 14:08:38
Date (last access): 06.11.2010 15:32:14
 Date (last write): 21.09.2010 14:08:38
          Filesize:             439168
        Attributes:           archive 
               MD5: 6BF01E200063D7274F3AF06D226671F5
             CRC32:           C8953126
           Version:       7.250.4225.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:         jp2ssv.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:              41760
        Attributes:           archive 
               MD5: 883EF2DD3C9F68691CE02DAAC7267D41
             CRC32:           C0FCD56C
           Version:          6.0.180.7



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:             108320
        Attributes:           archive 
               MD5: AD9E4059789D2389B746C58421194722
             CRC32:           64C51ACB
           Version:          6.0.180.7

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
 Date (last write): 15.03.2010 20:20:48
          Filesize:             108320
        Attributes:           archive 
               MD5: AD9E4059789D2389B746C58421194722
             CRC32:           64C51ACB
           Version:          6.0.180.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_18
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
       description: 
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link: 
       info source: Safer Networking Ltd.
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:    npjpi160_18.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 15.03.2010 20:20:50
Date (last access): 15.03.2010 20:20:50
 Date (last write): 15.03.2010 20:20:50
          Filesize:             136992
        Attributes:           archive 
               MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
             CRC32:           23BC9EDD
           Version:          6.0.180.7

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name: 
        CLSID name: Shockwave Flash Object
         Installer: C:\Windows\Downloaded Program Files\swflash.inf
          Codebase: hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
       description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename: 
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Windows\SysWow64\Macromed\Flash\
         Long name:       Flash10e.ocx
        Short name:                   
    Date (created): 27.01.2010 01:58:36
Date (last access): 15.03.2010 17:42:30
 Date (last write): 27.01.2010 01:58:36
          Filesize:            3981080
        Attributes:  readonly archive 
               MD5: C06E6E160F34CE092301BD2B29067F3F
             CRC32:           D922F8F5
           Version:          10.0.45.2



--- Process list ---
PID:    0 (   0) [System]
PID: 2904 (2656) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 size: 2937528
  MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF
PID: 2960 (2656) C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
 size: 2845552
  MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA
PID:  744 (3024) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 size: 7424000
  MD5: ABC2C67DFD48930F846934B907C3D606
PID: 1876 ( 744) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
 size: 7418368
  MD5: 15D982E21248E9BE337D9B40247AF30E
PID: 2896 (2964) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 size: 281768
  MD5: 61941D4566C3B09F377E0E1A97BD0D9A
PID: 3004 (2964) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 size: 246504
  MD5: E0D6538B62C79FCBF0B27F95FAF3208B
PID:  964 (2964) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
 size: 1910152
  MD5: 9099462DE4CB8AFA9FD66832B8EFE00F
PID: 2732 (2964) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 421160
  MD5: E5B82EA4B98828D50C61137BFA8793F1
PID: 2312 (2964) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 size: 1226608
  MD5: A58E05767687E1E636D160ECEA9BC8ED
PID: 3780 (3488) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
 size: 13088
  MD5: 0933539E330EDBDEB81277AE5F84E7DF
PID:  660 (3004) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 size: 490216
  MD5: E9638B0CBB5DAE86F6E9DA843C19399D
PID: 3024 (2656) C:\Program Files (x86)\iTunes\iTunes.exe
 size: 9777448
  MD5: B52E84B0CB3A58CE93A7FBA19ADAC2ED
PID: 3944 (3024) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
 size: 37664
  MD5: 3C029253D99D17D76D0BD78F5134D7F6
PID: 1268 (2656) C:\Program Files (x86)\Steam\Steam.exe
 size: 1242448
  MD5: 3DD25048297A24AB4B3BFC17ABA5D0DB
PID: 2948 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 size: 912344
  MD5: 0E20A3213ED010FC4997D1EF48082ABC
PID: 3044 (2948) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
 size: 16856
  MD5: BA9A09CF1B9503C363617F3748F6D791
PID: 1488 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID:    4 (   0) System
PID:  260 (   4) smss.exe
PID:  340 ( 332) csrss.exe
PID:  400 ( 332) wininit.exe
 size: 96256
PID:  428 ( 392) csrss.exe
PID:  460 ( 400) services.exe
PID:  476 ( 400) lsass.exe
PID:  484 ( 400) lsm.exe
PID:  540 ( 392) winlogon.exe
PID:  624 ( 460) svchost.exe
 size: 20992
PID:  708 ( 460) nvvsvc.exe
PID:  748 ( 460) svchost.exe
 size: 20992
PID:  844 ( 460) svchost.exe
 size: 20992
PID:  876 ( 460) svchost.exe
 size: 20992
PID:  904 ( 460) svchost.exe
 size: 20992
PID:  984 ( 844) audiodg.exe
PID:  352 ( 460) svchost.exe
 size: 20992
PID:  588 ( 460) svchost.exe
 size: 20992
PID: 1136 ( 708) nvvsvc.exe
PID: 1184 ( 460) spoolsv.exe
PID: 1212 ( 460) sched.exe
PID: 1252 ( 460) svchost.exe
 size: 20992
PID: 1380 ( 460) svchost.exe
 size: 20992
PID: 1400 ( 460) avguard.exe
PID: 1428 ( 460) AppleMobileDeviceService.exe
PID: 1504 ( 460) mDNSResponder.exe
PID: 1548 ( 460) svchost.exe
 size: 20992
PID: 1580 ( 460) hamachi-2.exe
PID: 1604 ( 460) ICQ Service.exe
PID: 1664 (1400) avshadow.exe
PID: 1672 ( 340) conhost.exe
PID: 1736 ( 460) nlssrv32.exe
 size: 57344
PID: 1804 ( 460) PnkBstrA.exe
 size: 75064
PID: 1828 ( 460) nvSCPAPISvr.exe
PID: 1888 ( 460) WLIDSVC.EXE
PID: 1980 (1888) WLIDSVCM.EXE
PID: 2352 ( 460) svchost.exe
 size: 20992
PID: 3060 ( 460) svchost.exe
 size: 20992
PID: 2436 ( 460) wmpnetwk.exe
PID: 2172 ( 460) SearchIndexer.exe
 size: 428032
PID: 2484 ( 460) C:\Windows\System32\taskhost.exe
PID: 2300 ( 876) C:\Windows\System32\dwm.exe
PID: 2656 (2272) C:\Windows\explorer.exe
 size: 2870272
  MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 2908 (2656) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
 size: 2184520
  MD5: BA636F9E95FA09C1F7A0F394B75AC85B
PID: 3380 ( 460) iPodService.exe
PID: 4024 ( 460) svchost.exe
 size: 20992
PID: 3808 ( 428) C:\Windows\System32\conhost.exe
PID: 3136 ( 428) C:\Windows\System32\conhost.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30.12.2010 17:09:24

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://www.google.de/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol  0: MSAFD-Tcpip [TCP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  1: MSAFD-Tcpip [UDP/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  2: MSAFD-Tcpip [RAW/IP]
        GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IP protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  3: MSAFD-Tcpip [TCP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  4: MSAFD-Tcpip [UDP/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  5: MSAFD-Tcpip [RAW/IPv6]
        GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP IPv6 protocol
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: MSAFD Tcpip[*]

Protocol  6: RSVP-TCPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  7: RSVP-TCP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  8: RSVP-UDPv6-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Protocol  9: RSVP-UDP-Dienstanbieter
        GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
 Description: Microsoft Windows NT/2k/XP RVSP
 DB filename: %SystemRoot%\system32\rsvpsp.dll
 DB protocol: RSVP * Service Provider

Namespace Provider  0: NLA (Network Location Awareness, NLAv1)-Namespace
        GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: 
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: NLA-Namespace

Namespace Provider  1: TCP/IP
        GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: 
 Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
 DB filename: %SystemRoot%\system32\mswsock.dll
 DB protocol: TCP/IP

Namespace Provider  2: NTDS
        GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
 Description: Microsoft Windows NT/2k/XP name space provider
 DB filename: %SystemRoot%\system32\winrnr.dll
 DB protocol: NTDS

Namespace Provider  3: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename: 

Namespace Provider  4: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  5: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  6: mdnsNSP
        GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 Description: Apple Rendezvous protocol
 DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
 DB protocol: mdnsNSP

Namespace Provider  7: WindowsLive NSP
        GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

Namespace Provider  8: WindowsLive Local NSP
        GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
    Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
         


Alt 30.12.2010, 20:49   #6
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Soweit erstmal nichts ernstes zu sehen.


1.) Deinstallation von Software
  • -> Start
  • -> Systemsteuerung
  • -> Programme und Funktionen
  • -> Programm deinstallieren
  • Wähle nun jeweils eine Software aus:
    Code:
    ATTFilter
    Skype Toolbars
    Google Update Helper
    ICQ Toolbar
    softonic-de3 Toolbar
    Softonic-Eng46 Toolbar
             
  • -> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.





2.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran den "." wieder in deinen Benutzernamen zu ändern!

    Code:
    ATTFilter
    :OTL
    SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found
    [2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part
    [2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe
    [2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





3.) Malwarebytes Antimalware
Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel:

Malwarebytes - MajorGeeks.com - BestTechie
  • Anwendbar auf Windows 2000, XP, Vista und Win7.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista & Win 7 das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Aktualisierung), wenn das nicht automatisch passiert.
  • Aktiviere "Vollständigen Suchlauf durchführen" => Scan.
  • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
  • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
  • Versichere Dich, dass alle Funde markiert sind.
  • Achtung: Bitte alle Funde, die im Ordner "C:\System Volume Information" gemacht werden sollten, vorerst noch nicht markieren sie sollen noch bestehen bleiben und können nichts anrichten.
  • Drücke auf "Löschen"
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.





4.) Eset Online Scan
ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.





Bitte poste in deiner nächsten Antwort:
  • Das Logfile vom OTL-Fix (Schritt 2)
  • Das Logfile von Malwarebytes Antimalware (Schritt 3)
  • Das Logfile vom Eset Onlinescan (Schritt 4)
__________________
--> System Tool 2011 Extreme

Alt 31.12.2010, 14:26   #7
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



MALEWAREBYTES
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5426

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.12.2010 01:17:22
mbam-log-2010-12-31 (01-17-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 595161
Laufzeit: 1 Stunde(n), 19 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\\documents\fritz!box_reconnect\bat\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\Users\\documents\fritz!box_reconnect\exe\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
         
OTL
Code:
ATTFilter
All processes killed
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ctfmions:C:\Windows\system32\mshtHost.dll deleted successfully.
C:\Users\\Desktop\OTL.exe.part moved successfully.
C:\Users\\Desktop\mbam-setup-1.50.1.1100.exe moved successfully.
C:\Users\\Desktop\ccsetup302.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: 
->Temp folder emptied: 57161292 bytes
->Temporary Internet Files folder emptied: 2202764 bytes
->Java cache emptied: 1666119 bytes
->FireFox cache emptied: 731879643 bytes
->Google Chrome cache emptied: 6278376 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8996 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1910 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 764,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.18.2 log created on 12302010_234519

Files\Folders moved on Reboot...
C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=41eff60002fe594a9893f794f62c4f74
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-31 12:40:17
# local_time=2010-12-31 01:40:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 9460 30288329 36879 0
# compatibility_mode=5893 16776573 100 94 218767 46160744 0 0
# compatibility_mode=8192 67108863 100 0 3858 3858 0 0
# scanned=8029
# found=0
# cleaned=0
# scan_time=943
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=41eff60002fe594a9893f794f62c4f74
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-31 01:21:58
# local_time=2010-12-31 02:21:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 49040 30327909 76459 0
# compatibility_mode=5893 16776573 100 94 5632 46200324 0 0
# compatibility_mode=8192 67108863 100 0 43438 43438 0 0
# scanned=448802
# found=1
# cleaned=0
# scan_time=7065
C:\Program Files (x86)\GamersFirst\War Rock\System\WarRock.exe	a variant of Win32/Packed.Themida application (unable to clean)	00000000000000000000000000000000	I
         

Alt 31.12.2010, 16:19   #8
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Okay. Wie läuft der PC?
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 31.12.2010, 16:46   #9
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



gut soweit, gestern irgendwann hat antivir noch ein trojaner gefunden, ansonsten keine beschwerden.


danke schonmal

Alt 31.12.2010, 17:30   #10
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Wo hat Avira denn den Trojaner gefunden? Ich brauche immer den Dateinamen und den Fundort! Zb. C:\Windows\System32\böse.exe
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 31.12.2010, 19:24   #11
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Die Datei 'C:\ProgramData\lFfKf09000\lFfKf09000.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.akcc' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48131536.qua' verschoben!

Alt 01.01.2011, 14:48   #12
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Okay poste mir bitte nochmal zwei neue OTL-Logfiles:


Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 01.01.2011, 16:05   #13
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Code:
ATTFilter
OTL logfile created on: 01.01.2011 15:57:09 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS
Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: -PC | User Name:  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.19 11:03:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.15 01:31:50 | 000,286,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe Photoshop CS5\App\PhotoshopCS5\LogTransport2.exe
PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai)
SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins
 
[2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions
[2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions
[2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au
[2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam
[2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com
[2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions
[2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml
[2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml
[2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml
[2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml
[2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml
[2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions
[2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14749 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.31 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Signaturen
[2010.12.31 12:04:57 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Neuer Ordner
[2010.12.31 01:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.12.30 23:45:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\backups
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\\Desktop\spybotsd162.exe
[2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe
[2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000
[2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Adobe
[2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Render
[2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\PSDS
[2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Adobe
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Opera
[2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Opera
[2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8
[2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Avira
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.01 15:46:36 | 000,036,845 | ---- | M] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg
[2011.01.01 15:40:50 | 000,102,184 | ---- | M] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg
[2011.01.01 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.01 12:18:35 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.01 12:18:35 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.01 12:18:35 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.01 12:18:35 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.01 12:18:35 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.01 12:14:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.01 12:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.01 12:14:03 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.31 18:13:28 | 000,000,059 | ---- | M] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL
[2010.12.31 17:13:01 | 000,070,987 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-1.jpg
[2010.12.31 16:33:08 | 000,071,685 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-2.jpg
[2010.12.31 16:03:53 | 000,076,203 | ---- | M] () -- C:\Users\\Desktop\Style Signature.jpg
[2010.12.31 16:02:34 | 000,114,134 | ---- | M] () -- C:\Users\\Desktop\Style Signature.psd
[2010.12.31 01:19:10 | 002,672,312 | ---- | M] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe
[2010.12.31 00:21:45 | 000,000,462 | ---- | M] () -- C:\Users\\Desktop\listen-dsl.asx
[2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
[2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\\Desktop\spybotsd162.exe
[2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe
[2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\\Desktop\nature-signature.jpg
[2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\\Desktop\allianz_arena_2.jpg
[2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\\Desktop\Real Render by TribunX.7z
[2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\\Desktop\dergruene.rar
[2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\\Desktop\W_Solo.jpg
[2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\\Desktop\COD.psd
[2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\\Desktop\wallpaper-284412.png
[2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd
[2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\\Desktop\wallpaper-177338.jpg
[2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.png
[2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip
 
========== Files Created - No Company Name ==========
 
[2011.01.01 15:46:36 | 000,036,845 | ---- | C] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg
[2011.01.01 15:40:50 | 000,102,184 | ---- | C] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg
[2010.12.31 18:13:28 | 000,000,059 | ---- | C] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL
[2010.12.31 16:03:52 | 000,076,203 | ---- | C] () -- C:\Users\\Desktop\Style Signature.jpg
[2010.12.31 16:02:34 | 000,114,134 | ---- | C] () -- C:\Users\\Desktop\Style Signature.psd
[2010.12.31 01:19:04 | 002,672,312 | ---- | C] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe
[2010.12.31 00:21:03 | 000,000,462 | ---- | C] () -- C:\Users\\Desktop\listen-dsl.asx
[2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.30 13:53:06 | 000,071,685 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-2.jpg
[2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk
[2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\\Desktop\nature-signature.jpg
[2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf
[2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg
[2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users\\Desktop\allianz_arena_2.jpg
[2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\\Desktop\LIL-Wayne-psd51253.png
[2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\\Desktop\dergruene.rar
[2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\\Desktop\Real Render by TribunX.7z
[2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\\Desktop\W_Solo.jpg
[2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar
[2010.12.28 18:56:21 | 000,070,987 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-1.jpg
[2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg
[2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\\Desktop\INFECTED.ttf
[2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip
[2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\\Desktop\COD.psd
[2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\\Desktop\kugel.psd
[2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg
[2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\\Desktop\mushir_patternset1.pat
[2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\\Desktop\attachment.jpg
[2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\\Desktop\wallpaper-284412.png
[2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3 by KeReN-R.abr
[2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip
[2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd
[2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.jpg
[2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.psd
[2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.png
[2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\\Desktop\wallpaper-177338.jpg
[2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64
[2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip
[2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip
[2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip
[2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini
[2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\\AppData\Roaming\clipboard.txt
[2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 01.01.2011 15:57:09 - Run 2
OTL by OldTimer - Version 3.2.18.2     Folder = C:\Users\
\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS
Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: 
-PC | User Name: 
 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"iTSfv_is1" = iTSfv 5.61.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fraps" = Fraps
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"HyperCam 2" = HyperCam 2
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47770" = Medal of Honor Beta
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2010 20:20:15 | Computer Name = 
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 07:23:24 | Computer Name = 
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 07:23:43 | Computer Name = 
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 07:23:44 | Computer Name = 
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 09:23:46 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 15:36:04 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 31.12.2010 15:39:15 | Computer Name = -PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 31.12.2010 15:39:47 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 01.01.2011 09:01:31 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 01.01.2011 09:02:54 | Computer Name = -PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren.
 
Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren.
 
Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren.
 
Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren.
 
Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren.
 
Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren.
 
Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren.
 
Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren.
 
Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 01.01.2011, 22:10   #14
rea
/// Helfer-Team
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



So gehts weiter:



1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran deinen Benutzernamen wieder einzutragen!

    Code:
    ATTFilter
    :OTL
    IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
    FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
    [2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml
    [2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml
    [2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml
    [2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml
    [2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml
    [2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000
    [2010.12.31 01:19:10 | 002,672,312 | ---- | M] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
             
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





2.) Einstellungen prüfen unter Windows 7

Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
  • Starte den Windows Explorer (Rechtsklick auf Start -> Explorer)
  • => Organisieren
  • => Ordner- und Suchoptionen
  • => Ansicht
  • => Dateien und Ordner
  • Ändere folgende Einstellungen:
    • Entferne den Haken bei
      • Erweiterungen bei bekannten Dateitypen ausblenden
      • Geschützte Systemdateien ausblenden
    • Setze den Haken bei
      • Immer Menü anzeigen
      • Laufwerksbuchstaben anzeigen
      • Leere Laufwerke im Ordner Computer ausblenden
    • Unter "Versteckte Dateien und Ordner" setzt du den Punkt bei
      • Ausgeblendete Dateien, Ordner und Laufwerke anzeigen





3.) Dateiüberprüfung auf Virustotal
Besuche Virustotal
Suche dort nacheinander folgende Dateien und lade sie über den Button "Send file" hoch.
Code:
ATTFilter
C:\fsqwr.bmp
         
Die Überprüfung kann jeweils einige Minuten dauern. Wenn die Datei bereits von anderen Usern geprüft wurde, lasse sie erneut prüfen. Poste mir die Ergebnisse mit Kopf und allem in Codetags hier in den Thread.
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid.





4.) Java aktualisieren
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.





5.) Sicherheitsrisiko Adobe Acrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader X" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).





Bitte poste in deiner nächsten Antwort:
  • Das Fixlog von OTL (Schritt 1)
  • Das Ergebnis der Dateiüberprüfung auf Virustotal (Schritt 3)
__________________
mfg, rea

*Auch du brauchst Hilfe bei einem Malwareproblem?*

*TB-Spendenkonto*


Hier könnte ein schlauer Spruch stehen.
Naja .... könnte!

Alt 02.01.2011, 16:09   #15
pir4nha
 
System Tool 2011 Extreme - Standard

System Tool 2011 Extreme



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Softonic-Eng46 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml moved successfully.
Folder C:\ProgramData\lFfKf09000\ not found.
C:\Users\\Desktop\esetsmartinstaller_enu.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: 
->Temp folder emptied: 519460933 bytes
->Temporary Internet Files folder emptied: 5343465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 216412423 bytes
->Google Chrome cache emptied: 6866843 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9907 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 713,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.18.2 log created on 01022011_152314

Files\Folders moved on Reboot...
C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D397A3Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D462039d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D7A5350d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6E1B45F2d01 not found!
File\Folder C:\Users\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6ED67E8Ad01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6EF66F3Ad01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F064D01d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F3BA44Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F8F2D34d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FE827D8d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FF0AB43d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\701A92EEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\702374ACd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C5E1B5B2d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6276D85d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6BBC6FEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6F47057d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C7C86ABFd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8051499d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C811C2E5d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C822D4A6d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F13C2d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F484Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C86B9E07d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8886357d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9011321d01 not found!
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C915444Bd01 moved successfully.
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9363504d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9DEDB2Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9EDFF7Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CA90C243d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CAA4DE56d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBB1CB6Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBE10192d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBEFABBEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD180734d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD34221Cd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD552AA1d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEDC8CABd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEF8938Cd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF1316D4d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF528845d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF6D7AD0d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CFC7EA92d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D081ED70d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D0B59087d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D144B14Cd01 not found!
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\urlclassifier3.sqlite moved successfully.
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XPC.mfl moved successfully.
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
         

Code:
ATTFilter
fsqwr.bmp
Submission date:
2011-01-02 15:05:51 (UTC)
Current status:
queued (#7) queued (#8) analysing finished
Result:
0/ 43 (0.0%)

Antivirus results
AhnLab-V3 - 2011.01.02.00 - 2011.01.01 - -
AntiVir - 7.11.0.248 - 2011.01.01 - -
Antiy-AVL - 2.0.3.7 - 2011.01.02 - -
Avast - 4.8.1351.0 - 2011.01.02 - -
Avast5 - 5.0.677.0 - 2011.01.02 - -
AVG - 9.0.0.851 - 2011.01.02 - -
BitDefender - 7.2 - 2011.01.02 - -
CAT-QuickHeal - 11.00 - 2011.01.02 - -
ClamAV - 0.96.4.0 - 2011.01.01 - -
Command - 5.2.11.5 - 2011.01.01 - -
Comodo - 7273 - 2011.01.02 - -
DrWeb - 5.0.2.03300 - 2011.01.02 - -
Emsisoft - 5.1.0.1 - 2011.01.02 - -
eSafe - 7.0.17.0 - 2010.12.30 - -
eTrust-Vet - None - 2010.12.31 - -
F-Prot - 4.6.2.117 - 2011.01.01 - -
F-Secure - 9.0.16160.0 - 2011.01.02 - -
Fortinet - 4.2.254.0 - 2011.01.02 - -
GData - 21 - 2011.01.02 - -
Ikarus - T3.1.1.90.0 - 2011.01.02 - -
Jiangmin - 13.0.900 - 2011.01.02 - -
K7AntiVirus - 9.75.3406 - 2010.12.31 - -
Kaspersky - 7.0.0.125 - 2011.01.02 - -
McAfee - 5.400.0.1158 - 2011.01.02 - -
McAfee-GW-Edition - 2010.1C - 2011.01.01 - -
Microsoft - 1.6402 - 2011.01.02 - -
NOD32 - 5753 - 2011.01.02 - -
Norman - 6.06.12 - 2011.01.01 - -
nProtect - 2011-01-02.01 - 2011.01.02 - -
Panda - 10.0.2.7 - 2011.01.02 - -
PCTools - 7.0.3.5 - 2011.01.02 - -
Prevx - 3.0 - 2011.01.02 - -
Rising - 22.80.04.04 - 2010.12.31 - -
Sophos - 4.60.0 - 2011.01.02 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.01.01 - -
Symantec - 20101.3.0.103 - 2011.01.02 - -
TheHacker - 6.7.0.1.109 - 2010.12.30 - -
TrendMicro - 9.120.0.1004 - 2011.01.02 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2011.01.02 - -
VBA32 - 3.12.14.2 - 2010.12.30 - -
VIPRE - 7922 - 2011.01.02 - -
ViRobot - 2010.12.31.4232 - 2011.01.02 - -
VirusBuster - 13.6.122.0 - 2011.01.01 - -
File info:
MD5: dbc2a803c50fe550e257108fdca9de11
SHA1: 6f440a3ca8a0dd7c965ea046df154af792f55fc7
SHA256: 311957539b85983277009c8c1285c8661860f1ecf5802319fd2ca22203ac4a87
File size: 1228854 bytes
Scan date: 2011-01-02 15:05:51 (UTC)
         

Antwort

Themen zu System Tool 2011 Extreme
antivir, bildschirm, bluescreen, bot, checken, entfernen, erste mal, firefox, frage, funktioniert nicht mehr, gelöscht, google, google bilder, hijack, hintergrund, internet, nerven, netzwerk, opera, problem, programme, starten, system, system tools, system wiederherstellung, systemwiederherstellung, task manager funktioniert nicht, trojaner, viren, virus, virus eingefangen, öffnet




Ähnliche Themen: System Tool 2011 Extreme


  1. Avira meldet EXP/2011-3544.BY.1, ist mein System noch sicher?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (5)
  2. System Security 2011 entfernen
    Anleitungen, FAQs & Links - 24.10.2011 (2)
  3. Der Prozess "System" und seine extreme Speicherauslastung
    Log-Analyse und Auswertung - 06.07.2011 (1)
  4. system tool
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (27)
  5. System mit System-Tool befallen
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (26)
  6. System tool 2011 zunächst bekämpft - aber wie gehts weiter?
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (14)
  7. System Tool 2011 infection. Abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 28.02.2011 (26)
  8. XP Anti-Spyware 2011, Vista Security 2011, Win 7 Internet Security 2011 entfernen
    Anleitungen, FAQs & Links - 18.02.2011 (2)
  9. System tools 2011 - Abgesicherter Modus startet nicht
    Plagegeister aller Art und deren Bekämpfung - 24.01.2011 (3)
  10. System Tool
    Plagegeister aller Art und deren Bekämpfung - 23.01.2011 (18)
  11. System Tool 2011 legt PC lahm
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (3)
  12. "System Tool 2011"
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (2)
  13. System Tool 2011?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (16)
  14. AntiVirus System 2011 entfernen
    Anleitungen, FAQs & Links - 06.01.2011 (2)
  15. Security Tool 2011 - seltsames Verhalten der Malware
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (0)
  16. System tool
    Log-Analyse und Auswertung - 31.12.2010 (3)
  17. hijack log System extreme langsam !
    Log-Analyse und Auswertung - 26.05.2006 (1)

Zum Thema System Tool 2011 Extreme - Hallo ich ahbe ein ziemlich großes Problem, gestern abend ging mein PC quasi in die Brüche. Ich habe mir den System Tool Virus eingefangen seit dem geht nichts mehr. Vorweg, - System Tool 2011 Extreme...
Archiv
Du betrachtest: System Tool 2011 Extreme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.