|
Plagegeister aller Art und deren Bekämpfung: System Tool 2011 ExtremeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2010, 12:18 | #1 |
| System Tool 2011 Extreme Hallo ich ahbe ein ziemlich großes Problem, gestern abend ging mein PC quasi in die Brüche. Ich habe mir den System Tool Virus eingefangen seit dem geht nichts mehr. Vorweg, es gab ein paar anzeichen vorher wie zum Beispiel Trojaner die gelöscht werden mussten (Antivir hat sie erkannt). Außerdem kam bei Google Bilder die Meldung: "Kann nicht ausgeführt werden, ihr PC sendet automatische Anfragen" (so weit ich weiß kann das auf ein Botnetzwerk hinweisen, habe selbst überhaupt keine ahnung habs nur gegooglet. Nunja gestern Abend surfte ich im Internet, als sich plötzlich mein Hintergrund änderte und mir System Tools alle 5 Sek. mit seiner "Sie haben 10 000 Viren Meldung" auf die nerven ging. Wenns nur das wäre hätte ich auch keine Probleme, aber es kamen noch weitere Sachen hinzu die mir das PC Leben dann doch erschwerten. 1. Ich kann nichts mehr ausführen, kein hijack oder antivir ( welches sich, wen wunderts, komplett verkrümmelt hat ). Ich kann noch das Internet ausführen, jedoch öffnet sich Opera garnicht, Firefox stürzt jede Minute ab ohen Grund und Chrome hat auch keine Lust. Das einzigste was Problem los lief war Internet Explorer. 2. Task Manager funktioniert nicht mehr ( es kommt eine Meldung mit schwarzem bildschirm) 3. Systemwiederherstellung reagierte nicht mehr. 4. Der PC stürzte 2mal ab und es erschien ein Bluescreen mit der Meldung das ich den PC kaltstarten sollte und mir wenns niochmal passiert sorgen machen sollte (so in etwa ). Bluescreen kam in beiden fällen, dazu muss ichs agen das der schonmal kam vor einigen Monaten, aber da wars halt das erste Mal und ich hab mir keine Gedanken gemacht. Das ganze ist im normalen Modus. Eben habe ich den PC über den abgesicherten Modus angemacht, und bis jetzt läuft alles. Antivir macht egrade einen Systemcheck. Ich kann auch System wiederherstellung amchen, sodass System Tools 2011 nicht drauf ist. Das ist wenigstens mal eine Möglichkeit IRGENDETWAS zu machen... Meine Frage, wie gehe ich am besten vor um den Virus restlos zu entfernen? Ich würde erst Antivir zuende checken lassen, dann Systemwiederherstellung und alle Virenprogramme durchlaufen lassen die finden kann. Allerdings scheint der Virus ja tief zu sitzen wenn sogar Bluescreen erscheint oder irrre ich mich? Ganz schön langer Text, helft mir bitte trotzdem DANKE Edit: hijack file habe ich eben an diesem PC ausgewertet (externe festplatte sei dank) und er hat nichts gefunden. Edit2: kann das evtl. daran liegen, das ich es im abgesicherten modus hab laufen lassen? kenn mich nicht aus ;D ich habe jetzt im abgesicherten Modus Spybot durchlaufen lassen und CCleaner. Spybot hat 106 Fehler behoben und der Virus scheint weg zu sein, wie es im moment scheint. das heißt es funktioniert alles wieder. da der virus aber bestimmt nicht restlos weg ist, brauch ich immer noch hilfe.. welche logs soll ich posten? ich brauch meinen PC heute noch |
30.12.2010, 15:37 | #2 |
/// Helfer-Team | System Tool 2011 Extreme Hallo pir4nha und willkommen am Trojaner Board,
__________________je nach noch vorhandenem Befall kann so eine Bereinigung schon mal ein paar Tage dauern und an einem Tag wird das meist nix, das solltest du erstmal im Vorraus wissen (Wir Helfer können auch nicht nonstop online sein) Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: Poste zuerst einmal die schon erstellten Logs, also von Avira Antivir und das von Spybot. Das Logfile von HijackThis ist nicht nötig. Erstelle stattdessen mit dem folgenden Tool neue Logfiles und poste sie hierher: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
30.12.2010, 16:35 | #3 |
| System Tool 2011 ExtremeCode:
ATTFilter OTL logfile created on: 30.12.2010 16:13:32 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\...\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS Computer Name: ...-PC | User Name: .. | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe ========== Modules (SafeList) ========== MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions [2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net [2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au [2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam [2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com [2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions [2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml [2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml [2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml [2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml [2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml [2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.15 18:57:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions [2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng46 Toolbar) - {86BF3498-8C44-4C3D-BBFB-05BD50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe [2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part [2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Malwarebytes [2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe [2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\backups [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\.\Desktop\spybotsd162.exe [2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe [2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe [2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000 [2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Adobe [2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\Render [2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\PSDS [2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Adobe [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Opera [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Opera [2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8 [2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Avira [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe [2010.12.30 16:08:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part [2010.12.30 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 14:09:58 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.30 14:09:58 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.30 14:09:58 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.30 14:09:58 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.30 14:09:58 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.30 14:07:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.30 14:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.30 14:04:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 13:53:07 | 000,066,999 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-2.jpg [2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.12.30 13:33:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe [2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\.\Desktop\spybotsd162.exe [2010.12.30 12:31:12 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe [2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp [2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe [2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\.\Desktop\nature-signature.jpg [2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\.\Desktop\allianz_arena_2.jpg [2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\.\Desktop\Real Render by TribunX.7z [2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\.\Desktop\dergruene.rar [2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\.\Desktop\W_Solo.jpg [2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:23 | 000,159,557 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-1.jpg [2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\.\Desktop\COD.psd [2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\.\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\.\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\.\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-284412.png [2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd [2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-177338.jpg [2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.png [2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:06 | 000,066,999 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-2.jpg [2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp [2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\.\Desktop\nature-signature.jpg [2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users.\Desktop\allianz_arena_2.jpg [2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\.\Desktop\LIL-Wayne-psd51253.png [2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\.\Desktop\dergruene.rar [2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\.\Desktop\Real Render by TribunX.7z [2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\.\Desktop\W_Solo.jpg [2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:21 | 000,159,557 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-1.jpg [2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\.\Desktop\INFECTED.ttf [2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\.\Desktop\COD.psd [2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\.\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\.\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\.\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-284412.png [2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3 by KeReN-R.abr [2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd [2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\..\Desktop\wallpaper-297605.png [2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-177338.jpg [2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\.\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini [2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\.\AppData\Roaming\clipboard.txt [2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll ========== LOP Check ========== [2010.10.01 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Alien Skin [2010.03.18 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Canon [2010.12.30 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\DNA [2010.11.22 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\gtk-2.0 [2010.12.17 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Hiku [2010.12.28 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\ICQ [2010.05.03 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\iTSfv [2010.12.17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Ogetv [2010.03.15 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\OpenOffice.org [2010.12.22 12:28:48 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Opera [2010.03.21 20:32:12 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Teeworlds [2010.10.02 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\TS3Client [2010.12.16 10:24:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > extra: Code:
ATTFilter OTL Extras logfile created on: 30.12.2010 16:13:32 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS Computer Name: -PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "iTSfv_is1" = iTSfv 5.61.0.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40 "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12345_is1" = WeGame Client Beta 2.1.3 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "Album Art Downloader XUI" = Album Art Downloader XUI 0.33 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Eye Candy 6" = Alien Skin Eye Candy 6 "Fraps" = Fraps "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2 "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst War Rock" = War Rock "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "Gothic II" = Gothic II "Guild Wars" = GUILD WARS "HyperCam 2" = HyperCam 2 "ICQToolbar" = ICQ Toolbar "JDownloader" = JDownloader "LHTTSGED" = L&H TTS3000 Deutsch "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NAVIGON Fresh" = NAVIGON Fresh 3.0.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Oblivion mod manager_is1" = Oblivion mod manager 1.1.9 "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "OpenAL" = OpenAL "Opera 11.00.1156" = Opera 11.00 "paw·ned²" = paw·ned² v1.3 "PunkBusterSvc" = PunkBuster Services "softonic-de3 Toolbar" = softonic-de3 Toolbar "Softonic-Eng46 Toolbar" = Softonic-Eng46 Toolbar "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 240" = Counter-Strike: Source "Steam App 300" = Day of Defeat: Source "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 41010" = Serious Sam HD: The Second Encounter "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 47770" = Medal of Honor Beta "Steam App 9340" = Company of Heroes: Opposing Fronts "Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Universal Extractor_is1" = Universal Extractor 1.6.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.0 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 29.12.2010 21:16:51 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 29.12.2010 21:17:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 29.12.2010 21:22:13 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 29.12.2010 21:22:14 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 29.12.2010 21:24:36 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 30.12.2010 06:36:15 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = VSS | ID = 8193 Description = Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = System Restore | ID = 8193 Description = Error - 30.12.2010 06:48:32 | Computer Name = -PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: cchrome.exe, Version: 0.0.0.0, Zeitstempel: 0x4cffee6d Name des fehlerhaften Moduls: chrome.dll, Version: 8.0.552.224, Zeitstempel: 0x4cffee38 Ausnahmecode: 0x80000003 Fehleroffset: 0x000d1649 ID des fehlerhaften Prozesses: 0x5a4 Startzeit der fehlerhaften Anwendung: 0x01cba80f0f22ac3e Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\cchrome.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\chrome.dll Berichtskennung: 576b3937-1402-11e0-b727-ad342654e7b7 Error - 30.12.2010 08:00:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0 Description = [ System Events ] Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren. Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren. Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren. Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren. Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren. Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren. Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren. Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren. Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren. < End of report > antivirr hab ich nicht zuende gemacht und spybot find ichd en log nicht. |
30.12.2010, 16:58 | #4 |
/// Helfer-Team | System Tool 2011 Extreme Schau wegen Spybot mal hier: 1.) Berichte in Spybot Search&Destroy anzeigen lassen Spybot starten => im Menü Modus => erweiterter Modus einstellen => links auf Werkzeuge klicken => Berichte anzeigen => Bericht anzeigen => Bericht kopieren und hier einfügen. Ältere Berichte kannst Du über "Frühere Berichte ansehen" anzeigen lassen. Und falls Avira Funde gemacht hat: 2.) Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
30.12.2010, 17:11 | #5 |
| System Tool 2011 Extreme okay antivir hat nichts gefunden spybotlog: Code:
ATTFilter --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2010-12-30 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-10-05 Includes\Adware.sbi 2010-11-30 Includes\AdwareC.sbi 2010-08-13 Includes\Cookies.sbi 2010-12-14 Includes\Dialer.sbi 2010-12-14 Includes\DialerC.sbi 2010-01-25 Includes\HeavyDuty.sbi 2010-11-30 Includes\Hijackers.sbi 2010-11-30 Includes\HijackersC.sbi 2010-09-15 Includes\iPhone.sbi 2010-12-14 Includes\Keyloggers.sbi 2010-12-14 Includes\KeyloggersC.sbi 2010-12-14 Includes\Malware.sbi 2010-12-28 Includes\MalwareC.sbi 2010-05-18 Includes\PUPS.sbi 2010-12-14 Includes\PUPSC.sbi 2010-01-25 Includes\Revision.sbi 2009-01-13 Includes\Security.sbi 2010-12-14 Includes\SecurityC.sbi 2008-06-03 Includes\Spybots.sbi 2008-06-03 Includes\SpybotsC.sbi 2010-12-28 Includes\Spyware.sbi 2010-12-28 Includes\SpywareC.sbi 2010-03-08 Includes\Tracks.uti 2010-12-28 Includes\Trojans.sbi 2010-12-17 Includes\TrojansC-02.sbi 2010-12-16 Includes\TrojansC-03.sbi 2010-12-16 Includes\TrojansC-04.sbi 2010-12-28 Includes\TrojansC-05.sbi 2010-12-28 Includes\TrojansC.sbi 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Unknown Windows version 6.1 (Build: 7600) (6.1.7600) --- Startup entries list --- Located: HK_LM:Run, Adobe ARM command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe size: 932288 MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe size: 35760 MD5: 466CE40EAA865752F4930A472563E4E1 Located: HK_LM:Run, AppleSyncNotifier command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe size: 47904 MD5: 5ECB6C431E7F4F4BF3113B5145F6EF41 Located: HK_LM:Run, avgnt command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe size: 281768 MD5: 61941D4566C3B09F377E0E1A97BD0D9A Located: HK_LM:Run, DivXUpdate command: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW file: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe size: 1226608 MD5: A58E05767687E1E636D160ECEA9BC8ED Located: HK_LM:Run, iTunesHelper command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe" file: C:\Program Files (x86)\iTunes\iTunesHelper.exe size: 421160 MD5: E5B82EA4B98828D50C61137BFA8793F1 Located: HK_LM:Run, LogMeIn Hamachi Ui command: "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start file: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe size: 1910152 MD5: 9099462DE4CB8AFA9FD66832B8EFE00F Located: HK_LM:Run, QuickTime Task command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime file: C:\Program Files (x86)\QuickTime\QTTask.exe size: 421888 MD5: 0AEE5668EB59912F32FF245BFA72465F Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe size: 246504 MD5: E0D6538B62C79FCBF0B27F95FAF3208B Located: HK_CU:Run, Sidebar where: S-1-5-19... command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe size: 1173504 MD5: EA6EADF6314E43783BA8EEE79F93F73C Located: HK_CU:RunOnce, mctadmin where: S-1-5-19... command: C:\Windows\System32\mctadmin.exe file: C:\Windows\System32\mctadmin.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, Sidebar where: S-1-5-20... command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe size: 1173504 MD5: EA6EADF6314E43783BA8EEE79F93F73C Located: HK_CU:RunOnce, mctadmin where: S-1-5-20... command: C:\Windows\System32\mctadmin.exe file: C:\Windows\System32\mctadmin.exe size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: HK_CU:Run, Pando Media Booster where: S-1-5-21-1130963293-2590934308-1779700388-1001... command: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe file: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe size: 2937528 MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF Located: Startup (allgemein), GamersFirst LIVE!.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe file: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe size: 2845552 MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA Located: Startup (Benutzer), OpenOffice.org 3.2.lnk where: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe size: 384000 MD5: 28675E96E9CC2A81C0B0E182674E03C7 --- Browser helper object list --- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: AcroIEHelperStub CLSID name: Adobe PDF Link Helper Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\ Long name: AcroIEHelperShim.dll Short name: ACROIE~2.DLL Date (created): 21.12.2009 17:27:44 Date (last access): 16.05.2010 18:33:24 Date (last write): 21.12.2009 17:27:44 Filesize: 75200 Attributes: archive MD5: DC1E56092CC57FB4605B088D3DCCBF7A CRC32: FF82C62B Version: 9.3.0.148 {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Canon Easy-WebPrint EX BHO CLSID name: Canon Easy-WebPrint EX BHO Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\ Long name: ewpexbho.dll Short name: Date (created): 15.03.2010 22:10:16 Date (last access): 15.03.2010 22:10:16 Date (last write): 25.11.2009 11:16:22 Filesize: 202080 Attributes: archive MD5: 6A37CDFFE611498A0AA90B6FC6A2A1B5 CRC32: 964CC614 Version: 1.1.0.0 {86bf3498-8c44-4c3d-bbfb-05bd50858039} (Softonic-Eng46 Toolbar) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Softonic-Eng46 Toolbar Path: C:\Program Files (x86)\Softonic-Eng46\ Long name: tbSoft.dll Short name: Date (created): 09.05.2010 13:00:18 Date (last access): 09.05.2010 13:00:18 Date (last write): 22.02.2010 11:05:02 Filesize: 2353176 Attributes: archive MD5: 1FECF655218FDF7329BEA67F519C8642 CRC32: EEFAFA9D Version: 5.3.5.4 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Windows Live ID-Anmelde-Hilfsprogramm Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 21.09.2010 14:08:38 Date (last access): 06.11.2010 15:32:14 Date (last write): 21.09.2010 14:08:38 Filesize: 439168 Attributes: archive MD5: 6BF01E200063D7274F3AF06D226671F5 CRC32: C8953126 Version: 7.250.4225.0 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 15.03.2010 20:20:48 Date (last access): 15.03.2010 20:20:48 Date (last write): 15.03.2010 20:20:48 Filesize: 41760 Attributes: archive MD5: 883EF2DD3C9F68691CE02DAAC7267D41 CRC32: C0FCD56C Version: 6.0.180.7 --- ActiveX list --- {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_18 Installer: Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 15.03.2010 20:20:48 Date (last access): 15.03.2010 20:20:48 Date (last write): 15.03.2010 20:20:48 Filesize: 108320 Attributes: archive MD5: AD9E4059789D2389B746C58421194722 CRC32: 64C51ACB Version: 6.0.180.7 {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_18 Installer: Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: jp2iexp.dll Short name: Date (created): 15.03.2010 20:20:48 Date (last access): 15.03.2010 20:20:48 Date (last write): 15.03.2010 20:20:48 Filesize: 108320 Attributes: archive MD5: AD9E4059789D2389B746C58421194722 CRC32: 64C51ACB Version: 6.0.180.7 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_18 Installer: Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files (x86)\Java\jre6\bin\ Long name: npjpi160_18.dll Short name: NPJPI1~1.DLL Date (created): 15.03.2010 20:20:50 Date (last access): 15.03.2010 20:20:50 Date (last write): 15.03.2010 20:20:50 Filesize: 136992 Attributes: archive MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF CRC32: 23BC9EDD Version: 6.0.180.7 {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) DPF name: CLSID name: Shockwave Flash Object Installer: C:\Windows\Downloaded Program Files\swflash.inf Codebase: hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab description: Macromedia Shockwave Flash Player classification: Legitimate known filename: info link: info source: Patrick M. Kolla Path: C:\Windows\SysWow64\Macromed\Flash\ Long name: Flash10e.ocx Short name: Date (created): 27.01.2010 01:58:36 Date (last access): 15.03.2010 17:42:30 Date (last write): 27.01.2010 01:58:36 Filesize: 3981080 Attributes: readonly archive MD5: C06E6E160F34CE092301BD2B29067F3F CRC32: D922F8F5 Version: 10.0.45.2 --- Process list --- PID: 0 ( 0) [System] PID: 2904 (2656) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe size: 2937528 MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF PID: 2960 (2656) C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe size: 2845552 MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA PID: 744 (3024) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe size: 7424000 MD5: ABC2C67DFD48930F846934B907C3D606 PID: 1876 ( 744) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin size: 7418368 MD5: 15D982E21248E9BE337D9B40247AF30E PID: 2896 (2964) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe size: 281768 MD5: 61941D4566C3B09F377E0E1A97BD0D9A PID: 3004 (2964) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe size: 246504 MD5: E0D6538B62C79FCBF0B27F95FAF3208B PID: 964 (2964) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe size: 1910152 MD5: 9099462DE4CB8AFA9FD66832B8EFE00F PID: 2732 (2964) C:\Program Files (x86)\iTunes\iTunesHelper.exe size: 421160 MD5: E5B82EA4B98828D50C61137BFA8793F1 PID: 2312 (2964) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe size: 1226608 MD5: A58E05767687E1E636D160ECEA9BC8ED PID: 3780 (3488) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe size: 13088 MD5: 0933539E330EDBDEB81277AE5F84E7DF PID: 660 (3004) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe size: 490216 MD5: E9638B0CBB5DAE86F6E9DA843C19399D PID: 3024 (2656) C:\Program Files (x86)\iTunes\iTunes.exe size: 9777448 MD5: B52E84B0CB3A58CE93A7FBA19ADAC2ED PID: 3944 (3024) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe size: 37664 MD5: 3C029253D99D17D76D0BD78F5134D7F6 PID: 1268 (2656) C:\Program Files (x86)\Steam\Steam.exe size: 1242448 MD5: 3DD25048297A24AB4B3BFC17ABA5D0DB PID: 2948 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe size: 912344 MD5: 0E20A3213ED010FC4997D1EF48082ABC PID: 3044 (2948) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe size: 16856 MD5: BA9A09CF1B9503C363617F3748F6D791 PID: 1488 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 4 ( 0) System PID: 260 ( 4) smss.exe PID: 340 ( 332) csrss.exe PID: 400 ( 332) wininit.exe size: 96256 PID: 428 ( 392) csrss.exe PID: 460 ( 400) services.exe PID: 476 ( 400) lsass.exe PID: 484 ( 400) lsm.exe PID: 540 ( 392) winlogon.exe PID: 624 ( 460) svchost.exe size: 20992 PID: 708 ( 460) nvvsvc.exe PID: 748 ( 460) svchost.exe size: 20992 PID: 844 ( 460) svchost.exe size: 20992 PID: 876 ( 460) svchost.exe size: 20992 PID: 904 ( 460) svchost.exe size: 20992 PID: 984 ( 844) audiodg.exe PID: 352 ( 460) svchost.exe size: 20992 PID: 588 ( 460) svchost.exe size: 20992 PID: 1136 ( 708) nvvsvc.exe PID: 1184 ( 460) spoolsv.exe PID: 1212 ( 460) sched.exe PID: 1252 ( 460) svchost.exe size: 20992 PID: 1380 ( 460) svchost.exe size: 20992 PID: 1400 ( 460) avguard.exe PID: 1428 ( 460) AppleMobileDeviceService.exe PID: 1504 ( 460) mDNSResponder.exe PID: 1548 ( 460) svchost.exe size: 20992 PID: 1580 ( 460) hamachi-2.exe PID: 1604 ( 460) ICQ Service.exe PID: 1664 (1400) avshadow.exe PID: 1672 ( 340) conhost.exe PID: 1736 ( 460) nlssrv32.exe size: 57344 PID: 1804 ( 460) PnkBstrA.exe size: 75064 PID: 1828 ( 460) nvSCPAPISvr.exe PID: 1888 ( 460) WLIDSVC.EXE PID: 1980 (1888) WLIDSVCM.EXE PID: 2352 ( 460) svchost.exe size: 20992 PID: 3060 ( 460) svchost.exe size: 20992 PID: 2436 ( 460) wmpnetwk.exe PID: 2172 ( 460) SearchIndexer.exe size: 428032 PID: 2484 ( 460) C:\Windows\System32\taskhost.exe PID: 2300 ( 876) C:\Windows\System32\dwm.exe PID: 2656 (2272) C:\Windows\explorer.exe size: 2870272 MD5: 9AAAEC8DAC27AA17B053E6352AD233AE PID: 2908 (2656) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE size: 2184520 MD5: BA636F9E95FA09C1F7A0F394B75AC85B PID: 3380 ( 460) iPodService.exe PID: 4024 ( 460) svchost.exe size: 20992 PID: 3808 ( 428) C:\Windows\System32\conhost.exe PID: 3136 ( 428) C:\Windows\System32\conhost.exe --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 30.12.2010 17:09:24 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page hxxp://www.google.de/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\SysWOW64\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL hxxp://go.microsoft.com/fwlink/?LinkId=54896 --- Winsock Layered Service Provider list --- Protocol 0: MSAFD-Tcpip [TCP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 1: MSAFD-Tcpip [UDP/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 2: MSAFD-Tcpip [RAW/IP] GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IP protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 3: MSAFD-Tcpip [TCP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 4: MSAFD-Tcpip [UDP/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 5: MSAFD-Tcpip [RAW/IPv6] GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP IPv6 protocol DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: MSAFD Tcpip[*] Protocol 6: RSVP-TCPv6-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 7: RSVP-TCP-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 8: RSVP-UDPv6-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Protocol 9: RSVP-UDP-Dienstanbieter GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A} Filename: %SystemRoot%\system32\mswsock.dll Description: Microsoft Windows NT/2k/XP RVSP DB filename: %SystemRoot%\system32\rsvpsp.dll DB protocol: RSVP * Service Provider Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83} Filename: Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: NLA-Namespace Namespace Provider 1: TCP/IP GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B} Filename: Description: Microsoft Windows NT/2k/XP TCP/IP name space provider DB filename: %SystemRoot%\system32\mswsock.dll DB protocol: TCP/IP Namespace Provider 2: NTDS GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC} Filename: %SystemRoot%\System32\winrnr.dll Description: Microsoft Windows NT/2k/XP name space provider DB filename: %SystemRoot%\system32\winrnr.dll DB protocol: NTDS Namespace Provider 3: E-Mail-Namenshimanbieter GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename: Namespace Provider 4: PNRP-Wolken-Namespaceanbieter GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 5: PNRP-Namen-Namespaceanbieter GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 6: mdnsNSP GUID: {B600E6E9-553B-4A19-8696-335E5C896153} Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll Description: Apple Rendezvous protocol DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll DB protocol: mdnsNSP Namespace Provider 7: WindowsLive NSP GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A} Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Namespace Provider 8: WindowsLive Local NSP GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D} Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL |
30.12.2010, 20:49 | #6 |
/// Helfer-Team | System Tool 2011 Extreme Soweit erstmal nichts ernstes zu sehen. 1.) Deinstallation von Software
Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist. 2.) Fixen mit OTL
3.) Malwarebytes Antimalware Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel: Malwarebytes - MajorGeeks.com - BestTechie
4.) Eset Online Scan ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte poste in deiner nächsten Antwort:
__________________ --> System Tool 2011 Extreme |
31.12.2010, 14:26 | #7 |
| System Tool 2011 Extreme MALEWAREBYTES Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5426 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 31.12.2010 01:17:22 mbam-log-2010-12-31 (01-17-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 595161 Laufzeit: 1 Stunde(n), 19 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\\documents\fritz!box_reconnect\bat\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. c:\Users\\documents\fritz!box_reconnect\exe\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. Code:
ATTFilter All processes killed ========== OTL ========== Service McComponentHostService stopped successfully! Service McComponentHostService deleted successfully! C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found. File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found. File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ctfmions:C:\Windows\system32\mshtHost.dll deleted successfully. C:\Users\\Desktop\OTL.exe.part moved successfully. C:\Users\\Desktop\mbam-setup-1.50.1.1100.exe moved successfully. C:\Users\\Desktop\ccsetup302.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ->Temp folder emptied: 57161292 bytes ->Temporary Internet Files folder emptied: 2202764 bytes ->Java cache emptied: 1666119 bytes ->FireFox cache emptied: 731879643 bytes ->Google Chrome cache emptied: 6278376 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 8996 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 1610800 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1910 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 764,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.18.2 log created on 12302010_234519 Files\Folders moved on Reboot... C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=41eff60002fe594a9893f794f62c4f74 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-31 12:40:17 # local_time=2010-12-31 01:40:17 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 9460 30288329 36879 0 # compatibility_mode=5893 16776573 100 94 218767 46160744 0 0 # compatibility_mode=8192 67108863 100 0 3858 3858 0 0 # scanned=8029 # found=0 # cleaned=0 # scan_time=943 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=41eff60002fe594a9893f794f62c4f74 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-12-31 01:21:58 # local_time=2010-12-31 02:21:58 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1797 16775165 100 94 49040 30327909 76459 0 # compatibility_mode=5893 16776573 100 94 5632 46200324 0 0 # compatibility_mode=8192 67108863 100 0 43438 43438 0 0 # scanned=448802 # found=1 # cleaned=0 # scan_time=7065 C:\Program Files (x86)\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I |
31.12.2010, 16:19 | #8 |
/// Helfer-Team | System Tool 2011 Extreme Okay. Wie läuft der PC?
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
31.12.2010, 16:46 | #9 |
| System Tool 2011 Extreme gut soweit, gestern irgendwann hat antivir noch ein trojaner gefunden, ansonsten keine beschwerden. danke schonmal |
31.12.2010, 17:30 | #10 |
/// Helfer-Team | System Tool 2011 Extreme Wo hat Avira denn den Trojaner gefunden? Ich brauche immer den Dateinamen und den Fundort! Zb. C:\Windows\System32\böse.exe
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
31.12.2010, 19:24 | #11 |
| System Tool 2011 Extreme Die Datei 'C:\ProgramData\lFfKf09000\lFfKf09000.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.akcc' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48131536.qua' verschoben! |
01.01.2011, 14:48 | #12 |
/// Helfer-Team | System Tool 2011 Extreme Okay poste mir bitte nochmal zwei neue OTL-Logfiles: Systemscan mit OTL
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
01.01.2011, 16:05 | #13 |
| System Tool 2011 ExtremeCode:
ATTFilter OTL logfile created on: 01.01.2011 15:57:09 - Run 2 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: -PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.19 11:03:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.15 01:31:50 | 000,286,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe Photoshop CS5\App\PhotoshopCS5\LogTransport2.exe PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe ========== Modules (SafeList) ========== MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions [2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions [2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net [2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au [2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam [2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com [2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions [2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml [2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml [2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml [2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml [2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml [2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions [2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.31 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Signaturen [2010.12.31 12:04:57 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Neuer Ordner [2010.12.31 01:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.12.30 23:45:19 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe [2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes [2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\backups [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\\Desktop\spybotsd162.exe [2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe [2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000 [2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Adobe [2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Render [2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\PSDS [2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Adobe [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Opera [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Opera [2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8 [2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Avira [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi ========== Files - Modified Within 30 Days ========== [2011.01.01 15:46:36 | 000,036,845 | ---- | M] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg [2011.01.01 15:40:50 | 000,102,184 | ---- | M] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg [2011.01.01 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.01 12:18:35 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.01 12:18:35 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.01 12:18:35 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.01 12:18:35 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.01 12:18:35 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.01 12:14:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.01 12:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.01 12:14:03 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2010.12.31 18:13:28 | 000,000,059 | ---- | M] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL [2010.12.31 17:13:01 | 000,070,987 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-1.jpg [2010.12.31 16:33:08 | 000,071,685 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-2.jpg [2010.12.31 16:03:53 | 000,076,203 | ---- | M] () -- C:\Users\\Desktop\Style Signature.jpg [2010.12.31 16:02:34 | 000,114,134 | ---- | M] () -- C:\Users\\Desktop\Style Signature.psd [2010.12.31 01:19:10 | 002,672,312 | ---- | M] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe [2010.12.31 00:21:45 | 000,000,462 | ---- | M] () -- C:\Users\\Desktop\listen-dsl.asx [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe [2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\\Desktop\spybotsd162.exe [2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp [2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe [2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\\Desktop\nature-signature.jpg [2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\\Desktop\allianz_arena_2.jpg [2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\\Desktop\Real Render by TribunX.7z [2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\\Desktop\dergruene.rar [2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\\Desktop\W_Solo.jpg [2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\\Desktop\COD.psd [2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\\Desktop\wallpaper-284412.png [2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd [2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\\Desktop\wallpaper-177338.jpg [2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.png [2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip ========== Files Created - No Company Name ========== [2011.01.01 15:46:36 | 000,036,845 | ---- | C] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg [2011.01.01 15:40:50 | 000,102,184 | ---- | C] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg [2010.12.31 18:13:28 | 000,000,059 | ---- | C] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL [2010.12.31 16:03:52 | 000,076,203 | ---- | C] () -- C:\Users\\Desktop\Style Signature.jpg [2010.12.31 16:02:34 | 000,114,134 | ---- | C] () -- C:\Users\\Desktop\Style Signature.psd [2010.12.31 01:19:04 | 002,672,312 | ---- | C] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe [2010.12.31 00:21:03 | 000,000,462 | ---- | C] () -- C:\Users\\Desktop\listen-dsl.asx [2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:06 | 000,071,685 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-2.jpg [2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp [2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\\Desktop\nature-signature.jpg [2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users\\Desktop\allianz_arena_2.jpg [2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\\Desktop\LIL-Wayne-psd51253.png [2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\\Desktop\dergruene.rar [2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\\Desktop\Real Render by TribunX.7z [2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\\Desktop\W_Solo.jpg [2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:21 | 000,070,987 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-1.jpg [2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\\Desktop\INFECTED.ttf [2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\\Desktop\COD.psd [2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\\Desktop\wallpaper-284412.png [2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3 by KeReN-R.abr [2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd [2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.png [2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\\Desktop\wallpaper-177338.jpg [2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini [2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\\AppData\Roaming\clipboard.txt [2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2011 15:57:09 - Run 2 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\ \Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: -PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "iTSfv_is1" = iTSfv 5.61.0.1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40 "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "12345_is1" = WeGame Client Beta 2.1.3 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "Album Art Downloader XUI" = Album Art Downloader XUI 0.33 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "ESET Online Scanner" = ESET Online Scanner v3 "Eye Candy 6" = Alien Skin Eye Candy 6 "Fraps" = Fraps "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2 "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst War Rock" = War Rock "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "Gothic II" = Gothic II "Guild Wars" = GUILD WARS "HyperCam 2" = HyperCam 2 "JDownloader" = JDownloader "LHTTSGED" = L&H TTS3000 Deutsch "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "NAVIGON Fresh" = NAVIGON Fresh 3.0.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Oblivion mod manager_is1" = Oblivion mod manager 1.1.9 "OggDS" = Direct Show Ogg Vorbis Filter (remove only) "OpenAL" = OpenAL "Opera 11.00.1156" = Opera 11.00 "paw·ned²" = paw·ned² v1.3 "PunkBusterSvc" = PunkBuster Services "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 12210" = Grand Theft Auto IV "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City "Steam App 240" = Counter-Strike: Source "Steam App 300" = Day of Defeat: Source "Steam App 400" = Portal "Steam App 4000" = Garry's Mod "Steam App 41010" = Serious Sam HD: The Second Encounter "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 4560" = Company of Heroes "Steam App 47770" = Medal of Honor Beta "Steam App 9340" = Company of Heroes: Opposing Fronts "Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Universal Extractor_is1" = Universal Extractor 1.6.1 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.1.0 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.12.2010 20:20:15 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ \Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 07:23:24 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ \Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 07:23:43 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ \Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 07:23:44 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ \Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 09:23:46 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 15:36:04 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 31.12.2010 15:39:15 | Computer Name = -PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 31.12.2010 15:39:47 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\\Desktop\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 01.01.2011 09:01:31 | Computer Name = -PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 01.01.2011 09:02:54 | Computer Name = -PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. [ System Events ] Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren. Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren. Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren. Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren. Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren. Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren. Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren. Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren. Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren. < End of report > |
01.01.2011, 22:10 | #14 |
/// Helfer-Team | System Tool 2011 Extreme So gehts weiter: 1.) Fixen mit OTL
2.) Einstellungen prüfen unter Windows 7 Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
3.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort nacheinander folgende Dateien und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\fsqwr.bmp Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid. 4.) Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 5.) Sicherheitsrisiko Adobe Acrobat Reader Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader X" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn. Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren). Bitte poste in deiner nächsten Antwort:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
02.01.2011, 16:09 | #15 |
| System Tool 2011 ExtremeCode:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully. Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "Softonic-Eng46 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "ICQ Search" removed from browser.search.selectedEngine Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully. C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully. C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml moved successfully. C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml moved successfully. C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml moved successfully. C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml moved successfully. C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml moved successfully. Folder C:\ProgramData\lFfKf09000\ not found. C:\Users\\Desktop\esetsmartinstaller_enu.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ->Temp folder emptied: 519460933 bytes ->Temporary Internet Files folder emptied: 5343465 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 216412423 bytes ->Google Chrome cache emptied: 6866843 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 9907 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4750 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 713,00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.18.2 log created on 01022011_152314 Files\Folders moved on Reboot... C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D397A3Ed01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D462039d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D7A5350d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6E1B45F2d01 not found! File\Folder C:\Users\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6ED67E8Ad01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6EF66F3Ad01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F064D01d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F3BA44Ed01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F8F2D34d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FE827D8d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FF0AB43d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\701A92EEd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\702374ACd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C5E1B5B2d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6276D85d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6BBC6FEd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6F47057d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C7C86ABFd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8051499d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C811C2E5d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C822D4A6d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F13C2d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F484Dd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C86B9E07d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8886357d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9011321d01 not found! C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C915444Bd01 moved successfully. File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9363504d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9DEDB2Dd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9EDFF7Ed01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CA90C243d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CAA4DE56d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBB1CB6Dd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBE10192d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBEFABBEd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD180734d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD34221Cd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD552AA1d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEDC8CABd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEF8938Cd01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF1316D4d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF528845d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF6D7AD0d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CFC7EA92d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D081ED70d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D0B59087d01 not found! File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D144B14Cd01 not found! C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\urlclassifier3.sqlite moved successfully. C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XPC.mfl moved successfully. C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XUL.mfl moved successfully. Registry entries deleted on Reboot... Code:
ATTFilter fsqwr.bmp Submission date: 2011-01-02 15:05:51 (UTC) Current status: queued (#7) queued (#8) analysing finished Result: 0/ 43 (0.0%) Antivirus results AhnLab-V3 - 2011.01.02.00 - 2011.01.01 - - AntiVir - 7.11.0.248 - 2011.01.01 - - Antiy-AVL - 2.0.3.7 - 2011.01.02 - - Avast - 4.8.1351.0 - 2011.01.02 - - Avast5 - 5.0.677.0 - 2011.01.02 - - AVG - 9.0.0.851 - 2011.01.02 - - BitDefender - 7.2 - 2011.01.02 - - CAT-QuickHeal - 11.00 - 2011.01.02 - - ClamAV - 0.96.4.0 - 2011.01.01 - - Command - 5.2.11.5 - 2011.01.01 - - Comodo - 7273 - 2011.01.02 - - DrWeb - 5.0.2.03300 - 2011.01.02 - - Emsisoft - 5.1.0.1 - 2011.01.02 - - eSafe - 7.0.17.0 - 2010.12.30 - - eTrust-Vet - None - 2010.12.31 - - F-Prot - 4.6.2.117 - 2011.01.01 - - F-Secure - 9.0.16160.0 - 2011.01.02 - - Fortinet - 4.2.254.0 - 2011.01.02 - - GData - 21 - 2011.01.02 - - Ikarus - T3.1.1.90.0 - 2011.01.02 - - Jiangmin - 13.0.900 - 2011.01.02 - - K7AntiVirus - 9.75.3406 - 2010.12.31 - - Kaspersky - 7.0.0.125 - 2011.01.02 - - McAfee - 5.400.0.1158 - 2011.01.02 - - McAfee-GW-Edition - 2010.1C - 2011.01.01 - - Microsoft - 1.6402 - 2011.01.02 - - NOD32 - 5753 - 2011.01.02 - - Norman - 6.06.12 - 2011.01.01 - - nProtect - 2011-01-02.01 - 2011.01.02 - - Panda - 10.0.2.7 - 2011.01.02 - - PCTools - 7.0.3.5 - 2011.01.02 - - Prevx - 3.0 - 2011.01.02 - - Rising - 22.80.04.04 - 2010.12.31 - - Sophos - 4.60.0 - 2011.01.02 - - SUPERAntiSpyware - 4.40.0.1006 - 2011.01.01 - - Symantec - 20101.3.0.103 - 2011.01.02 - - TheHacker - 6.7.0.1.109 - 2010.12.30 - - TrendMicro - 9.120.0.1004 - 2011.01.02 - - TrendMicro-HouseCall - 9.120.0.1004 - 2011.01.02 - - VBA32 - 3.12.14.2 - 2010.12.30 - - VIPRE - 7922 - 2011.01.02 - - ViRobot - 2010.12.31.4232 - 2011.01.02 - - VirusBuster - 13.6.122.0 - 2011.01.01 - - File info: MD5: dbc2a803c50fe550e257108fdca9de11 SHA1: 6f440a3ca8a0dd7c965ea046df154af792f55fc7 SHA256: 311957539b85983277009c8c1285c8661860f1ecf5802319fd2ca22203ac4a87 File size: 1228854 bytes Scan date: 2011-01-02 15:05:51 (UTC) |
Themen zu System Tool 2011 Extreme |
antivir, bildschirm, bluescreen, bot, checken, entfernen, erste mal, firefox, frage, funktioniert nicht mehr, gelöscht, google, google bilder, hijack, hintergrund, internet, nerven, netzwerk, opera, problem, programme, starten, system, system tools, system wiederherstellung, systemwiederherstellung, task manager funktioniert nicht, trojaner, viren, virus, virus eingefangen, öffnet |