Zurück   Trojaner-Board > Malware entfernen > Überwachung, Datenschutz und Spam

Überwachung, Datenschutz und Spam: Mails machen sich selbständig

Windows 7 Fragen zu Verschlüsselung, Spam, Datenschutz & co. sind hier erwünscht. Hier geht es um Abwehr von Keyloggern oder aderen Spionagesoftware wie Spyware und Adware. Themen zum "Trojaner entfernen" oder "Malware Probleme" dürfen hier nur diskutiert werden. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Thema geschlossen
Alt 04.04.2011, 11:10   #1
Bianca28
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Hallo ihr lieben, ihr habt mir bisher immer super lieb geholfen und ich wollte mich auch nochmal ganz herzlich bei den helfern bedanken!!!!!!!!!!

Leider habe ich mal wieder ein neues Problem :-(

Mein Email Account (msn) hat diese Nahct nun schon zum 2. mal an meine Kontakte Mails verschickt. Es ist immer nur ein Link der allerdings zu einer Virusverseuchten Seite weiterleitet.
Ich habe jetzt erstmal meine ganzen Kontakte gelöscht. Zum Glück bin ich auf dieses nicht unbedingt angewiesen.

Kann mir jemand helfen? Wie kommt das überhaupt das eigenständig mails vershcickt werden? Das spielt sich doch alles online ab und nicht auf meinem Lappi.

Alt 04.04.2011, 13:13   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Zitat:
Das spielt sich doch alles online ab und nicht auf meinem Lappi.
Wieso gehst du davon aus, dass nur dein Laptop Mails von deiner Adresse aus schicken kann?
Jedes internetfähige Gerät kann sich in dein Konto einloggen und Spam senden.
Es kann mehrere Gründe haben, warum es so aussieht, dass mit deiner Adresse Spam verschickt wurde.
1.) Spammer können problemlos Adressen fälschen, einfach als Absender eine andere oder frei erfundene benutzen.
2.) Dein Konto wurde geknackt weil dein Passwort zu schwach oder auf Grund von Schädlingsbefall gestohlen werden konnte.


Vllt machst du mal einen Vollscan mit Malwarebytes und postest das Logs. Mach auch einen Durchgang mit OTL.exe
__________________

__________________

Alt 04.04.2011, 14:15   #3
Bianca28
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Hi, erstmal danke für die schnelle Antwort.

Leider ist es ja kein Spam der cvherschickt wird sondern ein Virus oder Wurm oder irgendsowas. Beim ersten konnten die betroffenen das Fenster noch schliesen bevor "es" sich vollständig heruntergeladen hatte. Diesmal war das leider nicht der Fall.
Es ist definitiv mein Account da ich selbst diese Mail auch bekommen habe und auch ganz viele " Mail delivery...." wieder zurück bekam.

Ich meinte auch ob man überhaupt was mit scannen und co. ausrichten kann wenn sich das Problem doch im www abspielt. Tut mir leid wenn das etwas unverständlich rüber kam.

Hier mal die Logs von einem Quickscan. Der vollständige läuft noch:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6266

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

04.04.2011 13:16:41
mbam-log-2011-04-04 (13-16-33).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163424
Laufzeit: 11 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Edit: hier noch die Logs vom vollständigen Scan:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6266

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

04.04.2011 15:31:35
mbam-log-2011-04-04 (15-31-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 353632
Laufzeit: 2 Stunde(n), 4 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
e:\nicht verwendete dokumente\iso buster 2.3\keygen isobuster_2.3.0.1.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Nochmal die Edit ;-)
Hier die OTL Logs:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.04.2011 15:33:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = E:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 10,50 Gb Free Space | 14,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 14,96 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIANCAS-PC | User Name: bianca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe (United Internet AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Windows\vsnp325.exe ()
PRC - C:\Windows\tsnp325.exe ()
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) --  File not found
SRV - (Automatisches LiveUpdate - Scheduler) --  File not found
SRV - (CGVPNCliSrvc) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SmartSurferManager) -- C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe (United Internet AG)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (brmfrsmg) -- C:\Windows\System32\BrmfRsmg.exe (Brother Industries, Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (mf) -- C:\Windows\System32\drivers\mf.sys (Microsoft Corporation)
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\Windows\System32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\Windows\System32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 E6 7D F0 A5 F6 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.19 15:48:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:02:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.26 19:16:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.26 19:16:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.28 17:48:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.28 17:48:46 | 000,000,000 | ---D | M]
 
[2008.06.18 19:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bianca\AppData\Roaming\mozilla\Extensions
[2011.03.28 12:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions
[2010.04.28 19:37:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 11:02:52 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.03.26 11:02:51 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2010.10.24 14:04:43 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.08.22 10:32:40 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\anycolor.pavlos256@gmail.com
[2011.03.26 11:02:52 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\engine@conduit.com
[2009.09.07 18:05:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\moveplayer@movenetworks.com
[2011.03.13 13:42:20 | 000,000,000 | ---D | M] (Personas) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\personas@christopher.beard
[2010.08.26 09:48:03 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\quickstores@quickstores.de
[2010.09.23 22:23:41 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\bianca\AppData\Roaming\mozilla\Firefox\Profiles\fgkslinf.default\extensions\support@predictad.com
[2010.03.31 14:05:27 | 000,000,903 | ---- | M] () -- C:\Users\bianca\AppData\Roaming\Mozilla\Firefox\Profiles\fgkslinf.default\searchplugins\conduit.xml
[2008.12.12 20:23:54 | 000,002,158 | ---- | M] () -- C:\Users\bianca\AppData\Roaming\Mozilla\Firefox\Profiles\fgkslinf.default\searchplugins\MySpace.xml
[2011.03.28 17:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.28 21:19:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.18 19:47:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.26 23:05:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 12:09:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.06.02 21:20:19 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
File not found (No name found) -- 
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.07 14:13:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HotKeysCmds]  File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray]  File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan]  File not found
O4 - HKLM..\Run: [NDSTray.exe]  File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Performance Center]  File not found
O4 - HKLM..\Run: [Persistence]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe]  File not found
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [tsnp325] C:\Windows\tsnp325.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]  File not found
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [EADM] C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe (Electronic Arts)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bianca\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\bianca\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{bc85d363-b254-11dc-8fdf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bc85d363-b254-11dc-8fdf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{c0ab97d1-d48b-11dc-977f-001b38ab7ce6}\Shell - "" = AutoRun
O33 - MountPoints2\{c0ab97d1-d48b-11dc-977f-001b38ab7ce6}\Shell\AutoRun\command - "" = D:\setup.exe /autorun
O33 - MountPoints2\{c0ab97d1-d48b-11dc-977f-001b38ab7ce6}\Shell\directx\command - "" = D:\DirectX\dxsetup.exe
O33 - MountPoints2\{c0ab97d1-d48b-11dc-977f-001b38ab7ce6}\Shell\setup\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.23 10:24:32 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 10:24:32 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.12 19:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Companion
[2011.03.12 19:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2011.03.12 19:26:38 | 000,000,000 | ---D | C] -- C:\Users\bianca\AppData\Roaming\TuneUpMedia
[2011.03.12 19:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2011.03.12 19:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.03.12 19:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2011.03.11 15:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.11 15:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.03.09 10:23:49 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 10:23:48 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 10:23:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 10:23:48 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.03.07 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\bianca\AppData\Local\Electronic Arts
[2011.03.07 11:12:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2011.03.05 15:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.03.05 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\bianca\Documents\Electronic Arts
[2008.01.19 17:58:34 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll
[2008.01.19 17:58:34 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll
[2008.01.19 17:58:34 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.04 15:33:21 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.04 15:32:22 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\vhijpya.sys
[2011.04.04 15:32:22 | 000,000,458 | ---- | M] () -- C:\Windows\System\fgxq
[2011.04.04 15:17:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.04 14:53:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 14:53:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 12:58:49 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.04 10:58:42 | 000,672,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.04 10:58:42 | 000,633,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.04 10:58:42 | 000,149,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.04 10:58:42 | 000,121,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.04 10:53:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.04 10:53:02 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.04 10:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.03 21:50:05 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2011.03.28 17:48:51 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.26 19:16:30 | 000,001,673 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.03.18 22:06:42 | 000,832,892 | ---- | M] () -- C:\Users\bianca\Desktop\LBM11_853325853257780769722103.pdf
[2011.03.17 21:55:50 | 000,000,579 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.03.16 14:50:11 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.12 19:28:14 | 000,001,598 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.03.11 15:53:53 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 11:12:00 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011.03.05 15:53:19 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.04 15:32:22 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\vhijpya.sys
[2011.04.04 15:32:22 | 000,000,458 | ---- | C] () -- C:\Windows\System\fgxq
[2011.04.04 12:58:49 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.28 17:48:51 | 000,000,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.26 19:16:30 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.03.18 22:06:42 | 000,832,892 | ---- | C] () -- C:\Users\bianca\Desktop\LBM11_853325853257780769722103.pdf
[2011.03.12 19:25:41 | 000,001,598 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011.03.12 19:25:41 | 000,001,598 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011.03.11 15:53:53 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.07 11:12:00 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2011.03.05 15:53:19 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\Die*Sims™*3.lnk
[2010.12.16 12:02:41 | 011,514,037 | ---- | C] () -- C:\Windows\System32\United Arts Limited_meinfoto_uninstaller.exe
[2010.06.02 14:13:28 | 000,242,503 | ---- | C] () -- C:\Users\bianca\AppData\Local\mutbihpv_nav.dat
[2010.06.02 14:13:28 | 000,004,616 | ---- | C] () -- C:\Users\bianca\AppData\Local\mutbihpv_navps.dat
[2010.06.02 14:13:28 | 000,003,442 | ---- | C] () -- C:\Users\bianca\AppData\Local\mutbihpv.dat
[2010.01.28 20:41:23 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.10.05 11:44:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.05 11:44:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.04 15:30:43 | 000,000,092 | ---- | C] () -- C:\Users\bianca\AppData\Local\ecmkjc.bat
[2009.04.30 23:08:32 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.02.02 23:52:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.10 14:17:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.12.07 22:18:54 | 000,000,014 | ---- | C] () -- C:\Windows\popcinfo.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.19 17:47:14 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.30 08:44:21 | 000,042,982 | ---- | C] () -- C:\Windows\System32\pddsladp.dll
[2008.04.16 17:35:01 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.04.08 15:18:41 | 000,000,790 | ---- | C] () -- C:\Windows\eReg.dat
[2008.03.30 21:28:58 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2008.03.23 13:43:34 | 000,000,680 | ---- | C] () -- C:\Users\bianca\AppData\Local\d3d9caps.dat
[2008.02.26 12:28:46 | 000,000,027 | ---- | C] () -- C:\Windows\BRMFBIDI.INI
[2008.02.06 10:14:24 | 000,142,904 | ---- | C] () -- C:\Windows\System32\drivers\sptddrv1.sys
[2008.01.30 17:58:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.01.19 17:58:35 | 000,835,584 | ---- | C] () -- C:\Windows\vsnp325.exe
[2008.01.19 17:58:35 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp325.exe
[2008.01.19 17:58:34 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini
[2007.12.30 19:56:01 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2007.12.29 13:56:37 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\CE6AF3E6A1.sys
[2007.12.27 18:19:57 | 000,095,232 | ---- | C] () -- C:\Users\bianca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.27 12:16:36 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.25 14:18:58 | 000,000,016 | -H-- | C] () -- C:\Users\bianca\AppData\Roaming\mxfilerelatedcache.mxc2
[2007.12.25 14:18:58 | 000,000,016 | -H-- | C] () -- C:\Users\bianca\AppData\Local\mxfilerelatedcache.mxc2
[2007.12.25 13:34:49 | 000,031,007 | ---- | C] () -- C:\Users\bianca\AppData\Roaming\UserTile.png
[2007.12.25 02:18:30 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.12.25 02:18:30 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.07.12 21:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007.07.12 21:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007.07.12 21:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007.07.12 21:33:09 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007.07.12 10:54:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.07.12 10:54:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.07.12 10:54:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.07.12 10:26:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007.03.26 10:45:18 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.02.20 14:59:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.02.20 14:59:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.02.20 14:59:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:33:31 | 000,672,284 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,149,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,404,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,633,274 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,121,566 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\brmsl01f.bin
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.03.30 09:15:02 | 000,051,200 | ---- | C] () -- C:\Windows\System32\ThriXXX010205PNG.dll
[2004.03.30 09:15:01 | 000,056,832 | ---- | C] () -- C:\Windows\System32\ThriXXX015003JP2.dll
[2004.03.30 09:15:01 | 000,023,040 | ---- | C] () -- C:\Windows\System32\ThriXXX010104Z.dll
[2003.05.23 12:08:52 | 000,107,008 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003.05.23 12:08:52 | 000,020,992 | ---- | C] () -- C:\Windows\System32\ogg.dll
 
========== LOP Check ==========
 
[2008.12.10 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\.wyzo
[2008.11.21 19:11:29 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Ancient Quest of Saqqarah_msn
[2011.03.14 21:04:50 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Azureus
[2009.01.23 20:18:23 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\BeachPartyCraze
[2010.10.14 11:49:06 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\BitZipper
[2009.04.05 17:37:09 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Boolat Games
[2007.12.25 01:56:35 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\DesktopSMS
[2009.10.29 15:19:31 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\FILEminimizerPictures
[2008.11.13 22:07:53 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Flood Light Games
[2010.11.19 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\freshgames
[2008.04.24 21:18:00 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Gaijin Ent
[2009.03.09 22:48:57 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Gamelab
[2009.03.12 13:44:01 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Go Go Gourmet
[2008.11.12 16:03:55 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010.10.26 20:20:04 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\ICQ
[2009.01.12 19:11:58 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\iWin
[2010.12.25 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Leadertech
[2008.07.28 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\LimeWire
[2008.06.01 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Meridian93
[2009.04.09 14:44:24 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\My Games
[2009.03.20 18:45:52 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\MysteryStudio
[2009.01.11 18:05:32 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Oberon Games
[2007.12.25 13:34:49 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\PeerNetworking
[2009.01.12 22:34:17 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\PetShowCraze
[2010.05.16 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\PlayFirst
[2009.01.25 00:02:31 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Pogo Games
[2010.09.28 11:31:13 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\QuickStoresToolbar
[2009.01.02 12:50:02 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Sandlot Games
[2008.05.17 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Sierra Entertainment
[2008.11.07 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\SmartSurfer
[2007.12.30 22:07:19 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\SoundSpectrum
[2010.09.19 20:34:02 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Toshiba
[2010.11.02 20:31:33 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\TS3Client
[2011.03.15 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\TuneUpMedia
[2010.03.31 13:25:20 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\uTorrent
[2008.11.27 21:01:22 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Valusoft
[2009.01.25 22:31:32 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\ViquaSoft
[2010.03.31 13:42:21 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\WEB.DE
[2008.01.09 16:42:01 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\WEBDE
[2010.03.14 17:08:06 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Wild Tangent
[2010.11.19 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\WildTangent
[2008.06.03 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\bianca\AppData\Roaming\Zylom
[2011.04.03 23:05:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:51387F29
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:753B0F80
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:965253AF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E98C5DD9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E54FA796
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:61E5F0F7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:87FA5E8A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F65733F1
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:765C6A14
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:92D18A5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0207454C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:45FE2B4E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1CB8D545
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:20DB61D6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A73B0434
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C4A1F01E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D26DD363
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:26C3D553
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:33A7CC67
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:74699137

< End of report >
         
--- --- ---


Nummer 2:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.04.2011 15:33:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = E:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 10,50 Gb Free Space | 14,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 14,96 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BIANCAS-PC | User Name: bianca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E0799F-740B-472A-8E38-346C5B9B8188}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C79D9A5-2061-4344-8D38-9BE36B2A3C0E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EB353C5-E9DC-48C1-9834-5F1067741AAA}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1796E1B5-1A60-4D4D-B26A-EEE7D60DA162}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{194866F7-4B7F-41A1-A5E7-93CACE678013}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1A86DCA5-5F7A-4451-8447-CBAF83CE01F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{252EFAA5-5DD9-4429-8329-3DEB79F22144}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{264E89A9-4F5E-467D-98FC-46324F6BE87B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{306D931A-DEBB-4F0D-AD85-0D62FF2A476A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{43F47C1C-4EC4-424B-9239-08F6BB54C403}" = lport=1119 | protocol=6 | dir=in | name=blizzard downloader | 
"{4D7B6366-A05E-4A98-B442-D638D4245012}" = lport=139 | protocol=6 | dir=in | app=system | 
"{561D73E7-B375-4B84-8018-D34AC8A96325}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{59860105-2C97-481F-B2CE-27DC00461E94}" = rport=137 | protocol=17 | dir=out | app=system | 
"{62201A42-3E70-4CE5-83F4-05EF196EB61C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{649B938B-DD80-4402-B05F-FA7913947FF1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6C9F7A31-E3D8-41DD-A310-2FA0BE57EDFF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7CF1094D-1E37-4ADE-B915-29935FD4D81A}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader | 
"{848D98C2-FBD6-4925-94AB-216A131E84DB}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{9414E854-52D1-43EC-A531-9EA1772B6186}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A677EC22-7572-4AC4-BE09-8C492CDAA1ED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF4FD5B3-E9EE-4960-9084-D666040D94C7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B7731160-BD82-4780-B6FF-D2110C37AF1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C1F66544-EBAE-442E-BE50-3DF20D1C75D5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E8469B5A-EC20-4AFB-8E78-CA40D3AD0BED}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F0B4AE07-4612-4A0B-A20C-73D136AD52AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F8DE42D2-1DBE-4C36-84F9-06A2B586231E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B860DB-D2DF-44EF-A7B1-DAE9D20D7E4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1BC86C6E-549B-43F8-9437-DE0841F96CC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1C7331BD-DFE9-426D-8C57-CD6ABA262097}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{40AFA1FF-B127-4ED9-8B61-FA04D8DB44F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{416A3C43-8E3A-49BD-854F-C569471B2A13}" = protocol=6 | dir=in | app=c:\program files\s.a.d\cyberghost vpn\cyberghost.exe | 
"{41B0FD1D-89C4-4BAB-8CA6-B705FBC8B94E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{4D8AA65D-DCB9-48E3-8FAB-C4C958CB4D51}" = protocol=6 | dir=in | app=e:\world of warcraft\wow-3.2.0-engb-downloader.exe | 
"{5777BBE4-6EBC-4FE0-8816-15330848F890}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{7352D4B9-1850-4FB0-9034-0B9FCA6B383C}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{7D860CE0-46F5-4ACF-BC53-C5EA1603535F}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{8698F765-B51F-4587-A50D-27000B8B08B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{871BB366-7D32-47A6-B198-8BA6B58FB29B}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{893975BC-2CF8-4E79-A8D1-AA1D696438D3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{96BCD49E-6C80-4B87-9D9E-4F2EA14864AF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"{975561F9-B163-4BB4-A8C1-AB8DC79897B5}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{A3D469A3-57F9-4797-B406-8D1061E2BFBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A425DBB0-9AEB-4B1B-83C2-B7613F925E24}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 
"{B50E02A2-C615-4623-AEAF-D05E551D6035}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B6030CB1-AC42-4B68-B0E9-1AF3E6F5FD1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B64467A1-9966-4BF3-9B7F-3E646FC13C69}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BDB8A13F-8349-4C39-9A00-899A33232EAF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{C4CBB2C3-535D-4A33-8D9F-EF1B3514E292}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{CD381AD6-F94F-4D4F-9DE8-52281546F74E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CE9C0338-233C-4A7F-9D04-84B49924EB41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CFDFAB25-51CF-41E4-BD9B-16CCE90B4FF9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{D0DA507C-C775-4939-9CE9-BEB035EDE2B8}" = protocol=17 | dir=in | app=e:\world of warcraft\wow-3.2.0-engb-downloader.exe | 
"{D64AE227-3413-4DFB-9621-ADC39D484DAE}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{D67AA4C5-D4C8-45CA-A296-8B9696EFD7F1}" = protocol=17 | dir=in | app=c:\program files\s.a.d\cyberghost vpn\cyberghost.exe | 
"{DACC80D0-B94B-4286-A3F1-2819F09A7BB7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E9CDD1C5-607C-46B2-9B55-FC3825527C7B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EB38906F-BE76-4200-82FD-BA67CA284AE6}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{EBC10EC2-D353-4041-8E3F-A8F5823429A3}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{EC1D5D78-7CA1-4569-828E-D57468F01E96}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{462E72FB-B328-4EA2-8CE9-7ADDD1193751}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"TCP Query User{52F87E01-BBFA-42F8-9B03-76AD27859B1B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{5B7B2BE9-EBD6-455D-8967-19EBE1850C8D}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 
"TCP Query User{79B723D5-65A8-4AA5-9B19-18A3587ADD4A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{84997595-199B-4055-81BB-3A7D2FCE1B6D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{CC9EA43B-D290-426F-939F-A6C91C6F1558}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{E30985B6-6A09-4748-AECA-85C798A8C5AA}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{01805CB0-66C3-470D-85C7-B815FEACFA02}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{2182ADAE-E538-48B4-851B-B73CAA2E24BA}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{2A261672-7D23-402B-B137-CD9FABCA20DE}C:\program files\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"UDP Query User{3E02FC89-4A2F-413D-9911-EA1556CB639A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{B7975FC3-273B-4777-8F26-35295AB1DA9B}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{BEDEA6F3-2215-4A27-8430-48ABDB05E714}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 
"UDP Query User{E62ECF59-D637-434E-98E9-F06596C063B3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00004EE8-1E8B-BB10-6588-07DF0D120F6B}" = CCC Help Korean
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02E107FC-1861-FC4A-E80F-07DA9DC5808C}" = Catalyst Control Center Graphics Previews Vista
"{03C55715-3545-2DF8-8C64-2BB877955150}" = Catalyst Control Center Localization Chinese Traditional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0755396F-D048-8CDD-6AC3-C7C83A6869B5}" = CCC Help Czech
"{08B7B1F9-A8EB-7632-FFC3-04AB5328143B}" = CCC Help Chinese Standard
"{09F52B2B-8B36-130C-5EBD-6E5FFC5FA0B7}" = CCC Help English
"{0E1C53DA-DF86-845A-7BEB-14C4A8E0B150}" = Catalyst Control Center Localization Korean
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Extinct Animals
"{15B924BC-AEB2-7E31-F414-1FC7B385846A}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20CFE038-F4CE-0716-DCA0-04BBD67FE5EA}" = CCC Help Turkish
"{2126F5BB-AB90-083F-7AA8-A29D73819DAA}" = CCC Help French
"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{26E6EA50-532C-8CF3-5EB4-8C8D306EAB58}" = Catalyst Control Center Localization Polish
"{27CD3616-D3B0-834C-89A3-4FC5CEE7374D}" = Catalyst Control Center Graphics Full Existing
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28912B61-0265-3C33-7EC7-14345AC76E3D}" = CCC Help Hungarian
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D06C1FE-8454-5663-D0E9-1C130FD96446}" = Catalyst Control Center Localization Norwegian
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30F9E15A-EE25-6D32-62CE-2E6BEAED3766}" = CCC Help Italian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{342A19C7-3335-C02F-F1DD-3A0B49C3D047}" = Catalyst Control Center Localization Greek
"{34EF4F67-A3CE-DAB6-FA06-7C4C59A0D462}" = Catalyst Control Center Localization Swedish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CE22BE4-E2D3-F0E8-1C52-1B5A5F97B876}" = Catalyst Control Center Localization Turkish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400F4990-B111-109A-6B08-E80CB42651AA}" = Catalyst Control Center Localization Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44479884-EB6D-38DA-1D3E-835625E40F7E}" = Catalyst Control Center Graphics Previews Common
"{480CA9F1-17E2-0B15-9684-511C0A083F92}" = Catalyst Control Center Localization Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F31172C-2692-BB28-8F5B-86474CEC5D33}" = Catalyst Control Center Localization Chinese Standard
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54AAFB71-6DCB-32EB-8F91-DA7643497ED4}" = Catalyst Control Center Localization Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D1CB0EC-0CA2-B4FD-2A10-2503A3CF7E46}" = Catalyst Control Center Localization Italian
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFE618D-0100-6DE7-9894-5FD057103871}" = Catalyst Control Center Core Implementation
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63D10FBD-5667-DAD9-0B31-CED873B3F7EF}" = Catalyst Control Center Graphics Light
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7936153F-8D09-BC11-6DC4-1D4DEAB9D680}" = CCC Help Thai
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{816B8A02-76F0-AE47-E28F-0AD114CC261E}" = CCC Help Polish
"{82AB4F83-BBBA-8F04-EE34-11F74E39A4B6}" = Catalyst Control Center Localization German
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85EBB283-65AF-4C53-9EBE-7C0A232762F7}" = AGEIA PhysX v7.03.21
"{86158699-F584-0DC9-119D-C5A6591090FB}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{920E3F1A-0B73-807D-EE0E-E6D89D4E5DDE}" = Catalyst Control Center Localization Dutch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{985AF15E-776F-3CDD-EB92-2DAFF02697FB}" = Skins
"{98CE747E-4948-10B0-BBF0-5981A11114D1}" = Catalyst Control Center Localization Hungarian
"{99F54171-AE4A-579B-1544-5870478FC8F7}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1BAD23B-748C-50FD-CCA9-956C3F54D138}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD82299-8034-4B44-4FDB-3F8971C20575}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{ACE07E37-A416-9A6B-D352-C776FFA49493}" = CCC Help Spanish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AEC44B-F926-773D-D028-77CADEF8D9D3}" = CCC Help Norwegian
"{B537ACDB-7C56-83B6-034C-A5AF6400F789}" = CCC Help Swedish
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B8AB4511-EECC-9299-45B3-F25F4774F6F2}" = CCC Help Russian
"{BD75C1A0-F0ED-B54A-B49C-3244B47BA803}" = ccc-utility
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6317675-96CC-D2AE-40F2-698F3DED64B4}" = CCC Help Portuguese
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7FAEA9E-A14C-D8C9-EEE9-8D43F9E09565}" = Catalyst Control Center Localization Czech
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CC35C434-FFC8-BDD8-44F0-ED0972484C56}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D646CA8B-5227-1598-5E9C-132B2D89A38D}" = Catalyst Control Center Localization Japanese
"{D8E302CB-8517-3E9B-C6C9-E90A21C6EFC5}" = CCC Help Danish
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BB634D-B374-A329-EE5D-22C279F92A7F}" = ccc-core-static
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C1426C-6670-4068-6398-EB490D45979F}" = Catalyst Control Center Localization Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8B5B814-A3BF-F83F-09ED-AED9EE88211A}" = Catalyst Control Center Localization French
"{F927176F-F8F0-FACF-A57E-4F95714B6F00}" = Catalyst Control Center Localization Russian
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = USB PC Camera 
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FA7BB878-FC13-7548-13D3-18A53381014D}" = CCC Help Japanese
"{FB56EE4D-7CBC-6FDC-E336-52BD269E4CF6}" = Catalyst Control Center Localization Finnish
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"ActiveXControlPad" = Microsoft ActiveX Control Pad
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ClearProg" = ClearProg 1.6.0 Final
"conduitEngine" = Conduit Engine
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.16
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dr. DivX 1.0 Beta" = Dr. DivX 1.0 Beta
"EADM" = EA Download Manager
"ecmkjc" = Favorit
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 1828] [2008-01-29]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Updater" = Google Updater
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LogonStudio Vista" = LogonStudio Vista
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"My HP Game Console" = HP Game Console
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PDF-ShellTools_is1" = PDF-ShellTools 1.0.0.9 Trial
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"RealPlayer 6.0" = RealPlayer
"Rommé 1" = Rommé 1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative Systeminformationen
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"T-Online eMail Center Desktop-Startsymbol Fax" = T-Online eMail Center Desktop-Startsymbol Fax 1.0
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TuneUpMedia" = TuneUp Companion 1.9.0
"United Arts Limited_meinfoto" = meinfoto
"VLC media player" = VideoLAN VLC media player 0.8.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"WTA-4522f4ce-1503-4319-83b5-4b9c8969c7ea" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-712d217e-60f2-4f57-b45c-293cad7bec3e" = Farm Frenzy 3
"WTA-8f3a99ec-ca0a-4b72-a1c8-f3b949d247bc" = Ranch Rush 2 - Premium Edition
"Xfire" = Xfire (remove only)
"XP-Games JRE" = XP-Games JRE
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto Bestellsoftware" = HappyFoto Bestellsoftware
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Geändert von Bianca28 (04.04.2011 um 14:43 Uhr)

Alt 04.04.2011, 15:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Zitat:
e:\nicht verwendete dokumente\iso buster 2.3\keygen isobuster_2.3.0.1.exe
Doh!

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.04.2011, 19:01   #5
Bianca28
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Oh, das tut mir leid. Ja, diese Regel versteh ich. Ich werd das Ding auch sofort löschen. Ich glaube das ist noch ein Überbleibsel aus, naja, wilderen Tagen.

Trotzdem danke. ICh werd schauen was ich noch machen kann. Ich werd wohl einfach mal alles bereinigen uind hoffe das dann alles wieder geht.

LG Bianca


Alt 04.04.2011, 20:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Du hast dir das System selbst grobfahrlässig mit dem Keygen verseucht. Sichere alle Daten, folge dazu dem 2. Link in meiner Signatur und mach anschließend eine saubere Neuinstallation. Anschließend auch alle Passwörter ändern (geht auch von Ubuntu aus)
__________________
--> Mails machen sich selbständig

Alt 04.04.2011, 20:22   #7
Bianca28
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



ok werd ich machen. Hab den Generator auch schon gelöscht. Nochmals danke!!

Alt 04.04.2011, 20:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Zitat:
Hab den Generator auch schon gelöscht.
Iss klar, dass das jetzt zu spät ist oder?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.05.2011, 20:11   #9
nessie.89
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



hallo
ich habe genau das selbe Problem und auch gleich, nachdem ich hier nachgelesen habe, diesen scan durchgeführt. Hier das Ergebniss:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6663

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

24.05.2011 21:06:06
mbam-log-2011-05-24 (21-06-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 319002
Laufzeit: 2 Stunde(n), 13 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 81
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 16
Infizierte Dateien: 17

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765A5430AF99 (Malware.Trace) -> Value: SRS_IT_E8790477B1765A5430AF99 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\Users\Nicole\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\Users\Nicole\AppData\Local\Temp\0.8932501372113166.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.

Ich habe mir auch überlegt gleich lieber in ein Computerfachgeschäft zu gehen und noch einmal drüber schauen zu lassen... mal sehen was dabei raus kommt

Alt 24.05.2011, 21:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Mails machen sich selbständig - Standard

Mails machen sich selbständig



Bitte mach - wie jeder andere hier auch - für Dein Anliegen einen eigenen Strang auf! Nur so ist sichergestellt, dass jedem übersichtlich und indivuell geholfen werden werden!


__________________
Logfiles bitte immer in CODE-Tags posten

Thema geschlossen

Themen zu Mails machen sich selbständig
account, bedanken, bedingt, email, email account, geholfen, helfer, kontakte, liebe, lieben, link, mails, msn, neues, online, problem, seite, selbständig, spiel, super, unbedingt, überhaupt




Ähnliche Themen: Mails machen sich selbständig


  1. Win7 Random Freeze & Dienste machen sich selbständig
    Alles rund um Windows - 31.07.2016 (5)
  2. PC und Maus machen sich selbständig
    Plagegeister aller Art und deren Bekämpfung - 19.08.2015 (46)
  3. Firefox lässt sich nicht öffnen, stattdessen machen sich andere Browser wie Snap do auf.
    Log-Analyse und Auswertung - 08.03.2014 (8)
  4. Win7: Internetbrowser machen sich selbständig mit Werbung; langsamer Pc
    Log-Analyse und Auswertung - 10.11.2013 (38)
  5. Pc hat sich selbständig gemacht
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (19)
  6. Yahooaccount sendet selbständig Mails , jedoch nicht an alle Kontakte
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (1)
  7. aus web.de fremail wurden selbständig mails versandt
    Log-Analyse und Auswertung - 11.12.2011 (24)
  8. Outlook sendet selbständig Mails
    Log-Analyse und Auswertung - 22.11.2011 (5)
  9. Mein mailaccount hat selbständig mails verschickt
    Plagegeister aller Art und deren Bekämpfung - 23.10.2011 (3)
  10. web.de versendet selbständig Mails; evt. Trojaner eingefangen?
    Log-Analyse und Auswertung - 07.09.2011 (10)
  11. Browser öffnet sich selbständig
    Log-Analyse und Auswertung - 31.07.2011 (20)
  12. Windows Messenger verschickt selbständig Mails
    Überwachung, Datenschutz und Spam - 27.10.2010 (12)
  13. E-Mailaccount versendet selbständig E-Mails mit einem Virus im Anhang !
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (17)
  14. Tastatur und Maus machen sich nach öffnen von Battlefield BC2 eine zeitlang selbständig
    Log-Analyse und Auswertung - 16.08.2010 (7)
  15. Mein ICQ macht sich selbständig!
    Plagegeister aller Art und deren Bekämpfung - 21.04.2010 (22)
  16. Mails werden selbständig versand
    Log-Analyse und Auswertung - 27.01.2007 (1)
  17. unsere computer machen sich selbständig...
    Plagegeister aller Art und deren Bekämpfung - 05.09.2004 (5)

Zum Thema Mails machen sich selbständig - Hallo ihr lieben, ihr habt mir bisher immer super lieb geholfen und ich wollte mich auch nochmal ganz herzlich bei den helfern bedanken!!!!!!!!!! Leider habe ich mal wieder ein neues - Mails machen sich selbständig...
Archiv
Du betrachtest: Mails machen sich selbständig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.