Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ich verschicke per MSN Email spam Nachrichten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.08.2010, 15:34   #1
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Hi Leute,
Ich verschicke per MSN EMail Konto jede Nacht um 0.00 Uhr ca. eine Email an alle aus meiner Kontakt Liste mit irgendeinem Link von einer Viagra Seite glaub ich?
Das geht die letzten 2 Tage immer Nachts. Zudem bekomm ich alle 5 Min eine Java Fehler Meldung "Couldnt create a virtual Machine", bin mir nicht sicher ob das ein Virus weil laut Google soll das behoben sein wenn man Java deinstalliert und wieder installiert nachdem man CCleaner oder ähnliches ausführt aber es kommt trzd kommt es. :/
Deswegen schreib ich das mal hier hin.

Hier der HijackThis Bericht:




Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:03, on 20.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Users\Hazel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GPUMonitor.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Hazel\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 56.43.234.1 inwarez.com
O1 - Hosts: 56.43.234.1 www.inwarez.com
O1 - Hosts: 56.43.234.1 inwarez.net
O1 - Hosts: 56.43.234.1 www.inwarez.net
O1 - Hosts: 56.43.234.1 inwarez.org
O1 - Hosts: 56.43.234.1 www.inwarez.org
O1 - Hosts: 56.43.234.1 93.174.93.193
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [MSIAfterburner] "C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "e:\installierte spiele\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Startup: JDownloader.lnk = E:\Installierte Programme\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11680 bytes
         

Alt 20.08.2010, 23:01   #2
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Minimal-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________


Alt 22.08.2010, 01:04   #3
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Danke für die Antwort.
Hier die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 22.08.2010 01:58:24 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Hazel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 72,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 135,79 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 190,72 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 297,47 Gb Free Space | 31,93% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: HAZEL-PC
Current User Name: Hazel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hazel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Digsby\lib\digsby-app.exe (dotSyntax, LLC)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Users\Hazel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GPUMonitor.exe (Nick Connors)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hazel\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (DCamUSBVM) -- C:\Windows\SysNative\drivers\usbVM31b.sys (Vimicro Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 53 BB 7A 99 0D CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {9fb8c270-7124-11dd-ad8b-0800200c9a66}:1.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: fx4options@skorek.com:1.2.3c
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fx4theme@skorek.com:1.2.1.b
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 15:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.20 15:57:39 | 000,000,000 | ---D | M]
 
[2010.01.31 23:28:12 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Extensions
[2010.08.22 01:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions
[2010.08.16 18:23:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.27 18:00:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.11 23:32:48 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010.05.08 12:53:42 | 000,000,000 | ---D | M] (Download status) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
[2010.01.31 23:28:43 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.07.26 19:16:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.18 19:05:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.10 15:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.29 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4options@skorek.com
[2010.06.29 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4theme@skorek.com
[2010.01.31 23:28:43 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\illimitux@illimitux.net
[2010.06.29 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4theme@skorek.com\chrome\mozapps\extensions
[2010.02.01 01:02:30 | 000,002,163 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\bing.xml
[2010.05.01 02:25:37 | 000,002,059 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\daemon-search.xml
[2010.08.20 16:22:50 | 000,000,944 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\icqplugin.xml
[2010.08.22 01:54:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.08 20:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.08 20:40:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.18 12:08:51 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.14 13:40:53 | 000,001,013 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 56.43.234.1 inwarez.com
O1 - Hosts: 56.43.234.1 www.inwarez.com
O1 - Hosts: 56.43.234.1 inwarez.net
O1 - Hosts: 56.43.234.1 www.inwarez.net
O1 - Hosts: 56.43.234.1 inwarez.org
O1 - Hosts: 56.43.234.1 www.inwarez.org
O1 - Hosts: 56.43.234.1 93.174.93.193
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] e:\installierte spiele\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk = E:\Installierte Programme\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.31 19:56:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell - "" = AutoRun
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\configure\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\install\command - "" = G:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.20 16:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.08.19 20:33:36 | 000,000,000 | ---D | C] -- C:\Users\Hazel\AppData\Roaming\vlc
[2010.08.15 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.08.15 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Microsoft Office
[2010.08.15 13:16:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.08.15 13:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.08.15 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010.08.15 13:13:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.08.15 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010.08.15 13:12:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.08.15 13:12:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.08.12 06:48:57 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.12 06:48:56 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.12 06:48:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.12 06:48:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.12 06:48:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.12 06:48:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.12 06:48:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.12 06:48:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.12 06:48:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.12 06:48:42 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.12 06:48:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.12 06:48:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 19:41:27 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Documents\Gamescom Eintrittskarte
[2010.08.08 20:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.08.08 20:40:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.08 20:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.08 20:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.08 17:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.08.03 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\YY CHR
[2010.08.03 16:22:13 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Translhextion
[2010.08.03 00:31:26 | 000,000,000 | ---D | C] -- C:\Xobni
[2010.07.30 01:25:31 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Neuer Hack
[2010.07.30 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Xkas
[2010.07.30 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Addmusic
[2010.07.30 01:20:13 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Spritetool
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.22 02:01:18 | 003,407,872 | -HS- | M] () -- C:\Users\Hazel\NTUSER.DAT
[2010.08.22 01:58:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.22 01:45:01 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 01:45:01 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 01:39:59 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.22 01:39:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.22 01:39:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.22 01:39:37 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.21 00:25:35 | 004,899,560 | -H-- | M] () -- C:\Users\Hazel\AppData\Local\IconCache.db
[2010.08.20 23:12:05 | 000,000,675 | ---- | M] () -- C:\Users\Hazel\Desktop\World of Warcraft.lnk
[2010.08.20 23:10:59 | 000,001,188 | ---- | M] () -- C:\Users\Hazel\Desktop\Launcher.lnk
[2010.08.20 16:26:56 | 000,094,966 | ---- | M] () -- C:\Users\Hazel\Documents\cc_20100820_162648.reg
[2010.08.20 16:21:02 | 000,001,011 | ---- | M] () -- C:\Users\Hazel\Desktop\CCleaner.lnk
[2010.08.20 15:57:40 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.19 20:32:09 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.16 21:06:54 | 000,212,550 | ---- | M] () -- C:\Users\Hazel\Documents\ts3_clientui-win32-12040-2010-08-16 21_06_54.200930.dmp
[2010.08.16 18:50:07 | 000,108,824 | ---- | M] () -- C:\Users\Hazel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.16 18:49:23 | 002,347,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.15 13:41:25 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.08.15 13:13:30 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.08.14 15:06:00 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.14 15:06:00 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.14 15:06:00 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.14 15:06:00 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.14 15:06:00 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.08 20:40:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.08.08 20:40:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.08 20:40:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.08 20:40:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.04 18:51:39 | 000,001,613 | ---- | M] () -- C:\Users\Hazel\Desktop\DivX Movies.lnk
[2010.08.04 18:51:17 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.07.23 22:58:40 | 000,000,849 | ---- | M] () -- C:\Users\Hazel\Desktop\BlackShot.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.20 23:10:59 | 000,001,188 | ---- | C] () -- C:\Users\Hazel\Desktop\Launcher.lnk
[2010.08.20 16:26:53 | 000,094,966 | ---- | C] () -- C:\Users\Hazel\Documents\cc_20100820_162648.reg
[2010.08.20 16:21:02 | 000,001,011 | ---- | C] () -- C:\Users\Hazel\Desktop\CCleaner.lnk
[2010.08.19 20:32:09 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.16 21:06:54 | 000,212,550 | ---- | C] () -- C:\Users\Hazel\Documents\ts3_clientui-win32-12040-2010-08-16 21_06_54.200930.dmp
[2010.08.15 13:41:25 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.07.23 22:58:40 | 000,000,849 | ---- | C] () -- C:\Users\Hazel\Desktop\BlackShot.lnk
[2010.06.13 23:08:29 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.06.13 23:08:11 | 000,000,009 | ---- | C] () -- C:\Windows\Sierra.ini
[2010.06.12 14:51:49 | 000,000,032 | ---- | C] () -- C:\Users\Hazel\AppData\Local\xobni_installer_updater.log
[2010.06.06 19:50:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.06.06 19:50:21 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010.05.20 12:04:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.30 13:10:54 | 000,000,303 | ---- | C] () -- C:\Windows\game.ini
[2010.04.06 22:17:24 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.04.04 22:46:22 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.04.04 19:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.04.04 19:39:26 | 000,002,410 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.23 22:01:59 | 000,003,584 | ---- | C] () -- C:\Users\Hazel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 15:54:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.03.23 15:54:25 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.03.06 17:53:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.04.18 17:10:31 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\abgx360
[2010.03.08 18:49:29 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Audacity
[2010.08.08 14:04:42 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Bccthis
[2010.03.05 13:57:51 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Bioshock2
[2010.07.07 11:02:29 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\BonkEnc
[2010.04.20 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\DAEMON Tools Lite
[2010.08.22 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\DNA
[2010.02.09 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\FAlterSoft
[2010.08.21 00:25:36 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\ICQ
[2010.05.27 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Iggels
[2010.04.14 00:03:41 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\ImgBurn
[2010.02.01 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\ManyCam
[2010.07.06 22:55:19 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Need for Speed World
[2010.04.06 22:34:48 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\phonostar GmbH
[2010.03.08 19:39:22 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\TeamViewer
[2010.04.06 22:25:36 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\Tobit
[2010.08.16 21:11:57 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\TS3Client
[2010.08.20 15:53:40 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Und die Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 22.08.2010 01:58:24 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Hazel\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 72,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 135,79 Gb Free Space | 58,31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 190,72 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 297,47 Gb Free Space | 31,93% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: HAZEL-PC
Current User Name: Hazel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"1F83630F1D96893C47BCF19B627F1BBA13E0DAF7" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam  (06/21/2007 2.2.0.0)
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"D4D93CD19C3E3B78F95D0606CD187BDE3317187F" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam  (12/28/2006 1.0.0.0)
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-165C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71EC416A-0CAA-4661-AB1A-5B76ED22EC1E}" = Bccthis for Microsoft Office Outlook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4004C65-0428-4C5A-8218-33E2336CA372}_is1" = 2.0
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3FB33E7-6058-4C95-8FCE-9C0E01EAF946}" = M3 SAKURA V1.47 Global (GAME PATCH V4.8b)
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Afterburner" = MSI Afterburner 1.5.1
"Age of Emerald" = Age of Emerald
"ASCII Art Maker 1.7" = ASCII Art Maker 1.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Beetle Ju 3 (VOLLVERSION)" = Beetle Ju 3 (VOLLVERSION)
"BlackShot" = BlackShot Á¦°Å
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Fraps" = Fraps (remove only)
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Parabellum Beta" = Parabellum Beta
"GamersFirst War Rock" = War Rock
"HD Tune_is1" = HD Tune 2.55
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"LemmingballZ_0" = LemmingballZ 3D 8460
"Mani Admin Plugin Clients.txt Creator_is1" = Mani Admin Plugin Clients.txt Creator V.2.1
"ManyCam" = ManyCam 2.4 (remove only)
"Marxio Timer_is1" = Marxio Timer 1.11
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein Gartenparadies" = Mein Gartenparadies
"Messenger Plus! Live" = Messenger Plus! Live
"Mirador" = Mirador
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Neffy" = Neffy 1,3,29,0
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SpeedFan" = SpeedFan (remove only)
"SprayR" = SprayR 1.0 RC7b
"Steam App 400" = Portal
"streamWriter_is1" = streamWriter
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"WinImage" = WinImage
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 12:01:34 | Computer Name = Hazel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.08.2010 12:01:39 | Computer Name = Hazel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.08.2010 12:01:47 | Computer Name = Hazel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.08.2010 12:02:00 | Computer Name = Hazel-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 12.08.2010 18:59:41 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 09:11:01 | Computer Name = Hazel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Live.exe, Version: 1.0.0.14180, Zeitstempel:
 0x4ae78ff6  Name des fehlerhaften Moduls: Live.exe, Version: 1.0.0.14180, Zeitstempel:
 0x4ae78ff6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00107350  ID des fehlerhaften Prozesses:
 0xb28  Startzeit der fehlerhaften Anwendung: 0x01cb3ae8f00632a6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe  Berichtskennung: 376efe45-a6dc-11df-b3aa-82796feb0540
 
Error - 13.08.2010 09:11:07 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 09:11:07 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 18:53:25 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 14.08.2010 19:34:59 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 21.06.2010 14:42:59 | Computer Name = Hazel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 21.06.2010 15:20:53 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 15:21:08 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Microsoft Antimalware Service" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 21.06.2010 15:36:01 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 15:39:38 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 25.06.2010 20:21:06 | Computer Name = Hazel-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.85.795.0     Update Source: %%859     Update Stage:
 %%852     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.5902.0     Error
 code: 0x80072efe     Error description: Die Serververbindung wurde aufgrund eines Fehlers
 beendet. 
 
Error - 15.07.2010 14:43:39 | Computer Name = Hazel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 20:41:43 unerwartet heruntergefahren.
 
Error - 22.07.2010 05:43:07 | Computer Name = Hazel-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.07.2010 10:00:52 | Computer Name = Hazel-PC | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
 potentially unwanted software.    For more information please see the following:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vhorse.AIB&threatid=2147623041

	User:
 Hazel-PC\Hazel     Name: Trojan:Win32/Vhorse.AIB     ID: 2147623041     Severity: Severe     Category:
 Trojan     Path:      Action: %%808     Error Code: 0x80508023     Error description: The program could
 not find the spyware and other potentially unwanted software on this computer. 
     Status:      Signature Version: AV: 1.87.817.0, AS: 1.87.817.0     Engine Version: 1.1.6004.0
 
Error - 13.08.2010 13:57:29 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
__________________

Alt 22.08.2010, 11:35   #4
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren
Zitat:
Bittorrent DNA
Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :contents
    G:\SETUP.EXE
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
[/QUOTE]

Schritt 3

Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
O1 - Hosts: 56.43.234.1 inwarez.com
O1 - Hosts: 56.43.234.1 www.inwarez.com
O1 - Hosts: 56.43.234.1 inwarez.net
O1 - Hosts: 56.43.234.1 www.inwarez.net
O1 - Hosts: 56.43.234.1 inwarez.org
O1 - Hosts: 56.43.234.1 www.inwarez.org
O1 - Hosts: 56.43.234.1 93.174.93.193
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O32 - AutoRun File - [2010.01.31 19:56:25 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
:Commands
[resethosts]
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 4

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von diesen Downloadspiegel:
Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
  • Aktiviere "Komplett Scan durchführen" => Scan.
  • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
  • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
  • Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 5

Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Alt 22.08.2010, 16:33   #5
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Halle und Danke für deine Antwort.

Zu Schritt 1:
P2P nutze ich nicht. Habe ich nicht und werde ich auch nicht.
Ich lass mich auf diesen P2P Kram garnicht erst ein.
Aber ok.

Schritt 2:
Code:
ATTFilter
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:54 on 22/08/2010 by Hazel (Administrator - Elevation successful)

========== contents ==========

G:\SETUP.EXE - Unable to open file.

-=End Of File=-
         
Dazu muss ich sagen das ich G: Laufwerk habe bzw das ist ein virtuelles CD Laufwerk wo nichts gemountet ist.

Schritt 3:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
File E:\AUTOEXEC.BAT not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hazel
->Temp folder emptied: 452443 bytes
->Temporary Internet Files folder emptied: 70736 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71971894 bytes
->Flash cache emptied: 1056 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6994 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 69,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08222010_172137

Files\Folders moved on Reboot...
C:\Users\Hazel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Schritt 4:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4461

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.08.2010 17:17:33
mbam-log-2010-08-22 (17-17-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Durchsuchte Objekte: 541482
Laufzeit: 1 Stunde(n), 32 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Schritt 5:
Otl.txt:
Code:
ATTFilter
OTL logfile created on: 22.08.2010 17:28:28 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Hazel\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 136,03 Gb Free Space | 58,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 190,72 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 297,47 Gb Free Space | 31,93% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: HAZEL-PC
Current User Name: Hazel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hazel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Digsby\lib\digsby-app.exe (dotSyntax, LLC)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Users\Hazel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor.gadget\GPUMonitor.exe (Nick Connors)
PRC - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hazel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (DCamUSBVM) -- C:\Windows\SysNative\drivers\usbVM31b.sys (Vimicro Corporation)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (RTCore64) -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 53 BB 7A 99 0D CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {9fb8c270-7124-11dd-ad8b-0800200c9a66}:1.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: fx4options@skorek.com:1.2.3c
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fx4theme@skorek.com:1.2.1.b
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 15:51:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.20 15:57:39 | 000,000,000 | ---D | M]
 
[2010.01.31 23:28:12 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Extensions
[2010.08.22 01:54:47 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions
[2010.08.16 18:23:58 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.27 18:00:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.11 23:32:48 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2010.05.08 12:53:42 | 000,000,000 | ---D | M] (Download status) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
[2010.01.31 23:28:43 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.07.26 19:16:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.18 19:05:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.10 15:06:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.29 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4options@skorek.com
[2010.06.29 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4theme@skorek.com
[2010.01.31 23:28:43 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\illimitux@illimitux.net
[2010.06.29 10:18:18 | 000,000,000 | ---D | M] -- C:\Users\Hazel\AppData\Roaming\mozilla\Firefox\Profiles\k2j3brkk.default\extensions\fx4theme@skorek.com\chrome\mozapps\extensions
[2010.02.01 01:02:30 | 000,002,163 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\bing.xml
[2010.05.01 02:25:37 | 000,002,059 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\daemon-search.xml
[2010.08.20 16:22:50 | 000,000,944 | ---- | M] () -- C:\Users\Hazel\AppData\Roaming\Mozilla\FireFox\Profiles\k2j3brkk.default\searchplugins\icqplugin.xml
[2010.08.22 01:54:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.08 20:40:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.08 20:40:22 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.18 12:08:51 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.22 17:21:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RivaTuner] C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] e:\installierte spiele\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe ()
O4 - Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader.lnk = E:\Installierte Programme\JDownloader 0.6.193\JDownloader 0.6.193\JDownloader.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell - "" = AutoRun
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\configure\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{d8001648-0f2f-11df-8172-002185611f64}\Shell\install\command - "" = G:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.22 14:12:51 | 000,000,000 | ---D | C] -- C:\Users\Hazel\AppData\Roaming\Malwarebytes
[2010.08.22 14:12:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.22 14:12:41 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.22 14:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.22 14:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.22 13:58:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.22 01:57:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Hazel\Desktop\OTL.exe
[2010.08.20 16:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.08.19 20:33:36 | 000,000,000 | ---D | C] -- C:\Users\Hazel\AppData\Roaming\vlc
[2010.08.15 13:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.08.15 13:22:07 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Microsoft Office
[2010.08.15 13:16:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.08.15 13:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.08.15 13:15:40 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.08.15 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010.08.15 13:13:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.08.15 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010.08.15 13:12:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.08.15 13:12:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.08.12 06:48:57 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.12 06:48:56 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.12 06:48:56 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.12 06:48:50 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.12 06:48:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.12 06:48:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.12 06:48:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.12 06:48:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.12 06:48:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.12 06:48:42 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.12 06:48:42 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.12 06:48:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 19:41:27 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Documents\Gamescom Eintrittskarte
[2010.08.08 20:40:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.08.08 20:40:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.08 20:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.08 20:40:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.08 17:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.08.03 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\YY CHR
[2010.08.03 16:22:13 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Translhextion
[2010.08.03 00:31:26 | 000,000,000 | ---D | C] -- C:\Xobni
[2010.07.30 01:25:31 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Neuer Hack
[2010.07.30 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Xkas
[2010.07.30 01:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Addmusic
[2010.07.30 01:20:13 | 000,000,000 | ---D | C] -- C:\Users\Hazel\Desktop\Spritetool
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.22 17:29:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 17:29:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 17:23:59 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.22 17:23:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.22 17:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.22 17:23:29 | 536,223,743 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.22 17:21:58 | 003,407,872 | -HS- | M] () -- C:\Users\Hazel\NTUSER.DAT
[2010.08.22 17:21:56 | 004,903,706 | -H-- | M] () -- C:\Users\Hazel\AppData\Local\IconCache.db
[2010.08.22 17:21:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010.08.22 16:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.22 14:12:45 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 13:53:03 | 000,100,908 | ---- | M] () -- C:\Users\Hazel\Desktop\SystemLook.exe
[2010.08.22 01:57:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hazel\Desktop\OTL.exe
[2010.08.20 23:12:05 | 000,000,675 | ---- | M] () -- C:\Users\Hazel\Desktop\World of Warcraft.lnk
[2010.08.20 23:10:59 | 000,001,188 | ---- | M] () -- C:\Users\Hazel\Desktop\Launcher.lnk
[2010.08.20 16:26:56 | 000,094,966 | ---- | M] () -- C:\Users\Hazel\Documents\cc_20100820_162648.reg
[2010.08.20 16:21:02 | 000,001,011 | ---- | M] () -- C:\Users\Hazel\Desktop\CCleaner.lnk
[2010.08.20 15:57:40 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.19 20:32:09 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.16 21:06:54 | 000,212,550 | ---- | M] () -- C:\Users\Hazel\Documents\ts3_clientui-win32-12040-2010-08-16 21_06_54.200930.dmp
[2010.08.16 18:50:07 | 000,108,824 | ---- | M] () -- C:\Users\Hazel\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.16 18:49:23 | 002,347,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.15 13:41:25 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.08.15 13:13:30 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.08.14 15:06:00 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.14 15:06:00 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.14 15:06:00 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.14 15:06:00 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.14 15:06:00 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.08 20:40:21 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.08.08 20:40:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.08 20:40:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.08 20:40:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.04 18:51:39 | 000,001,613 | ---- | M] () -- C:\Users\Hazel\Desktop\DivX Movies.lnk
[2010.08.04 18:51:17 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.07.23 22:58:40 | 000,000,849 | ---- | M] () -- C:\Users\Hazel\Desktop\BlackShot.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.22 17:20:59 | 000,003,236 | ---- | C] () -- C:\Users\Hazel\Neues Textdokument.txt
[2010.08.22 14:12:45 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 13:53:02 | 000,100,908 | ---- | C] () -- C:\Users\Hazel\Desktop\SystemLook.exe
[2010.08.20 23:10:59 | 000,001,188 | ---- | C] () -- C:\Users\Hazel\Desktop\Launcher.lnk
[2010.08.20 16:26:53 | 000,094,966 | ---- | C] () -- C:\Users\Hazel\Documents\cc_20100820_162648.reg
[2010.08.20 16:21:02 | 000,001,011 | ---- | C] () -- C:\Users\Hazel\Desktop\CCleaner.lnk
[2010.08.19 20:32:09 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.08.16 21:06:54 | 000,212,550 | ---- | C] () -- C:\Users\Hazel\Documents\ts3_clientui-win32-12040-2010-08-16 21_06_54.200930.dmp
[2010.08.15 13:41:25 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.07.23 22:58:40 | 000,000,849 | ---- | C] () -- C:\Users\Hazel\Desktop\BlackShot.lnk
[2010.06.13 23:08:29 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.06.13 23:08:11 | 000,000,009 | ---- | C] () -- C:\Windows\Sierra.ini
[2010.06.12 14:51:49 | 000,000,032 | ---- | C] () -- C:\Users\Hazel\AppData\Local\xobni_installer_updater.log
[2010.06.06 19:50:22 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.06.06 19:50:21 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2010.05.20 12:04:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.04.30 13:10:54 | 000,000,303 | ---- | C] () -- C:\Windows\game.ini
[2010.04.06 22:17:24 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.04.04 22:46:22 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.04.04 19:39:26 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.04.04 19:39:26 | 000,002,410 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.23 22:01:59 | 000,003,584 | ---- | C] () -- C:\Users\Hazel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 15:54:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.03.23 15:54:25 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.03.06 17:53:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >
         
Extra.txt:
Code:
ATTFilter
OTL Extras logfile created on: 22.08.2010 17:28:29 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Hazel\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 136,03 Gb Free Space | 58,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,51 Gb Total Space | 190,72 Gb Free Space | 20,47% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931,51 Gb Total Space | 297,47 Gb Free Space | 31,93% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: HAZEL-PC
Current User Name: Hazel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"1F83630F1D96893C47BCF19B627F1BBA13E0DAF7" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyFirCam) OlyFirCam  (06/21/2007 2.2.0.0)
"81AE60DDD229A248055515E311406D86F7E4012A" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"D4D93CD19C3E3B78F95D0606CD187BDE3317187F" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. (OlyUsbCam) OlyUsbCam  (12/28/2006 1.0.0.0)
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-165C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71EC416A-0CAA-4661-AB1A-5B76ED22EC1E}" = Bccthis for Microsoft Office Outlook
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80958B03-07E3-4F0A-8950-4F709899F321}" = OLYMPUS Studio 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4004C65-0428-4C5A-8218-33E2336CA372}_is1" = 2.0
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3FB33E7-6058-4C95-8FCE-9C0E01EAF946}" = M3 SAKURA V1.47 Global (GAME PATCH V4.8b)
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"abgx360" = abgx360 v1.0.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Afterburner" = MSI Afterburner 1.5.1
"Age of Emerald" = Age of Emerald
"ASCII Art Maker 1.7" = ASCII Art Maker 1.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Beetle Ju 3 (VOLLVERSION)" = Beetle Ju 3 (VOLLVERSION)
"BlackShot" = BlackShot Á¦°Å
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"CCleaner" = CCleaner
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Fraps" = Fraps (remove only)
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst Parabellum Beta" = Parabellum Beta
"GamersFirst War Rock" = War Rock
"HD Tune_is1" = HD Tune 2.55
"ImgBurn" = ImgBurn
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"LemmingballZ_0" = LemmingballZ 3D 8460
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mani Admin Plugin Clients.txt Creator_is1" = Mani Admin Plugin Clients.txt Creator V.2.1
"ManyCam" = ManyCam 2.4 (remove only)
"Marxio Timer_is1" = Marxio Timer 1.11
"McAfee Security Scan" = McAfee Security Scan Plus
"Mein Gartenparadies" = Mein Gartenparadies
"Messenger Plus! Live" = Messenger Plus! Live
"Mirador" = Mirador
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Neffy" = Neffy 1,3,29,0
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SpeedFan" = SpeedFan (remove only)
"SprayR" = SprayR 1.0 RC7b
"Steam App 400" = Portal
"streamWriter_is1" = streamWriter
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"WinImage" = WinImage
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.08.2010 18:59:41 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 09:11:01 | Computer Name = Hazel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Live.exe, Version: 1.0.0.14180, Zeitstempel:
 0x4ae78ff6  Name des fehlerhaften Moduls: Live.exe, Version: 1.0.0.14180, Zeitstempel:
 0x4ae78ff6  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00107350  ID des fehlerhaften Prozesses:
 0xb28  Startzeit der fehlerhaften Anwendung: 0x01cb3ae8f00632a6  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe  Berichtskennung: 376efe45-a6dc-11df-b3aa-82796feb0540
 
Error - 13.08.2010 09:11:07 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 09:11:07 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 13.08.2010 18:53:25 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 14.08.2010 19:34:59 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.08.2010 07:07:02 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.08.2010 07:07:02 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.08.2010 07:07:27 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.08.2010 07:07:27 | Computer Name = Hazel-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 21.06.2010 14:42:59 | Computer Name = Hazel-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 21.06.2010 15:20:53 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 15:21:08 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Microsoft Antimalware Service" Korrekturmaßnahmen (Neustart des Diensts)
 durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 21.06.2010 15:36:01 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 15:39:38 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Microsoft Antimalware Service" wurde unerwartet beendet. Dies
 ist bereits 3 Mal passiert.
 
Error - 25.06.2010 20:21:06 | Computer Name = Hazel-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.85.795.0     Update Source: %%859     Update Stage:
 %%852     Source Path: hxxp://www.microsoft.com     Signature Type: %%800     Update Type: %%803

	User:
 NT-AUTORITÄT\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.5902.0     Error
 code: 0x80072efe     Error description: Die Serververbindung wurde aufgrund eines Fehlers
 beendet. 
 
Error - 15.07.2010 14:43:39 | Computer Name = Hazel-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 20:41:43 unerwartet heruntergefahren.
 
Error - 22.07.2010 05:43:07 | Computer Name = Hazel-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.07.2010 10:00:52 | Computer Name = Hazel-PC | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
 potentially unwanted software.    For more information please see the following:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Vhorse.AIB&threatid=2147623041

	User:
 Hazel-PC\Hazel     Name: Trojan:Win32/Vhorse.AIB     ID: 2147623041     Severity: Severe     Category:
 Trojan     Path:      Action: %%808     Error Code: 0x80508023     Error description: The program could
 not find the spyware and other potentially unwanted software on this computer. 
     Status:      Signature Version: AV: 1.87.817.0, AS: 1.87.817.0     Engine Version: 1.1.6004.0
 
Error - 13.08.2010 13:57:29 | Computer Name = Hazel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         


Alt 22.08.2010, 16:36   #6
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Kleine Rückmeldung bitte

Alt 22.08.2010, 16:42   #7
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Wie?
Hab ich was vergessen zu posten?

Es hat so lange gedauert weil der Malwarebytes Scan knapp 1 1/2 Stunden gedauert hat.

Alt 22.08.2010, 18:29   #8
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Ne alles gut. Wollte nur Fragen ob noch was verschickt wird?

Alt 22.08.2010, 20:06   #9
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Nein gestern Abend nicht ich guck nochmal heute, aber der Virus sollte jetzt weg sein?

EDIT: Das war aber kein Stealer der irgendwie meine Passwörter klaut oder so sonst müsste ich ja zur Bank gehen und den das sagen bzw bei Paypal das gleiche?
EDIT2: Die auf den Link geklickt haben, haben die auch den Virus das die Mails verschicken, das war eine Viagra Seite aber nichts zum runterladen oder so.
Oder kann bei den sein das die jz nen Stealer haben?

Geändert von Hazel01 (22.08.2010 um 20:14 Uhr)

Alt 22.08.2010, 20:43   #10
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Zur Sicherheit wechsle einfach all Deine Passwörter. Wobei es bei Deiner Infektion eher darum ging, dein System als Spamverteiler zu nutzte um Werbung an all Deine Kontakte zu verteilen. Die Links in den Werbungen sind sicher nicht Sicher, aber müssen auch nicht zwangshaft eine Trojaner laden. Also am besten Du schreibst Deine Kontakte an. Wenn bei denen gleiche Symptome auftreten dann sollen die sich melden.

Schritt 1

Was jetzt nötig ist, sind Online-Scans, da wir immer nur einen kleinen Teil des Rechners prüfen können. Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer.

Vorbereitung
  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während der Online-Scans deaktivieren:
    Anti-Virus-Programm und Firewall.
  • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
  • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
    Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
  • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
  • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


  • .

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Alt 23.08.2010, 05:39   #11
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Ich hoffe der hat die jetzt nicht gelöscht?
Weil das waren alles Spiele .exe.

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5f90697448e6ac4e9114c5d9249608c5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-23 02:16:19
# local_time=2010-08-23 04:16:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776573 100 100 0 12966391 0 0
# compatibility_mode=8192 67108863 100 0 368 368 0 0
# scanned=423584
# found=10
# cleaned=10
# scan_time=21566
E:\Installierte Spiele\Beat Hazard\Steamclient.dll	a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
E:\Installierte Spiele\War Rock\system\WarRock.exe	a variant of Win32/Packed.Themida application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Fallout 3\DVD1\gns-f3ga\gns-f3ga.iso	probably a variant of Win32/Spy.Agent.LBIHWHN trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Fallout 3\DVD2\gns-f3gb\gns-f3gb.iso	probably a variant of Win32/Spy.Agent.LBIHWHN trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\FIFA 09\rld-fif9.iso	probably a variant of Win32/Obfuscated.JJEZGMV trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Harry Potter und der Halbblut Prinz\rzr-hpbp.iso	probably a variant of Win32/Hupigon.NPYNBMO trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Iron Man\enigma-ironman.iso	probably a variant of Win32/Adware.Agent.NOWTBDL application (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\James Camerons Avatar The Game\rld-avtr.iso	Win32/Packed.VMProtect.D trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Need For Speed Carbon Collectors Edition\rzr-nfsc.iso	probably a variant of Win32/Agent.KUNSSGB trojan (deleted - quarantined)	00000000000000000000000000000000	C
H:\PC Spiele\Outcry Die Daemmerung\gns-outc.iso	probably a variant of Win32/Spy.Agent.LONJYQZ trojan (deleted - quarantined)	00000000000000000000000000000000	C
         

Alt 23.08.2010, 19:13   #12
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Omg der hat meine ganzen .exe gelöscht die als Viren erkannt wurden, geil ich kann die Spiele nicht mehr zocken. Nettes Programm was von alleine löscht.

Alt 23.08.2010, 20:09   #13
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Das waren aber alles iso Dateien? Woher hast du sie und sind das alles Legale Spiele?

Alt 23.08.2010, 20:31   #14
Hazel01
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Warrock war keine ISO ist so nen Free Multiplayer Ego Shooter.
Und der Rest sind Scene Realease => das heisst nicht gekauft.

Aber doof das das Anti Vir Programm das automatisch löscht. :/
Ich bin mir fast zu 100% sicher das der nur Fehlermeldung bei den Cracks raushaut, aber direkt löschen.

Alt 23.08.2010, 20:40   #15
Swisstreasure
/// Malwareteam
 
Ich verschicke per MSN Email spam Nachrichten - Standard

Ich verschicke per MSN Email spam Nachrichten



Kein weiterer Support möglich

Die Nutzung von Cracks, Keygens und Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng.

Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein.

Da bleibt mir nichts weiter, als Dir zu empfehlen, in Zukunft auf derlei Software zu verzichten. Mit solcher Software endet der Support und beschränkt sich auf den Hinweis, das System neu zu installieren. Wenn Du das System neu installiert hast, kannst Du gerne einen neuen Thread eröffnen. Dieser Thread wird geschlossen.

Antwort

Themen zu Ich verschicke per MSN Email spam Nachrichten
adobe, bho, bonjour, browser, email, email spam, explorer, fehler, firefox, google, hijack, hijackthis, hijackthis bericht, internet, internet explorer, java fehler, logfile, microsoft, mozilla, nicht sicher, nvidia, object, pando media booster, plug-in, programdata, programme, security, security scan, senden, software, spam, syswow64, virtual machine, virus, windows



Ähnliche Themen: Ich verschicke per MSN Email spam Nachrichten


  1. WEB.de verschickt selbständig Spam-Nachrichten
    Log-Analyse und Auswertung - 14.10.2015 (11)
  2. Mailadresse versendet Spam Nachrichten.
    Log-Analyse und Auswertung - 22.05.2015 (14)
  3. DHL PDF im Spam Email geöffnet
    Log-Analyse und Auswertung - 20.05.2015 (13)
  4. E-Mail Konto bei Telekom verschickt in meinem Namen Spam Nachrichten.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2013 (11)
  5. Win32/Toolbar.Zugo - yahoo! mail verschickt Spam-Nachrichten von selbst
    Log-Analyse und Auswertung - 16.06.2013 (27)
  6. Verschicke Spam Mails
    Log-Analyse und Auswertung - 25.01.2013 (12)
  7. Verschicke Spam-Emails
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (13)
  8. Netzbetreiber sagt ich verschicke Schadware/Spam
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (6)
  9. Spam-Nachrichten von meinem E-Mail-Account verschickt - Befürchtung, daß ich 'nen Virus hab...
    Log-Analyse und Auswertung - 25.11.2011 (12)
  10. Email-Spam
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (1)
  11. Verschicke Spam-Mails an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (6)
  12. verschicke spam mit msn und er stürzt immer ab
    Log-Analyse und Auswertung - 04.05.2010 (22)
  13. verschicke über MSN perverse Nachrichten - Hier mein Logfile!
    Log-Analyse und Auswertung - 31.07.2008 (8)
  14. verschicke ich spam?
    Überwachung, Datenschutz und Spam - 19.06.2007 (7)
  15. Ärger mit T-Online, weil ich angeblich Spam-Mails verschicke.
    Plagegeister aller Art und deren Bekämpfung - 14.11.2003 (3)

Zum Thema Ich verschicke per MSN Email spam Nachrichten - Hi Leute, Ich verschicke per MSN EMail Konto jede Nacht um 0.00 Uhr ca. eine Email an alle aus meiner Kontakt Liste mit irgendeinem Link von einer Viagra Seite glaub - Ich verschicke per MSN Email spam Nachrichten...
Archiv
Du betrachtest: Ich verschicke per MSN Email spam Nachrichten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.