Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.12.2011, 21:06   #1
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Moin zusammen,

ich habe mir schon oft Tipps aus diesem Forum rausgesucht aber nun stehe ich auf dem Schlauch...

Ich habe das Problem, das mein Mailprogramm "Windows Live Mail" Spam versendet. Könnt Ihr mir helfen dieses Schädling, der das verursacht zu entfernen?

Das eine oder andere Programm habe ich schon probiert.. habe aber Schwierigkeiten 1. die LOGS auszuwerten und 2. dann die entsprechenden Gegenmaßnahmen zu leisten.

Bin über jede Hilfe außerordentlich dankbar.
LG
Ch4uv1e

Alt 23.12.2011, 05:28   #2
kira
/// Helfer-Team
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
► Falls es Meldung/Bericht von deinem Antivirenprogramm oder andere Schutzprogramme gibt, bitte posten! Was gefunden und vor allem wo...
► Beschreibe, welche Versuche du unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten)

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 23.12.2011, 17:52   #3
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Vielen Dank für die Hilfe!!!
Habe bis jetzt Malwarebytes Anti-Malware benützt.
Hier das Ergebnis:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122306

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 18:39:11
mbam-log-2011-12-23 (18-39-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 499246
Laufzeit: 1 Stunde(n), 44 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Werde nun OLT probiere.
LG
__________________

Alt 23.12.2011, 18:41   #4
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Hier die OLt.txt
Code:
ATTFilter
OTL logfile created on: 23.12.2011 18:55:21 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\UserXY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 35,21% Memory free
7,87 Gb Paging File | 4,89 Gb Available in Paging File | 62,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 172,72 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 28,23 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: UserXY-PC | User Name: UserXY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\UserXY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Programme\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
MOD - C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo)
SRV:64bit: - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV:64bit: - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (ReadyComm.DirectRouter) -- C:\windows\SysWow64\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\windows\SysWow64\IgrsSvcs.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (ATIAVPCI) -- C:\Windows\SysNative\drivers\atinavrr.sys (ATI Technologies Inc.)
DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)
DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de-de.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.einsatz.bundeswehr.de/portal/a/einsatzbw/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN_SJdw0xB8lB2EGu-pFw0aCUVH1fj_zcVH1v_QD9gtyIckdHRUUAFEVdhA!!/delta/base64xml/L3dJdyEvd0ZNQUFzQUMvNElVRS82XzFMX0VTMQ!!"
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.05.10 13:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.05.10 13:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.05.10 13:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 18:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.20 22:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions
[2011.11.09 22:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions
[2011.11.09 22:27:45 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.10.05 21:18:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.21 19:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.11.10 18:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.21 16:44:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GJSYBMO.DEFAULT\EXTENSIONS\{A5475360-A7EA-437B-9A79-29208F476940}.XPI
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GJSYBMO.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.11.10 18:28:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.02 10:08:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 10:08:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 10:08:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 10:08:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 10:08:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 10:08:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\
CHR - Extension: YouTube = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2011.12.23 00:01:11 | 000,439,956 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 15125 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Ferret Gaming Mouse] C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MediaGet2] C:\Users\UserXY\AppData\Local\MediaGet2\mediaget.exe --minimized File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31151D60-D04C-4C60-AC9C-5CE4955C99C4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA91CBA-DC8C-43FF-9C36-49994A0F6F56}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CADA82-B818-4FE4-B28F-3CDA6D559DA7}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5605E6-C357-478E-9252-0BC3D7DF10CD}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7276388-C15C-4634-B5AE-C23E6D14E15E}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EE1716-A8A0-4357-995A-AC2B02165EF4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes
[2011.12.23 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.23 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.23 13:04:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011.12.23 13:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.23 11:17:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F0F9E42B-D95B-4E4B-BA4E-4987735B32FE}
[2011.12.22 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E761172F-4A41-4248-9381-30A816C3EDCF}
[2011.12.22 21:17:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{DE4A941F-C868-4DD6-B85A-FD7280DF3FB2}
[2011.12.22 07:10:43 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2011.12.21 22:54:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\UserXY\Desktop\OTL.exe
[2011.12.21 22:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Virus MSN
[2011.12.21 22:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2011.12.21 20:28:24 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{23820886-A6F5-4B53-B0E6-A283BF248B94}
[2011.12.21 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{58F3DF79-C147-4721-BA61-623A52F6F513}
[2011.12.21 19:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.21 19:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.21 19:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.21 18:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.21 18:51:28 | 000,074,880 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011.12.21 18:51:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\SysWow64\drivers\ssmdrv.sys
[2011.12.21 18:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.21 18:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.21 07:28:41 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CEB77FAC-EE8E-4437-A963-E3BEF9002E86}
[2011.12.21 07:28:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CBB24A00-D4F9-445E-8071-7C0091E08119}
[2011.12.21 06:34:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5E8DB4A2-19F5-4F3F-BE7F-ECAA46A6BBA3}
[2011.12.20 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{EC66862A-2DF5-490F-9508-5AEEAC431E21}
[2011.12.20 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{697BB127-4524-4453-AB01-275367CA3951}
[2011.12.20 18:33:08 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{41B42598-67BF-4517-919A-73358311B963}
[2011.12.20 06:32:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{54C49EB5-0534-4A39-8050-23E75C07E051}
[2011.12.20 06:32:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D7CA888B-E28B-4AE2-BFFF-C6B5A8416F25}
[2011.12.20 06:31:30 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{1D5BE593-FF20-4559-A367-F955538BA7A1}
[2011.12.19 18:31:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C0BB5707-38ED-4C52-84CE-51748F9F25D0}
[2011.12.19 18:30:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4C406F28-C620-407D-9319-A689B740C5E4}
[2011.12.19 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F7817153-F764-4A96-A721-6FADCBEF8169}
[2011.12.19 06:29:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{B2131290-3AE3-4142-AFF5-A43F71CC52D9}
[2011.12.19 06:27:38 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{8F9453BA-8A62-41C1-B88F-81AF254418E7}
[2011.12.18 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{93ABE7DE-35BF-4EF7-9E20-FC1940FB9B24}
[2011.12.18 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3F5C1D84-500F-44DC-AEF1-7B5C26B74827}
[2011.12.18 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E2CA1C26-4E1A-4E5C-A7CD-352365EC5145}
[2011.12.18 11:44:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{807A31A5-76AB-4F78-A333-3367D7D5021D}
[2011.12.17 23:45:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{305DA6BA-C871-4E75-B63C-1E2A22683FBB}
[2011.12.17 23:44:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6A554F19-A490-463C-8C20-9D0048D39F3D}
[2011.12.17 11:17:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{05A9C5E3-EE3E-4B4A-94F7-4E2DB2F6FA69}
[2011.12.17 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{19DB6FA2-1699-4B0E-A56F-C16BFB239EE5}
[2011.12.17 11:15:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{21F762EB-F5F2-4C88-89A4-C15C6FAEC545}
[2011.12.16 12:02:04 | 000,000,000 | ---D | C] -- C:\34dbc5b24e8377ada30ef2a4a1
[2011.12.16 11:59:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011.12.16 11:59:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011.12.16 11:59:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011.12.16 11:59:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011.12.16 11:59:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011.12.16 11:59:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011.12.16 11:59:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2011.12.16 11:59:01 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011.12.16 11:59:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2011.12.16 11:59:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011.12.16 11:58:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011.12.16 11:46:44 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Lehrgang Plön 2011
[2011.12.16 11:46:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\2011 12 15 HS12
[2011.12.16 06:25:03 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5C13D8F7-4F45-4244-8D1B-6C077F0F89C0}
[2011.12.15 23:10:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011.12.15 23:10:44 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011.12.15 23:10:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011.12.15 17:42:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{970AA118-FC0B-445B-B464-AA5B2EB42BE3}
[2011.12.13 22:39:00 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{EE0B5AD9-33D6-4130-8B1F-AF190BC67732}
[2011.12.13 22:38:49 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{88D8C8BC-FD1B-40F1-A81C-B1FFFF200EC0}
[2011.12.13 22:38:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CACFBB0E-87C6-49F1-82EE-577645099B4A}
[2011.12.13 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6AF9EC01-09AD-4412-BBD5-2FDE8EE7A028}
[2011.12.13 10:37:30 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{31722CC3-4C73-4AA1-9526-B2FD1BF9EA92}
[2011.12.13 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{97474F36-0DE5-445D-A7D7-436AC47745B0}
[2011.12.12 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0E593BE1-CABE-4429-B207-BD944441BA1D}
[2011.12.12 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{113B489D-6A9A-4359-A5D5-5646D07099FC}
[2011.12.12 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{13D31F98-0CD1-44C2-8772-E43EA81B99E8}
[2011.12.12 19:09:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\MF Fragenkatalog
[2011.12.12 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Bw
[2011.12.12 10:35:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5AABA16F-A2EB-41E0-91D3-EA69DA35EFEA}
[2011.12.12 10:34:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{74A83997-9CE3-40B2-9881-B5DB808D96F2}
[2011.12.11 23:38:48 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{74BD2357-8232-4C8B-BF0E-D9D48C282298}
[2011.12.11 08:25:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{BAB85B9E-8E61-4C8E-B696-ECF926D35427}
[2011.12.10 20:24:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C3BFF58D-9D89-4A9B-9EF4-8BC52C042533}
[2011.12.10 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6E5FD438-4B12-4F5C-A6A5-A4D0806AF4E4}
[2011.12.10 20:13:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F810C697-14B5-47B4-8DA2-FBFE26159E90}
[2011.12.10 11:23:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F9D64CC6-D057-47BF-B634-6E25D361A12C}
[2011.12.10 11:19:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{305BBCB9-598F-4A3C-987D-4CA19205AF39}
[2011.12.09 06:19:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0FC2882B-FDFA-4F75-8EAE-FD08C2B0308D}
[2011.12.08 18:18:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{491EFE69-1C81-4800-BFEA-7ACC72E6FD37}
[2011.12.08 06:17:17 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{8F1098C5-6BC3-4702-8F42-576FB6F5D929}
[2011.12.07 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0EA8698C-DD91-46A2-B961-1122783E121E}
[2011.12.07 18:16:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E07A583F-30F9-4590-B9A4-BB647CE512C6}
[2011.12.07 06:39:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\PokerStars
[2011.12.07 06:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.12.07 06:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2011.12.07 06:15:45 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9EE2AD73-4899-4594-83C2-660A46C4B24D}
[2011.12.07 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\PokerStars.NET
[2011.12.07 06:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2011.12.06 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2AC2E61A-8864-47AA-8987-827074C124EE}
[2011.12.06 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C7D362AE-8706-49B8-8EB0-10C772C88EFA}
[2011.12.06 18:18:15 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{85ECF006-D851-402E-BF00-1F3C36543F66}
[2011.12.06 06:17:59 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{865A431B-ED15-48E2-A596-3B2FE317CC99}
[2011.12.06 06:17:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2676B89B-4E29-4343-99A6-3C72B7146D28}
[2011.12.06 06:17:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CBA9598D-A0A6-4114-B8F3-2EC895C38E8C}
[2011.12.05 18:16:34 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{DD852F19-28B5-4A75-B1EF-46CCC9528C33}
[2011.12.05 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{B93CD67A-A7A9-4593-BDBE-0FE89665D5FB}
[2011.12.05 18:15:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C44382B1-CE69-4830-8F75-E329B19210FE}
[2011.12.05 13:34:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\WSO Kuipel
[2011.12.05 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C18C5B99-81F6-41D3-8524-7098AA903B05}
[2011.12.05 06:15:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{60521F1E-8875-4202-BB39-5E396956AAC5}
[2011.12.04 13:18:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F847F304-0115-4DA5-AAEB-3D4FE2A5B8F0}
[2011.12.04 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{93A035A6-6C33-44C6-951D-CA21195C8711}
[2011.12.04 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2A62B45E-C20C-4BC8-ADAE-14C86F08AF86}
[2011.12.04 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6DC57428-F417-41E7-97CA-8FCEE0C9FBDC}
[2011.12.03 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.12.03 15:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.03 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{40814D1B-AF76-4E88-88C4-652B229BAD67}
[2011.12.03 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{287CAAE8-EFA7-4D6F-8843-90934BE26E14}
[2011.12.03 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F7CCBB42-0054-4ADE-B2E5-BC88BF3EED72}
[2011.12.02 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D3CEB3C2-486C-4DB2-A6B2-6AD4E951536B}
[2011.12.02 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{51BA23A8-0542-4EEB-AA67-A16114A18E1D}
[2011.12.02 12:14:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4A9787D1-8646-45AF-A34D-676526BB1CEE}
[2011.12.02 06:41:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4793DBCB-66A8-4FB0-B07B-D9580B955078}
[2011.12.01 18:40:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{073684C9-669F-441E-91CF-9C6F0EC160E2}
[2011.12.01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{560D7B62-CB23-498B-A449-5E312FA063A9}
[2011.12.01 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{551C8537-084C-4940-A72C-4D5E793A477A}
[2011.12.01 18:39:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{058CCC41-4A4E-43D8-8A40-246C18BE1B46}
[2011.12.01 06:38:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E1D6E61E-19D7-4160-98D7-B363AC86FE24}
[2011.12.01 06:38:46 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9A608524-F609-4FC9-B009-D3D08B635FCD}
[2011.12.01 06:38:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4CAE9F50-BF07-4177-BFFD-0B14A7AF6C4E}
[2011.11.30 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4EB76B30-BA11-4D00-91DD-111950A7362F}
[2011.11.30 18:37:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{32C1EABC-BD75-4CFF-81B7-B35E34032172}
[2011.11.30 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{098F093B-D328-4C6F-A24A-B070339875C5}
[2011.11.30 14:59:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Fragenkatalog
[2011.11.30 06:36:27 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{06EB71A9-9AD0-43F0-BFCE-8556CD5BD646}
[2011.11.30 06:35:01 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{510135DB-2FA0-4D2D-A9A9-E2D59D5CF3FA}
[2011.11.29 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4A364C7A-B7D8-4BDD-902D-8EC4095948D6}
[2011.11.29 05:41:45 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{AA088DCA-72AC-4DD5-879A-BB2B11845959}
[2011.11.29 05:28:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3CEBDD1D-3563-494F-870F-0A375A3474FC}
[2011.11.28 12:07:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{73FE2BCA-E1B0-4CF7-B065-0382560973DE}
[2011.11.28 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E3BE7BB0-FA64-4891-8668-B5EE519D4575}
[2011.11.28 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3FC2D951-AD94-49C1-87F3-6F183F38C1D1}
[2011.11.28 12:06:02 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9F121627-F028-4593-A91B-D2B582616B4E}
[2011.11.28 00:05:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{A82A9321-AB02-4633-85FB-6AFEC96C0A1F}
[2011.11.28 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{05D885C5-39C2-4071-BC4C-34D9C985F235}
[2011.11.27 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3B2832DD-C063-462B-B08A-91059C8115EE}
[2011.11.27 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2F3C11DA-A800-421F-B788-200D352AA354}
[2011.11.27 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6206C6DE-F5D9-4330-9371-98052D88A512}
[2011.11.27 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{650C1E02-7A27-4702-8D68-1E73BE44673A}
[2011.11.27 10:02:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{401740B1-B4D1-4089-83F8-82DA06FF7FFE}
[2011.11.26 16:02:33 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9A96B614-5A0F-4DD6-9804-822AAA5E6F69}
[2011.11.26 16:01:56 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C7B0A24E-5FF8-43F0-B470-3B6641975071}
[2011.11.26 16:01:42 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6D54C6D4-55DC-4759-A135-2E145F0ABC63}
[2011.11.25 06:13:16 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{A1E90A5C-0EED-4404-9C9D-1A2E45D54674}
[2011.11.25 06:11:09 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{82EFFA90-8CA0-4C82-B839-74434A98B4D2}
[2011.11.24 17:55:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{7D3CE9C5-869F-466E-B5D7-AC3E7239F6D0}
[2011.11.24 17:54:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D2172C03-4393-491D-B142-06B2B750679D}
[2011.11.24 17:36:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{B4F8A086-0D81-49B6-B6C6-11FE35C152E9}
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 18:11:06 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.23 11:18:19 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011.12.23 00:01:11 | 000,439,956 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011.12.22 23:28:47 | 000,439,956 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20111223-000111.backup
[2011.12.22 22:03:57 | 000,074,880 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011.12.22 21:24:36 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 21:24:36 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.22 21:17:00 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.22 21:15:54 | 3168,190,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.21 22:50:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserXY\Desktop\OTL.exe
[2011.12.21 22:47:53 | 000,001,056 | ---- | M] () -- C:\Users\UserXY\Desktop\Clean Virus MSN.lnk
[2011.12.21 20:32:23 | 000,439,956 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20111222-232847.backup
[2011.12.21 18:51:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.12.20 17:13:26 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011.12.20 17:13:26 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011.12.20 17:13:26 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011.12.20 17:13:26 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011.12.20 17:13:26 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011.12.17 11:13:35 | 000,453,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011.12.07 06:38:57 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011.12.04 13:36:03 | 569,953,398 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011.12.01 20:26:36 | 000,717,397 | ---- | M] () -- C:\Users\UserXY\Desktop\dsa btsm t2.pdf
[2011.12.01 15:58:44 | 000,696,305 | ---- | M] () -- C:\Users\UserXY\Desktop\DSA_Prüfblock(1).pdf
[2011.12.01 06:46:02 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011.11.30 15:05:15 | 020,279,163 | ---- | M] () -- C:\Users\UserXY\Desktop\Fragenkatalog.rar
[2011.11.28 20:52:15 | 000,001,443 | ---- | M] () -- C:\Users\UserXY\Desktop\Notenberechung UL2.lnk
[2011.11.28 19:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011.11.28 16:04:22 | 000,012,956 | ---- | M] () -- C:\Users\UserXY\Bilder\Documents\Leistungsabzeichen BtsmLhrg2 - 2.odt
[2011.11.25 11:43:09 | 000,013,363 | ---- | M] () -- C:\Users\UserXY\Bilder\Documents\Leistungsabzeichen BtsmLhrg2 - 1.odt
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.21 22:47:53 | 000,001,056 | ---- | C] () -- C:\Users\UserXY\Desktop\Clean Virus MSN.lnk
[2011.12.21 18:51:31 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.12.07 06:38:57 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011.12.05 16:06:29 | 867,147,252 | ---- | C] () -- C:\Users\UserXY\Desktop\Full Metal Jacket.avi
[2011.12.02 20:15:27 | 000,012,800 | ---- | C] () -- C:\Users\UserXY\Desktop\Betreuung Jolanta Laschewski.odt
[2011.12.01 17:05:52 | 000,717,397 | ---- | C] () -- C:\Users\UserXY\Desktop\dsa btsm t2.pdf
[2011.12.01 16:00:50 | 000,696,305 | ---- | C] () -- C:\Users\UserXY\Desktop\DSA_Prüfblock(1).pdf
[2011.11.30 15:05:08 | 020,279,163 | ---- | C] () -- C:\Users\UserXY\Desktop\Fragenkatalog.rar
[2011.11.28 20:52:15 | 000,001,443 | ---- | C] () -- C:\Users\UserXY\Desktop\Notenberechung UL2.lnk
[2011.11.28 16:03:33 | 000,012,956 | ---- | C] () -- C:\Users\UserXY\Bilder\Documents\Leistungsabzeichen BtsmLhrg2 - 2.odt
[2011.11.25 08:50:17 | 000,013,363 | ---- | C] () -- C:\Users\UserXY\Bilder\Documents\Leistungsabzeichen BtsmLhrg2 - 1.odt
[2011.11.25 08:43:29 | 000,015,769 | ---- | C] () -- C:\Users\UserXY\Desktop\Gesuch Offzlaufbahn.odt
[2011.10.06 19:30:32 | 000,004,608 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.02 19:42:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.01 08:06:48 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.05.21 16:46:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.21 09:33:59 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.05.10 13:09:25 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011.05.10 12:54:12 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.05.10 12:54:12 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.05.10 12:54:05 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.05.10 12:36:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.08.09 09:28:09 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010.07.06 02:54:55 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2009.07.14 06:38:36 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys

< End of report >
         

Alt 23.12.2011, 18:43   #5
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 23.12.2011 18:55:21 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Björn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 35,21% Memory free
7,87 Gb Paging File | 4,89 Gb Available in Paging File | 62,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 172,72 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 28,23 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: PC-Name | User Name: Björn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2C88B925-0033-2866-2091-60FBA46FCE2F}" = ATI Catalyst Install Manager
"{39BED0C8-6EC1-EE1E-E6B3-DF98B47C8F34}" = ccc-utility64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CF29845C-705E-4450-A3FF-1D4754455AB9}" = Hybrid TV
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"DF9F23E360B18E10871A49C3BC1AEDA269B8E0E2" = Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA  (07/16/2009 6.14.10.373)
"DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth  (01/06/2010 6.2.0.9416)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0180EA2E-5C9D-FBDD-547E-07CE7479AA7D}" = CCC Help Thai
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0F744AF2-FF1B-C6A5-832D-C3FF984EAA48}" = CCC Help Greek
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F822778-E050-51A9-02E6-848347F4A7C8}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20426F3A-85B2-4955-D76B-D81EBE92AA92}" = Catalyst Control Center Localization All
"{2099FED4-7E46-9048-DBE2-EBAAE86B46C0}" = CCC Help Turkish
"{23A8CBF1-BB33-1F65-6444-7BC38A25B2D2}" = ccc-core-static
"{25AC9DDB-6EEF-82FB-237D-7F47E3A32894}" = CCC Help Italian
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"{29E62586-8B65-B6EC-E2EF-42CBFD52D4DD}" = CCC Help Danish
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D805381-CFD3-FEE4-D0ED-03A7763226E7}" = CCC Help Korean
"{33262E08-96D8-8ADC-5F0B-893DE5FA5B72}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37C1B7DA-C81B-D088-AAF1-A2D7CF0126DC}" = Catalyst Control Center InstallProxy
"{39E4B5E9-74D2-A4DF-1647-36C972EE7F64}" = CCC Help French
"{3D84CAA7-76E9-44D1-4C55-FDC72F25EFAC}" = CCC Help Swedish
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{420D0798-DE9C-7A70-CD13-ABDDD41DB69A}" = CCC Help German
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5657E1BE-3E82-298B-8C2C-48878A01D47B}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5885739F-97FF-4907-AC74-065515FFAFF0}" = Catalyst Control Center - Branding
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FB1408-630F-94FF-0B33-3CE203A0012E}" = CCC Help Chinese Traditional
"{750DB974-A6E3-2A08-57BC-4B67DC0BEF00}" = CCC Help Portuguese
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{759C9701-3966-2AF8-6366-088D91EAC342}" = CCC Help Russian
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7D3DEF5C-ADAF-EE77-0FBD-339A31C9B73D}" = CCC Help Chinese Standard
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8029B4A6-9C8A-6D6C-9C77-C5AAEFBED72F}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C06EE31-AE51-4589-B53F-1406F6BBA229}" = F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A67A910-120B-7D87-5FE7-0CA84FB76C09}" = CCC Help Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B249E44B-8F72-E14D-6560-40E070C1C70E}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC9779B1-1A22-5400-B919-7A518F882038}" = CCC Help Japanese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D7C51D0A-9E0F-4B95-3F57-ECEFEBE14E3B}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC7AA43-D354-8FD8-5336-69CD4C1E4A06}" = Catalyst Control Center Graphics Previews Vista
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA1FB2F3-93C4-9CB7-C3D3-CF82228FE259}" = CCC Help Finnish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Clean Virus MSN_is1" = Clean Virus MSN
"Counter-Strike 1.6" = Counter-Strike 1.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Ferret Gaming Mouse" = Ferret Gaming Mouse driver
"FileZilla" = FileZilla (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}" = Lenovo MuteSync
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Lenovo Games Console" = Lenovo Games Console
"Lenovo SlideNav2" = Lenovo SlideNav
"Lenovo SplitScreen" = Lenovo SplitScreen
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Pidgin" = Pidgin
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"PriceGong" = PriceGong 2.5.1
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2011 13:04:22 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.12.2011 13:04:24 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 16.12.2011 13:04:30 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 17.12.2011 06:09:48 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 17.12.2011 06:09:51 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 17.12.2011 06:09:53 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 17.12.2011 06:13:54 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.12.2011 07:14:44 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = GetLoggedOnUser
 
Error - 17.12.2011 08:03:57 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 17.12.2011 15:20:45 | Computer Name = PC-Name | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ Media Center Events ]
Error - 11.12.2011 01:53:11 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 06:53:11 - Fehler beim Herstellen der Internetverbindung.  06:53:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.12.2011 01:53:24 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 06:53:17 - Fehler beim Herstellen der Internetverbindung.  06:53:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2011 12:42:14 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 17:42:13 - Fehler beim Herstellen der Internetverbindung.  17:42:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2011 12:42:38 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 17:42:19 - Fehler beim Herstellen der Internetverbindung.  17:42:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.12.2011 08:06:31 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 13:06:31 - Fehler beim Herstellen der Internetverbindung.  13:06:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.12.2011 08:07:09 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 13:06:40 - Fehler beim Herstellen der Internetverbindung.  13:06:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 01:03:40 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 06:03:40 - Fehler beim Herstellen der Internetverbindung.  06:03:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.12.2011 01:04:01 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 06:03:45 - Fehler beim Herstellen der Internetverbindung.  06:03:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 17:20:35 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 22:20:35 - Fehler beim Herstellen der Internetverbindung.  22:20:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 17:21:34 | Computer Name = PC-Name | Source = MCUpdate | ID = 0
Description = 22:20:41 - Fehler beim Herstellen der Internetverbindung.  22:20:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 31.10.2011 13:32:20 | Computer Name = PC-Name | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 38985 seconds with 3900 seconds of active time.  This session ended with 
a crash.
 
[ System Events ]
Error - 11.09.2011 03:48:20 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:27 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:33 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:39 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:45 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:53 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:48:59 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:49:05 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:49:11 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 11.09.2011 03:49:18 | Computer Name = PC-Name | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >
         


Alt 23.12.2011, 19:55   #6
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



CCCleaner
Code:
ATTFilter
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	26.07.2011	6,00MB	10.3.181.34
Adobe Reader 9.2 - Deutsch	Adobe Systems Incorporated	24.05.2011	239MB	9.2.0
ANNO 1404	Ubisoft	19.10.2011		1.02.0000
ANNO 1404 - Venedig	Ubisoft	19.10.2011		2.0.5008.0
ATI Catalyst Install Manager	ATI Technologies, Inc.	09.05.2011	22,3MB	3.0.782.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	20.12.2011		
Bing Bar	Microsoft Corporation	09.05.2011		6.0.2282.0
Broadcom 802.11 Wireless Driver		09.05.2011		1.0.0.0
Broadcom Gigabit NetLink Controller	Broadcom Corporation	09.05.2011	0,36MB	12.52.01
CCleaner	Piriform	22.12.2011		3.14
Counter-Strike 1.6		21.09.2011		
CyberLink YouCam	CyberLink Corp.	09.05.2011	134,0MB	3.0.2603
DAEMON Tools Lite	DT Soft Ltd	19.11.2011		4.45.1.0236
Energy Management	Lenovo	09.05.2011		5.4.1.6
F.E.A.R. Ultimate Shooter Edition - F.E.A.R. 2	WB Games	27.05.2011		1.00.0000
Ferret Gaming Mouse driver		28.05.2011		
FileZilla (remove only)		21.05.2011		
Google Chrome	Google Inc.	02.12.2011		16.0.912.63
Google Earth	Google	02.12.2011	92,7MB	6.1.0.5001
Hybrid TV	Lenovo	20.08.2011	9,82MB	6.14.10373
ICQ7.5	ICQ	19.05.2011		7.5
Intel(R) Control Center	Intel Corporation	10.05.2011		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	10.05.2011		6.0.0.1179
Intel(R) Rapid Storage Technology	Intel Corporation	10.05.2011		9.6.0.1014
IrfanView (remove only)	Irfan Skiljan	08.11.2011	1,50MB	4.30
Java(TM) 6 Update 26	Oracle	20.05.2011	97,1MB	6.0.260
JMicron Flash Media Controller Driver	JMicron Technology Corp.	09.05.2011		1.0.41.2
Lenovo Bluetooth with Enhanced Data Rate Software	Broadcom Corporation	09.05.2011	144,4MB	6.2.1.1200
Lenovo DirectShare	ArcSoft	09.05.2011	37,9MB	1.0.1.38
Lenovo EasyCamera	Lenovo EasyCamera	09.05.2011		1.10.0510.01
Lenovo Games Console	Oberon Media Inc.	09.05.2011		0.38.389.2
Lenovo MuteSync	Lenovo	09.05.2011	0,38MB	1.0.0.2
Lenovo OneKey Recovery	CyberLink Corp.	09.05.2011		7.0.1230
Lenovo ReadyComm 5	Lenovo	09.05.2011		5.1.1.22
Lenovo SlideNav	Lenovo	09.05.2011		2.0.1230.0003
Lenovo SplitScreen	Lenovo	09.05.2011		1.00.1823.0001
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	22.12.2011	13,8MB	1.51.2.1300
Medal of Honor (TM)	Electronic Arts	06.06.2011	7.549MB	1.0.0.0
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	21.05.2011	38,8MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	22.10.2011		12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	16.11.2011	7,95MB	14.0.5130.5003
Microsoft PowerPoint Viewer	Microsoft Corporation	15.12.2011	196,0MB	14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	13.10.2011	79,7MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	09.05.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	20.05.2011	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	20.05.2011	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	09.05.2011	0,69MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	09.05.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	18.06.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	06.06.2011	0,24MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	20.12.2011	0,22MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.05.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	18.06.2011	0,59MB	9.0.30729.6161
Mobile Partner	Huawei Technologies Co.,Ltd	03.10.2011		16.002.03.02.705
Mozilla Firefox 8.0 (x86 de)	Mozilla	09.11.2011	36,0MB	8.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	10.09.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	10.09.2011	1,33MB	4.20.9876.0
NVIDIA PhysX	NVIDIA Corporation	06.06.2011	119,9MB	9.09.0203
OneKey Recovery	CyberLink Corp.	10.05.2011		7.0.1230
Onekey Theater	Lenovo	09.05.2011	1,63MB	2.0.2.6
OpenOffice.org 3.3	OpenOffice.org	20.05.2011	415MB	3.3.9567
PC Connectivity Solution	Nokia	08.09.2011	15,0MB	8.15.0.0
Pidgin		23.05.2011		2.7.11
PlayReady PC Runtime amd64	Microsoft Corporation	20.05.2011	2,06MB	1.3.0
PokerStars	PokerStars	06.12.2011		
PokerStars.net	PokerStars.net	06.12.2011		
Power2Go	CyberLink Corp.	09.05.2011		5.6.0.4809d4
PriceGong 2.5.1	PriceGong	08.11.2011		2.5.1
Realtek HDMI Audio Driver for ATI	Realtek Semiconductor Corp.	09.05.2011		6.0.1.6121
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.05.2011		6.0.1.6278
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]	bitComposer Games	24.05.2011		1.6.01
Samsung Mobile phone USB driver Drive Software		08.09.2011		
Samsung New PC Studio	Samsung Electronics Co., Ltd.	08.09.2011	297MB	1.00.0000
SAMSUNG USB Driver for Mobile Phones	SAMSUNG Electronics Co., Ltd.	08.09.2011	35,5MB	1.3.650.0
SamsungConnectivityCableDriver	Samsung	08.09.2011	0,72MB	6.83.6.2.1
Skype Toolbars	Skype Technologies S.A.	20.05.2011	6,95MB	5.3.7280
Skype™ 5.3	Skype Technologies S.A.	20.05.2011	22,6MB	5.3.111
Spybot - Search & Destroy	Safer Networking Limited	20.12.2011		1.6.2
Synaptics Pointing Device Driver	Synaptics Incorporated	09.05.2011	46,4MB	15.0.19.1
VeriFace	Lenovo	09.05.2011		3.6.0.1211
VLC media player 1.1.10	VideoLAN	18.06.2011		1.1.10
Vodafone Mobile Connect Lite	Vodafone	03.10.2011	23,7MB	9.3.3.10523
Windows Driver Package - Broadcom Bluetooth  (01/06/2010 6.2.0.9416)	Broadcom	09.05.2011		01/06/2010 6.2.0.9416
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)	Broadcom	09.05.2011		07/28/2009 6.2.0.9800
Windows Driver Package - YUAN High-Tech Development Co., Ltd (ATIAVPCI) MEDIA  (07/16/2009 6.14.10.373)	YUAN High-Tech Development Co., Ltd	09.05.2011		07/16/2009 6.14.10.373
Windows Live Essentials	Microsoft Corporation	19.10.2011		15.4.3538.0513
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	09.05.2011	5,57MB	15.4.5722.2
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	09.05.2011	5,58MB	15.4.5722.2
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)	Lenovo	09.05.2011		10/19/2009 5.4.0.1
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)	Nokia	08.09.2011		10/12/2007 6.85.4.0
WinRAR 4.01 (64-Bit)	win.rar GmbH	10.09.2011		4.01.0
         

Alt 24.12.2011, 06:48   #7
kira
/// Helfer-Team
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Zitat:
Zitat von Ch4uv1e Beitrag anzeigen

Das eine oder andere Programm habe ich schon probiert..
► Falls es Meldung/Bericht von deinem Antivirenprogramm oder andere Schutzprogramme gibt, bitte posten! Was gefunden und vor allem wo...
► Beschreibe, welche Versuche du unternommen hast, um das Problem zu lösen (die schon vorhandenen Ergebnisse auch posten)
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 24.12.2011, 07:02   #8
kira
/// Helfer-Team
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



1.
Zitat:
Spybot
- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de-de.facebook.com/
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.10.02 10:08:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 10:08:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll (PriceGong)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\Shell - "" = AutoRun
O33 - MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\Shell - "" = AutoRun
O33 - MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\Shell - "" = AutoRun
O33 - MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

10.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 25.12.2011, 12:25   #9
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Hier die txt nach dem fixen!

Vielen Dank schon mal und frohe Weihnachten

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found.
File C:\Program Files (x86)\PriceGong\2.5.1\PriceGongIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9852d6-ee8d-11e0-8080-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d985343-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d985343-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d985343-ee8d-11e0-8080-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d985358-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d985358-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d985358-ee8d-11e0-8080-60eb69d0933c}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d98536c-ee8d-11e0-8080-60eb69d0933c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853ab-ee8d-11e0-8080-60eb69d0933c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853b7-ee8d-11e0-8080-60eb69d0933c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853c3-ee8d-11e0-8080-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d9853c8-ee8d-11e0-8080-60eb69d0933c}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2834ba17-f555-11e0-8e27-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2834ba17-f555-11e0-8e27-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2834ba17-f555-11e0-8e27-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e1e4d3f-83bf-11e0-b499-ec55f9df0176}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e1e4d57-83bf-11e0-b499-ec55f9df0176}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4099789e-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4099789e-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4099789e-837e-11e0-8bd4-ec55f9df0176}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409978a3-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409978a3-837e-11e0-8bd4-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{409978a3-837e-11e0-8bd4-ec55f9df0176}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{483cf6f6-890a-11e0-8fce-ec55f9df0176}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e5703fa-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e5703fc-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6e570484-ecd5-11e0-b1c9-60eb69d0933c}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c743a-eeae-11e0-9b3a-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7446-eeae-11e0-9b3a-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7452-eeae-11e0-9b3a-60eb69d0933c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7468-eeae-11e0-9b3a-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{793c7468-eeae-11e0-9b3a-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{793c7468-eeae-11e0-9b3a-001e101f1f81}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40da-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40da-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40da-ee9b-11e0-95a0-001e101f1838}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40de-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40de-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40de-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40e6-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40ea-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40f5-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa40f9-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa4110-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{99aa4110-ee9b-11e0-95a0-001e101f1838}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99aa4110-ee9b-11e0-95a0-001e101f1838}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9dd1837c-8ada-11e0-8a53-60eb69d0933c}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c635f5-1ec4-11e1-b182-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6c63601-1ec4-11e1-b182-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db14a23b-896a-11e0-a30f-ec55f9df0176}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db14a23b-896a-11e0-a30f-ec55f9df0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db14a23b-896a-11e0-a30f-ec55f9df0176}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc04f61b-c128-11e0-8878-001e101fe70e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc04f61b-c128-11e0-8878-001e101fe70e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc04f61b-c128-11e0-8878-001e101fe70e}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746129-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f474612e-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746131-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4746137-ee8a-11e0-a3f6-60eb69d0933c}\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: XYUser
->Temp folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Mcx1-XYUser-PC
->Temp folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12252011_123429

Files\Folders moved on Reboot...
File\Folder C:\Users\XYUser\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 26.12.2011, 07:38   #10
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/25/2011 at 03:09 PM

Application Version : 5.0.1142

Core Rules Database Version : 8087
Trace Rules Database Version: 5899

Scan type       : Complete Scan
Total Scan Time : 01:38:38

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 738
Memory threats detected   : 0
Registry items scanned    : 72838
Registry threats detected : 0
File items scanned        : 122959
File threats detected     : 53

Adware.Tracking Cookie
	www.googleadservices.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.etracker.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	eas.apm.emediate.eu [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxvalue.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxvalue.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.bs.serving-sys.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.zanox.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy12 [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy12 [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy12 [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	wwwxyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sexad.net [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.crakmedia.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	xyxyxy[ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.exoclick.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ww251.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zanox.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.smartadserver.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad3.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad2.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adfarm1.adition.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tracking.quisma.com [ C:\USERS\USERXY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Trojan.Agent/Gen-SoftonicDownloader
	C:\USERS\USERXY\DOWNLOADS\SOFTONICDOWNLOADER_FUER_FREE-YOUTUBE-DOWNLOAD.EXE
         

Geändert von Ch4uv1e (26.12.2011 um 07:43 Uhr)

Alt 26.12.2011, 07:49   #11
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



kann man die OLT.txt vom 23.12 aus dem Thread löschen? Die brauchen wir ja nicht mehr oder?

Alt 26.12.2011, 13:31   #12
kira
/// Helfer-Team
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



rauslöschen kann ich das leider nicht mehr

- hast Du noch nicht alle vorherigen Schritte erledigt!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 26.12.2011, 15:31   #13
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Schritt 9 OLT.txt
Code:
ATTFilter
OTL logfile created on: 26.12.2011 16:07:26 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\UserXY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: xxx| Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 42,41% Memory free
7,87 Gb Paging File | 4,97 Gb Available in Paging File | 63,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 198,09 Gb Free Space | 47,13% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 28,23 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
 
Computer Name: UserXY-PC | User Name: UserXY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.21 22:50:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserXY\Desktop\OTL.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.07 12:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011.11.10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.10 12:54:22 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011.05.10 12:54:10 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.07.04 18:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.06.14 08:28:12 | 001,310,720 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.03 23:48:12 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010.01.24 11:47:46 | 001,021,888 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
PRC - [2010.01.19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009.11.04 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.07 12:16:28 | 000,411,192 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
MOD - [2011.12.07 12:16:27 | 003,767,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
MOD - [2011.12.07 12:14:56 | 000,122,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avutil-51.dll
MOD - [2011.12.07 12:14:55 | 000,222,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avformat-53.dll
MOD - [2011.12.07 12:14:53 | 001,746,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
MOD - [2011.12.07 08:22:33 | 008,593,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
MOD - [2011.10.13 01:00:04 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011.10.13 00:00:46 | 011,819,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.13 00:00:35 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.12 23:59:52 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.12 23:59:43 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.12 23:59:22 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.12 23:59:12 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.12 23:59:06 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.12 23:59:04 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.12 23:58:54 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.05.20 23:47:09 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.05.10 19:47:26 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.05.10 12:54:22 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011.05.10 12:54:10 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.18 15:49:24 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2010.10.18 15:46:22 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010.06.14 08:28:12 | 001,310,720 | ---- | M] () -- C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.06.29 15:38:34 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.12.30 07:27:00 | 000,069,568 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe -- (Slidebar Notifier Service)
SRV:64bit: - [2009.11.17 16:00:54 | 000,575,304 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009.08.14 15:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.01.12 17:15:24 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.11.04 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.07.15 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.04 11:52:18 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.21 16:31:15 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.24 17:15:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.24 17:15:43 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.04.18 14:43:26 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011.04.18 14:43:22 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.29 16:09:58 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.29 14:48:34 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.06.02 07:35:42 | 000,229,456 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.05.24 13:07:58 | 000,253,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.11 18:06:18 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.05.11 18:06:18 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.05.11 18:06:18 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010.05.03 12:19:40 | 000,317,488 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.04.27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.04.27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.03.26 08:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.02 16:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.01.15 19:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010.01.15 01:51:20 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.15 01:51:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 01:51:10 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.12.14 09:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.10.19 01:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009.10.16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.16 18:31:24 | 001,383,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009.07.16 12:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009.07.16 04:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.08.06 13:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.09.17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.einsatz.bundeswehr.de/portal/a/einsatzbw/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKLN_SJdw0xB8lB2EGu-pFw0aCUVH1fj_zcVH1v_QD9gtyIckdHRUUAFEVdhA!!/delta/base64xml/L3dJdyEvd0ZNQUFzQUMvNElVRS82XzFMX0VTMQ!!"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.05.10 13:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.05.10 13:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.05.10 13:04:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 18:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.05.20 22:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions
[2011.11.09 22:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions
[2011.11.09 22:27:45 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.10.05 21:18:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.21 19:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\0gjsybmo.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.11.10 18:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.21 16:44:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GJSYBMO.DEFAULT\EXTENSIONS\{A5475360-A7EA-437B-9A79-29208F476940}.XPI
File not found (No name found) -- C:\USERS\BJöRN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GJSYBMO.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.11.10 18:28:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.02 10:08:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 10:08:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 10:08:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 10:08:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.0_0\
CHR - Extension: YouTube = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\UserXY\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2011.12.26 13:23:54 | 000,000,909 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Ferret Gaming Mouse] C:\Program Files (x86)\SPEEDLINK Ferret Gaming Mouse\GMouse.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = xxx.xxx.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31151D60-D04C-4C60-AC9C-5CE4955C99C4}: DhcpNameServer = xxx.xxx.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA91CBA-DC8C-43FF-9C36-49994A0F6F56}: NameServer = xxx.xxx.244.225 xxx.xxx.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CADA82-B818-4FE4-B28F-3CDA6D559DA7}: NameServer = xxx.xxx.244.225 xxx.xxx.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5605E6-C357-478E-9252-0BC3D7DF10CD}: NameServer = xxx.xxx.244.225 xxx.xxx.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7276388-C15C-4634-B5AE-C23E6D14E15E}: NameServer = xxx.xxx.244.225 xxx.xxx.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0EE1716-A8A0-4357-995A-AC2B02165EF4}: DhcpNameServer = xxx.xxx.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.26 13:41:42 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\UserXY\Desktop\aswMBR.exe
[2011.12.26 12:24:35 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E29D4E3E-A243-4215-866E-6CA66356AE6F}
[2011.12.26 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{EC35307F-EE00-4103-B7A7-B8B3E0B2267E}
[2011.12.26 12:24:15 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D3BCCF37-9EFE-443D-B91E-83A239B11B21}
[2011.12.26 12:23:54 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F653607B-7D90-441E-A442-0742E15454B3}
[2011.12.26 08:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.12.26 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{1B418F35-C0CE-4E40-A23F-73F79040B309}
[2011.12.26 00:23:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CA3D505A-7682-4ADF-9AFC-0839445AFAD0}
[2011.12.25 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Avira
[2011.12.25 20:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 20:15:18 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011.12.25 20:15:18 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011.12.25 20:15:18 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2011.12.25 20:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 20:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 13:29:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.25 13:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.25 13:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.25 13:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.25 12:32:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.25 12:22:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0AFDD35E-755A-46AF-967F-3152575906D0}
[2011.12.25 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{505C299C-AE15-4640-9D7C-F3724E1FA8D5}
[2011.12.24 18:12:48 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{8E0AB30B-C568-4F79-82DF-4932D0881A54}
[2011.12.24 03:06:02 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{45BBB487-1CB5-488D-9BB5-271B846C8DC7}
[2011.12.23 19:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.23 13:05:00 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes
[2011.12.23 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.23 13:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.23 13:04:35 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011.12.23 13:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.23 11:17:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F0F9E42B-D95B-4E4B-BA4E-4987735B32FE}
[2011.12.22 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E761172F-4A41-4248-9381-30A816C3EDCF}
[2011.12.22 21:17:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{DE4A941F-C868-4DD6-B85A-FD7280DF3FB2}
[2011.12.22 07:10:43 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2011.12.21 22:54:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\UserXY\Desktop\OTL.exe
[2011.12.21 22:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clean Virus MSN
[2011.12.21 22:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AxBx
[2011.12.21 20:28:24 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{23820886-A6F5-4B53-B0E6-A283BF248B94}
[2011.12.21 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{58F3DF79-C147-4721-BA61-623A52F6F513}
[2011.12.21 19:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.21 19:01:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.21 07:28:41 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CEB77FAC-EE8E-4437-A963-E3BEF9002E86}
[2011.12.21 07:28:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CBB24A00-D4F9-445E-8071-7C0091E08119}
[2011.12.21 06:34:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5E8DB4A2-19F5-4F3F-BE7F-ECAA46A6BBA3}
[2011.12.20 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{EC66862A-2DF5-490F-9508-5AEEAC431E21}
[2011.12.20 18:33:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{697BB127-4524-4453-AB01-275367CA3951}
[2011.12.20 18:33:08 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{41B42598-67BF-4517-919A-73358311B963}
[2011.12.20 06:32:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{54C49EB5-0534-4A39-8050-23E75C07E051}
[2011.12.20 06:32:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D7CA888B-E28B-4AE2-BFFF-C6B5A8416F25}
[2011.12.20 06:31:30 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{1D5BE593-FF20-4559-A367-F955538BA7A1}
[2011.12.19 18:31:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C0BB5707-38ED-4C52-84CE-51748F9F25D0}
[2011.12.19 18:30:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4C406F28-C620-407D-9319-A689B740C5E4}
[2011.12.19 18:30:32 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F7817153-F764-4A96-A721-6FADCBEF8169}
[2011.12.19 06:29:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{B2131290-3AE3-4142-AFF5-A43F71CC52D9}
[2011.12.19 06:27:38 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{8F9453BA-8A62-41C1-B88F-81AF254418E7}
[2011.12.18 11:45:44 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{93ABE7DE-35BF-4EF7-9E20-FC1940FB9B24}
[2011.12.18 11:45:32 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3F5C1D84-500F-44DC-AEF1-7B5C26B74827}
[2011.12.18 11:45:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E2CA1C26-4E1A-4E5C-A7CD-352365EC5145}
[2011.12.18 11:44:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{807A31A5-76AB-4F78-A333-3367D7D5021D}
[2011.12.17 23:45:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{305DA6BA-C871-4E75-B63C-1E2A22683FBB}
[2011.12.17 23:44:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6A554F19-A490-463C-8C20-9D0048D39F3D}
[2011.12.17 11:17:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{05A9C5E3-EE3E-4B4A-94F7-4E2DB2F6FA69}
[2011.12.17 11:16:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{19DB6FA2-1699-4B0E-A56F-C16BFB239EE5}
[2011.12.17 11:15:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{21F762EB-F5F2-4C88-89A4-C15C6FAEC545}
[2011.12.16 12:02:04 | 000,000,000 | ---D | C] -- C:\34dbc5b24e8377ada30ef2a4a1
[2011.12.16 11:59:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011.12.16 11:59:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011.12.16 11:59:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2011.12.16 11:59:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2011.12.16 11:59:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011.12.16 11:59:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011.12.16 11:59:02 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2011.12.16 11:59:01 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2011.12.16 11:59:01 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2011.12.16 11:59:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011.12.16 11:58:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011.12.16 06:25:03 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5C13D8F7-4F45-4244-8D1B-6C077F0F89C0}
[2011.12.15 23:10:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2011.12.15 23:10:44 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011.12.15 23:10:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011.12.15 17:42:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{970AA118-FC0B-445B-B464-AA5B2EB42BE3}
[2011.12.13 22:39:00 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{EE0B5AD9-33D6-4130-8B1F-AF190BC67732}
[2011.12.13 22:38:49 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{88D8C8BC-FD1B-40F1-A81C-B1FFFF200EC0}
[2011.12.13 22:38:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CACFBB0E-87C6-49F1-82EE-577645099B4A}
[2011.12.13 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6AF9EC01-09AD-4412-BBD5-2FDE8EE7A028}
[2011.12.13 10:37:30 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{31722CC3-4C73-4AA1-9526-B2FD1BF9EA92}
[2011.12.13 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{97474F36-0DE5-445D-A7D7-436AC47745B0}
[2011.12.12 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0E593BE1-CABE-4429-B207-BD944441BA1D}
[2011.12.12 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{113B489D-6A9A-4359-A5D5-5646D07099FC}
[2011.12.12 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{13D31F98-0CD1-44C2-8772-E43EA81B99E8}
[2011.12.12 10:35:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{5AABA16F-A2EB-41E0-91D3-EA69DA35EFEA}
[2011.12.12 10:34:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{74A83997-9CE3-40B2-9881-B5DB808D96F2}
[2011.12.11 23:38:48 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{74BD2357-8232-4C8B-BF0E-D9D48C282298}
[2011.12.11 08:25:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{BAB85B9E-8E61-4C8E-B696-ECF926D35427}
[2011.12.10 20:24:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C3BFF58D-9D89-4A9B-9EF4-8BC52C042533}
[2011.12.10 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6E5FD438-4B12-4F5C-A6A5-A4D0806AF4E4}
[2011.12.10 20:13:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F810C697-14B5-47B4-8DA2-FBFE26159E90}
[2011.12.10 11:23:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F9D64CC6-D057-47BF-B634-6E25D361A12C}
[2011.12.10 11:19:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{305BBCB9-598F-4A3C-987D-4CA19205AF39}
[2011.12.09 06:19:18 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0FC2882B-FDFA-4F75-8EAE-FD08C2B0308D}
[2011.12.08 18:18:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{491EFE69-1C81-4800-BFEA-7ACC72E6FD37}
[2011.12.08 06:17:17 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{8F1098C5-6BC3-4702-8F42-576FB6F5D929}
[2011.12.07 18:16:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{0EA8698C-DD91-46A2-B961-1122783E121E}
[2011.12.07 18:16:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E07A583F-30F9-4590-B9A4-BB647CE512C6}
[2011.12.07 06:39:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\PokerStars
[2011.12.07 06:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.12.07 06:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2011.12.07 06:15:45 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9EE2AD73-4899-4594-83C2-660A46C4B24D}
[2011.12.07 06:13:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\PokerStars.NET
[2011.12.07 06:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2011.12.06 18:19:08 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2AC2E61A-8864-47AA-8987-827074C124EE}
[2011.12.06 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C7D362AE-8706-49B8-8EB0-10C772C88EFA}
[2011.12.06 18:18:15 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{85ECF006-D851-402E-BF00-1F3C36543F66}
[2011.12.06 06:17:59 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{865A431B-ED15-48E2-A596-3B2FE317CC99}
[2011.12.06 06:17:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2676B89B-4E29-4343-99A6-3C72B7146D28}
[2011.12.06 06:17:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{CBA9598D-A0A6-4114-B8F3-2EC895C38E8C}
[2011.12.05 18:16:34 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{DD852F19-28B5-4A75-B1EF-46CCC9528C33}
[2011.12.05 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{B93CD67A-A7A9-4593-BDBE-0FE89665D5FB}
[2011.12.05 18:15:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C44382B1-CE69-4830-8F75-E329B19210FE}
[2011.12.05 06:18:34 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{C18C5B99-81F6-41D3-8524-7098AA903B05}
[2011.12.05 06:15:04 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{60521F1E-8875-4202-BB39-5E396956AAC5}
[2011.12.04 13:18:50 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F847F304-0115-4DA5-AAEB-3D4FE2A5B8F0}
[2011.12.04 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{93A035A6-6C33-44C6-951D-CA21195C8711}
[2011.12.04 13:18:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2A62B45E-C20C-4BC8-ADAE-14C86F08AF86}
[2011.12.04 13:18:17 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6DC57428-F417-41E7-97CA-8FCEE0C9FBDC}
[2011.12.03 15:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.12.03 15:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.12.03 11:12:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{40814D1B-AF76-4E88-88C4-652B229BAD67}
[2011.12.03 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{287CAAE8-EFA7-4D6F-8843-90934BE26E14}
[2011.12.03 11:07:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{F7CCBB42-0054-4ADE-B2E5-BC88BF3EED72}
[2011.12.02 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{D3CEB3C2-486C-4DB2-A6B2-6AD4E951536B}
[2011.12.02 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{51BA23A8-0542-4EEB-AA67-A16114A18E1D}
[2011.12.02 12:14:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4A9787D1-8646-45AF-A34D-676526BB1CEE}
[2011.12.02 06:41:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4793DBCB-66A8-4FB0-B07B-D9580B955078}
[2011.12.01 18:40:39 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{073684C9-669F-441E-91CF-9C6F0EC160E2}
[2011.12.01 18:40:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{560D7B62-CB23-498B-A449-5E312FA063A9}
[2011.12.01 18:39:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{551C8537-084C-4940-A72C-4D5E793A477A}
[2011.12.01 18:39:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{058CCC41-4A4E-43D8-8A40-246C18BE1B46}
[2011.12.01 06:38:57 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E1D6E61E-19D7-4160-98D7-B363AC86FE24}
[2011.12.01 06:38:46 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9A608524-F609-4FC9-B009-D3D08B635FCD}
[2011.12.01 06:38:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4CAE9F50-BF07-4177-BFFD-0B14A7AF6C4E}
[2011.11.30 18:37:40 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4EB76B30-BA11-4D00-91DD-111950A7362F}
[2011.11.30 18:37:26 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{32C1EABC-BD75-4CFF-81B7-B35E34032172}
[2011.11.30 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{098F093B-D328-4C6F-A24A-B070339875C5}
[2011.11.30 06:36:27 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{06EB71A9-9AD0-43F0-BFCE-8556CD5BD646}
[2011.11.30 06:35:01 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{510135DB-2FA0-4D2D-A9A9-E2D59D5CF3FA}
[2011.11.29 17:26:29 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{4A364C7A-B7D8-4BDD-902D-8EC4095948D6}
[2011.11.29 05:41:45 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{AA088DCA-72AC-4DD5-879A-BB2B11845959}
[2011.11.29 05:28:19 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3CEBDD1D-3563-494F-870F-0A375A3474FC}
[2011.11.28 12:07:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{73FE2BCA-E1B0-4CF7-B065-0382560973DE}
[2011.11.28 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{E3BE7BB0-FA64-4891-8668-B5EE519D4575}
[2011.11.28 12:06:23 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3FC2D951-AD94-49C1-87F3-6F183F38C1D1}
[2011.11.28 12:06:02 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{9F121627-F028-4593-A91B-D2B582616B4E}
[2011.11.28 00:05:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{A82A9321-AB02-4633-85FB-6AFEC96C0A1F}
[2011.11.28 00:04:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{05D885C5-39C2-4071-BC4C-34D9C985F235}
[2011.11.27 23:06:37 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{3B2832DD-C063-462B-B08A-91059C8115EE}
[2011.11.27 10:02:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{2F3C11DA-A800-421F-B788-200D352AA354}
[2011.11.27 10:02:33 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{6206C6DE-F5D9-4330-9371-98052D88A512}
[2011.11.27 10:02:22 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{650C1E02-7A27-4702-8D68-1E73BE44673A}
[2011.11.27 10:02:11 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{401740B1-B4D1-4089-83F8-82DA06FF7FFE}
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.26 16:11:01 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.26 16:01:49 | 000,000,512 | ---- | M] () -- C:\Users\UserXY\Desktop\MBR.dat
[2011.12.26 15:20:14 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 15:20:14 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 15:11:46 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.26 15:11:21 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011.12.26 15:11:19 | 639,425,588 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011.12.26 15:11:12 | 3168,190,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.26 13:44:19 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011.12.26 13:44:19 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011.12.26 13:44:19 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011.12.26 13:44:19 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011.12.26 13:44:19 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011.12.26 13:41:54 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\UserXY\Desktop\aswMBR.exe
[2011.12.26 13:23:54 | 000,000,909 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011.12.26 09:00:44 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.25 20:15:31 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.25 13:29:22 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.24 11:18:43 | 000,112,028 | ---- | M] () -- C:\Users\UserXY\cc_20111224_111832.reg
[2011.12.21 22:50:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\UserXY\Desktop\OTL.exe
[2011.12.21 22:47:53 | 000,001,056 | ---- | M] () -- C:\Users\UserXY\Desktop\Clean Virus MSN.lnk
[2011.12.17 11:13:35 | 000,453,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011.12.07 06:38:57 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011.12.01 06:46:02 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011.11.28 19:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011.11.28 16:04:22 | 000,012,956 | ---- | M] () -- C:\Users\UserXY\Bilder\Documents\X.odt
 
========== Files Created - No Company Name ==========
 
[2011.12.26 16:01:49 | 000,000,512 | ---- | C] () -- C:\Users\UserXY\Desktop\MBR.dat
[2011.12.26 14:29:28 | 639,425,588 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011.12.26 08:59:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.12.26 08:59:44 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.12.25 20:15:31 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.25 13:29:22 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.24 11:18:38 | 000,112,028 | ---- | C] () -- C:\Users\UserXY\cc_20111224_111832.reg
[2011.12.21 22:47:53 | 000,001,056 | ---- | C] () -- C:\Users\UserXY\Desktop\Clean Virus MSN.lnk
[2011.12.07 06:38:57 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011.12.02 20:15:27 | 000,012,800 | ---- | C] () -- C:\Users\UserXY\Bilder\Documents\X.odt
[2011.11.28 16:03:33 | 000,012,956 | ---- | C] () -- C:\Users\UserXY\Bilder\Documents\X.odt
[2011.10.06 19:30:32 | 000,004,608 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.02 19:42:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.01 08:06:48 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.05.21 16:46:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.21 09:33:59 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011.05.10 13:09:25 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011.05.10 12:54:12 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.05.10 12:54:12 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.05.10 12:54:05 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.05.10 12:36:01 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010.08.09 09:28:09 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010.07.06 02:54:55 | 000,001,341 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2009.07.14 06:38:36 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2008.06.23 12:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 16:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011.05.21 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\ArcSyncConfig
[2011.12.23 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Azureus
[2011.12.23 20:54:07 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\DAEMON Tools Lite
[2011.10.05 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\DVDVideoSoft
[2011.10.05 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.18 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\ICQ
[2011.05.20 22:18:26 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Lenovo
[2011.05.22 08:22:59 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\OpenOffice.org
[2011.09.09 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\PC Suite
[2011.09.09 20:58:06 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Samsung
[2011.08.12 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\SoftGrid Client
[2011.07.01 08:07:51 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\TP
[2011.10.24 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Ubisoft
[2011.05.21 15:51:39 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Verbindungsassistent
[2011.10.04 15:08:49 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Vodafone
[2011.05.24 11:33:01 | 000,000,000 | ---D | M] -- C:\Users\UserXY\AppData\Roaming\Windows Live Writer
[2011.11.14 05:59:01 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
komischerweise wurde keine Extra.txt ausgeworfen

Alt 26.12.2011, 15:34   #14
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



aswMBR.txt

Code:
ATTFilter
aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-26 15:13:18
-----------------------------
15:13:18.158    OS Version: Windows x64 6.1.7601 Service Pack 1
15:13:18.158    Number of processors: 8 586 0x1E05
15:13:18.158    ComputerName: Userxy-PC  UserName: Userxy
15:13:22.978    Initialize success
15:14:03.086    AVAST engine defs: 11122501
15:14:07.454    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:14:07.454    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:14:07.516    Disk 0 MBR read successfully
15:14:07.516    Disk 0 MBR scan
15:14:07.579    Disk 0 Windows 7 default MBR code
15:14:07.594    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048
15:14:07.719    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       430420 MB offset 411648
15:14:07.766    Disk 0 Partition - 00     0F Extended LBA             31210 MB offset 881911808
15:14:09.544    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 945829888
15:14:11.291    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        31209 MB offset 881913856
15:14:11.557    Service scanning
15:14:16.549    Modules scanning
15:14:16.549    Disk 0 trace - called modules:
15:14:16.954    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
15:14:16.954    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e25790]
15:14:16.970    3 CLASSPNP.SYS[fffff88001b6543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b97050]
15:14:20.776    AVAST engine scan C:\windows
15:14:35.456    AVAST engine scan C:\windows\system32
15:20:14.613    AVAST engine scan C:\windows\system32\drivers
15:20:38.793    AVAST engine scan C:\Users\Userxy
15:45:35.801    AVAST engine scan C:\ProgramData
15:47:20.272    Scan finished successfully
16:01:49.867    Disk 0 MBR has been saved successfully to "C:\Users\Userxy\Desktop\MBR.dat"
16:01:49.878    The log file has been saved successfully to "C:\Users\Userxy\Desktop\aswMBR.txt"
         

Alt 26.12.2011, 18:39   #15
Ch4uv1e
 
Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Standard

Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy



Wie es aussieht hat es super funktioniert! Es werden soweit ich es beurteilen kann keine Spams mehr von meinem Account versendent.

Muss ich nun vorsorglich noch etwas beachten?

Besten Gruß und vielen Dank bis dahin!

Antwort

Themen zu Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy
adresse, adressen, andere, auszuwerten, entferne, entfernen, forum, gegenmaßnahmen, leiste, live, mail, mailprogramm, maßnahme, problem, schwierigkeiten, schädling, spam, spam mails, stehe, tipps, verschickt, verursacht, windows, windows live, windows live mail, zusammen



Ähnliche Themen: Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy


  1. vor 1 Woche Trojaner mit "UPS-Mail" eingefangen, nun wieder Spam-Mails über meine Accounts...
    Log-Analyse und Auswertung - 23.03.2015 (11)
  2. Yahoo-Mail Account verschickt Spam, hinterlässt keine Spuren im Verschickt-Ordner Win8
    Plagegeister aller Art und deren Bekämpfung - 16.07.2014 (11)
  3. Eigener E-Mail Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (7)
  4. Über meine Mail-Adresse wurden massiv Spammails verschickt - Malware unwahrscheinlich - was tun?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  5. Über meine Mail-Adreße wird Spam versendet
    Plagegeister aller Art und deren Bekämpfung - 15.01.2014 (11)
  6. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  7. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  8. Windows Live Mail - Spam versand ?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (7)
  9. E-Mail Account verschickt (SPAM) Mails
    Log-Analyse und Auswertung - 26.06.2012 (36)
  10. eigenartike e-mail von meine konto verschickt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (7)
  11. Meine Gmx-Mail Adresser verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  12. Spam mails in meinem namen. Windows Live mail
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (2)
  13. Über meine Email werden Spam verschickt
    Log-Analyse und Auswertung - 16.12.2011 (1)
  14. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  15. Windows Mail verschickt Spam-Mails über meinen Account
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (26)
  16. Mail-Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 09.12.2010 (30)
  17. Spam-Mails über meine Mail-Adresse auf meine Kontakte geschickt!
    Log-Analyse und Auswertung - 28.11.2010 (1)

Zum Thema Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy - Moin zusammen, ich habe mir schon oft Tipps aus diesem Forum rausgesucht aber nun stehe ich auf dem Schlauch... Ich habe das Problem, das mein Mailprogramm "Windows Live Mail" Spam - Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy...
Archiv
Du betrachtest: Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.