Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: spielaccount gehackt...trojaner im system?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.12.2009, 17:37   #1
Ratamatabu
 
spielaccount gehackt...trojaner im system? - Standard

spielaccount gehackt...trojaner im system?



wie bereits der titel erwähnt, mir wurde mein acc bei aion "geklaut" nun habe ich im forum dort einen netten herren kennen gelernt der mich auf diese seite verwiesen hat... ich hoffe ihr könnt mir helfen denn mit diesem ganzen schnick schnack und buchstaben bla blubb kann ich überhaupt nix anfangen

jetzt tauchte halt die frage auf bzgl. keylogern... naja, auch wieder etwas wovon ich keine ahnung habe. ich habe auf KEINEN dubiosen link geklickt der mir per mail zugekommen ist oder igm und auch habe ich ein recht "sicheres" passwort was 14 stellig ist/war mit buchstaben- und zahlenkombination. zb.: Dr5Th74Fvc8xs

danke schon mal im voraus.

und ich hoffe ich hab nix vergessen zu zensieren..

hier der log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:56, on 16.12.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
c:\program files (x86)\winamp toolbar\WinampTbServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\***\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\***\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PowerGramo] "C:\Program Files (x86)\Monsters\PowerGramo\PowerGramo.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8575 bytes

Alt 17.12.2009, 11:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
spielaccount gehackt...trojaner im system? - Standard

spielaccount gehackt...trojaner im system?



Hallo und

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Bitte Malwarebytes ausführen, danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 17.12.2009, 12:34   #3
Ratamatabu
 
spielaccount gehackt...trojaner im system? - Standard

spielaccount gehackt...trojaner im system?



danke für deine antwort und hilfe

ich hoffe, ich hab wieder nix vergessen zu zensieren..

log 1: OTL logfile created on: 17.12.2009 13:23:29 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\poi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,98 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,52% Memory free
4,00 Gb Paging File | 2,29 Gb Available in Paging File | 57,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 314,00 Gb Total Space | 146,53 Gb Free Space | 46,66% Space Free | Partition Type: NTFS
Drive D: | 5,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 151,76 Gb Total Space | 92,90 Gb Free Space | 61,22% Space Free | Partition Type: NTFS

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.17 13:00:16 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\poi\Desktop\OTL.exe
PRC - [2009.11.28 17:46:37 | 00,038,184 | ---- | M] (NCSoft) -- C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe
PRC - [2009.08.05 11:35:27 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.18 04:12:12 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe
PRC - [2009.06.10 05:33:00 | 00,232,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe
PRC - [2009.06.02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
PRC - [2009.06.02 10:56:00 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
PRC - [2009.05.26 23:31:29 | 00,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.05.06 15:22:24 | 00,140,584 | ---- | M] (AOL LLC.) -- c:\program files (x86)\winamp toolbar\WinampTbServer.exe
PRC - [2009.04.23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2009.03.02 12:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.03.12 09:50:00 | 00,181,544 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe
PRC - [2008.01.21 03:50:38 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe


========== Modules (SafeList) ==========

MOD - [2009.12.17 13:00:16 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2008.11.27 05:35:06 | 01,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008.08.28 04:40:11 | 00,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2008.01.21 03:51:41 | 02,537,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2008.01.21 03:50:46 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontext.dll
MOD - [2008.01.21 03:50:03 | 00,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008.01.21 03:48:06 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006.11.02 16:02:33 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.08.25 16:33:28 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.08.05 11:35:27 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 05:33:00 | 00,232,960 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.03 16:45:17 | 02,862,428 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.07.27 19:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.03.12 09:50:00 | 00,181,544 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer3\TeamViewer_Host.exe -- (TeamViewer)
SRV - [2006.11.02 14:34:14 | 00,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 00,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 00,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009.12.07 16:14:04 | 00,074,880 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.08.25 16:16:18 | 00,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.06.27 13:14:40 | 00,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.06.27 13:14:39 | 00,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.23 00:08:37 | 00,036,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009.03.27 13:25:10 | 00,027,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.02.17 18:11:25 | 00,031,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.07.03 09:55:42 | 00,315,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2008.07.03 09:53:44 | 00,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2008.01.25 10:12:34 | 00,035,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2008.01.21 03:50:35 | 00,009,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\umpass.sys -- (UMPass)
DRV:64bit: - [2008.01.21 03:47:28 | 00,048,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008.01.21 03:47:28 | 00,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:57 | 00,058,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008.01.21 03:46:53 | 00,061,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2006.11.02 06:28:10 | 00,273,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2009.05.25 13:01:38 | 00,089,256 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\ElbyCDIO.dll -- (ElbyCDIO)
DRV - [2006.09.18 22:36:40 | 00,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 22:35:23 | 00,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2004.12.30 22:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.11.03 20:19:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.11.07 03:04:24 | 00,000,000 | ---D | M]

[2009.07.03 15:53:00 | 00,000,000 | ---D | M] -- C:\Users\poi\AppData\Roaming\mozilla\Extensions
[2009.12.15 22:00:30 | 00,000,000 | ---D | M] -- C:\Users\poi\AppData\Roaming\mozilla\Firefox\Profiles\s58rwjhn.default\extensions
[2009.10.09 03:58:23 | 00,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\poi\AppData\Roaming\mozilla\Firefox\Profiles\s58rwjhn.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.08.25 16:19:57 | 00,002,399 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\daemon-search.xml
[2009.12.15 22:00:30 | 00,000,961 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\icqplugin-1.xml
[2008.03.31 08:52:00 | 00,000,168 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\icqplugin.gif
[2008.03.31 08:52:00 | 00,000,618 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\icqplugin.src
[2009.10.07 08:47:17 | 00,000,955 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\icqplugin.xml
[2009.10.09 03:58:28 | 00,001,201 | ---- | M] () -- C:\Users\poi\AppData\Roaming\Mozilla\FireFox\Profiles\s58rwjhn.default\searchplugins\winamp-search.xml
[2009.11.07 03:04:31 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.08.26 02:30:44 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.07 14:17:37 | 00,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.08.07 14:17:37 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.08.07 14:17:37 | 00,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.09.25 16:22:21 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.08.07 14:17:37 | 00,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCsoft\Launcher\NCLauncher.exe (NCSoft)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [PowerGramo] C:\Program Files (x86)\Monsters\PowerGramo\PowerGramo.exe (Freebird)
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\poi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.04 15:46:30 | 00,000,091 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{528197a3-6238-11de-ba34-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{528197a3-6238-11de-ba34-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AionLauncher.exe -- [2009.08.04 04:42:04 | 00,111,912 | R--- | M] ()
O33 - MountPoints2\{8f9b7e70-918a-11de-a29d-001cc0928b22}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9b7e70-918a-11de-a29d-001cc0928b22}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009.12.17 13:03:25 | 00,000,000 | ---D | C] -- C:\Users\poi\AppData\Roaming\Malwarebytes
[2009.12.17 13:03:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.17 13:03:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.12.17 13:03:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.17 13:02:13 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.12.17 13:00:12 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\poi\Desktop\OTL.exe
[2009.12.16 16:46:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009.12.15 11:23:04 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2009.12.15 11:23:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2009.12.14 01:23:19 | 00,000,000 | ---D | C] -- C:\Users\poi\Documents\My Aion
[2009.12.09 13:20:12 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009.12.09 13:20:11 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009.12.09 13:20:10 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2009.12.09 13:20:09 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2009.12.09 13:20:09 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009.12.09 13:20:09 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2009.12.09 13:20:09 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009.12.09 13:20:09 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2009.12.09 13:20:09 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2009.12.09 13:20:09 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009.12.09 13:20:09 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009.12.09 13:15:39 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2009.12.09 13:15:39 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009.11.28 17:46:26 | 00,000,000 | ---D | C] -- C:\Users\poi\AppData\Local\assembly
[2009.11.28 17:25:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft
[2009.11.28 17:24:23 | 00,000,000 | -HSD | C] -- C:\Users\poi\AppData\Roaming\.#
[2009.11.25 12:31:14 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2009.11.24 22:11:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ArtMoney
[2009.11.21 03:11:18 | 00,000,000 | ---D | C] -- C:\Users\poi\AppData\Roaming\mIRC
[2009.11.21 03:11:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.12.17 13:23:58 | 02,097,152 | -HS- | M] () -- C:\Users\poi\NTUSER.DAT
[2009.12.17 13:03:21 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.17 13:00:16 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\poi\Desktop\OTL.exe
[2009.12.17 12:51:00 | 01,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.12.17 12:51:00 | 00,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.12.17 12:51:00 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.12.17 12:51:00 | 00,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.12.17 12:51:00 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.12.17 12:46:51 | 00,031,681 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.17 12:46:50 | 00,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.17 12:46:44 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.17 12:46:44 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.17 12:46:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.17 12:46:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.17 12:46:36 | 21,268,31616 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.17 05:32:10 | 00,524,288 | -HS- | M] () -- C:\Users\poi\NTUSER.DAT{c3f00552-cd9d-11de-8ba9-001cc0928b22}.TMContainer00000000000000000001.regtrans-ms
[2009.12.17 05:32:10 | 00,065,536 | -HS- | M] () -- C:\Users\poi\NTUSER.DAT{c3f00552-cd9d-11de-8ba9-001cc0928b22}.TM.blf
[2009.12.17 05:32:00 | 03,501,132 | -H-- | M] () -- C:\Users\poi\AppData\Local\IconCache.db
[2009.12.16 17:03:11 | 00,595,567 | ---- | M] () -- C:\Users\poi\Desktop\hij2.jpg
[2009.12.16 17:00:26 | 00,868,617 | ---- | M] () -- C:\Users\poi\Desktop\hij1.jpg
[2009.12.16 16:58:46 | 00,001,928 | ---- | M] () -- C:\Users\poi\Desktop\HijackThis.lnk
[2009.12.16 02:28:28 | 00,000,020 | ---- | M] () -- C:\Users\poi\Documents\aionmemo_aaa76cda.dat
[2009.12.15 20:28:13 | 00,378,302 | ---- | M] () -- C:\Users\poi\Desktop\mari.jpg
[2009.12.13 20:22:27 | 00,024,576 | ---- | M] () -- C:\Users\poi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.07 16:14:04 | 00,074,880 | ---- | M] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.03 16:13:58 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.11.28 17:45:48 | 00,001,895 | ---- | M] () -- C:\Users\Public\Desktop\Aion.lnk
[2009.11.28 17:26:02 | 00,001,863 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2009.11.24 22:11:19 | 00,000,846 | ---- | M] () -- C:\Users\Public\Desktop\ArtMoney SE v7.31.lnk
[2009.11.21 03:11:18 | 00,000,790 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2009.11.19 12:58:52 | 11,821,24466 | ---- | M] () -- C:\Users\poi\Documents\clip0030.avi
[2009.11.18 23:44:34 | 23,481,82750 | ---- | M] () -- C:\Users\poi\Documents\clip0023.avi
[2009.11.18 23:34:08 | 12,076,23594 | ---- | M] () -- C:\Users\poi\Documents\clip0024.avi
[2009.11.18 23:05:48 | 16,950,09324 | ---- | M] () -- C:\Users\poi\Documents\clip0027.avi
[2009.11.18 22:52:04 | 11,784,70466 | ---- | M] () -- C:\Users\poi\Documents\clip0029.avi
[2009.11.18 16:49:10 | 25,501,132 | ---- | M] () -- C:\Users\poi\Documents\clip0028.avi
[2009.11.18 15:45:45 | 09,949,538 | ---- | M] () -- C:\Users\poi\Documents\clip0026.avi
[2009.11.18 15:45:03 | 61,438,9460 | ---- | M] () -- C:\Users\poi\Documents\clip0025.avi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.17 13:03:21 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.17 13:03:17 | 00,022,104 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.16 17:03:10 | 00,595,567 | ---- | C] () -- C:\Users\poi\Desktop\hij2.jpg
[2009.12.16 17:00:25 | 00,868,617 | ---- | C] () -- C:\Users\poi\Desktop\hij1.jpg
[2009.12.16 16:46:26 | 00,001,928 | ---- | C] () -- C:\Users\poi\Desktop\HijackThis.lnk
[2009.12.15 20:28:12 | 00,378,302 | ---- | C] () -- C:\Users\poi\Desktop\mari.jpg
[2009.12.15 11:23:04 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\nshhttp.dll
[2009.12.15 11:23:01 | 00,610,304 | ---- | C] () -- C:\Windows\SysNative\drivers\http.sys
[2009.12.15 11:23:00 | 00,033,792 | ---- | C] () -- C:\Windows\SysNative\httpapi.dll
[2009.12.09 13:20:31 | 00,442,368 | ---- | C] () -- C:\Windows\SysNative\winhttp.dll
[2009.12.09 13:20:14 | 05,686,272 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2009.12.09 13:20:12 | 07,005,696 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2009.12.09 13:20:12 | 01,426,432 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2009.12.09 13:20:12 | 01,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2009.12.09 13:20:12 | 00,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2009.12.09 13:20:10 | 00,580,608 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2009.12.09 13:20:10 | 00,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2009.12.09 13:20:10 | 00,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll
[2009.12.09 13:20:10 | 00,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2009.12.09 13:20:09 | 01,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2009.12.09 13:20:09 | 00,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec
[2009.12.09 13:20:09 | 00,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll
[2009.12.09 13:20:09 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll
[2009.12.09 13:20:09 | 00,032,768 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2009.12.09 13:20:09 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2009.12.09 13:20:08 | 01,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2009.12.09 13:15:39 | 00,295,936 | ---- | C] () -- C:\Windows\SysNative\raschap.dll
[2009.12.09 13:15:39 | 00,280,576 | ---- | C] () -- C:\Windows\SysNative\rastls.dll
[2009.12.01 11:02:43 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009.11.28 20:18:26 | 00,000,020 | ---- | C] () -- C:\Users\poi\Documents\aionmemo_aaa76cda.dat
[2009.11.28 17:45:48 | 00,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Aion.lnk
[2009.11.28 17:26:02 | 00,001,863 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2009.11.25 12:31:36 | 01,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2009.11.25 12:31:35 | 01,794,560 | ---- | C] () -- C:\Windows\SysNative\msxml6.dll
[2009.11.25 12:31:14 | 00,880,640 | ---- | C] () -- C:\Windows\SysNative\timedate.cpl
[2009.11.24 22:11:19 | 00,000,846 | ---- | C] () -- C:\Users\Public\Desktop\ArtMoney SE v7.31.lnk
[2009.11.21 03:11:18 | 00,000,790 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2009.11.19 00:33:26 | 11,821,24466 | ---- | C] () -- C:\Users\poi\Documents\clip0030.avi
[2009.11.18 16:49:22 | 11,784,70466 | ---- | C] () -- C:\Users\poi\Documents\clip0029.avi
[2009.11.18 16:48:35 | 25,501,132 | ---- | C] () -- C:\Users\poi\Documents\clip0028.avi
[2009.11.18 15:45:50 | 16,950,09324 | ---- | C] () -- C:\Users\poi\Documents\clip0027.avi
[2009.11.18 15:45:40 | 09,949,538 | ---- | C] () -- C:\Users\poi\Documents\clip0026.avi
[2009.11.18 15:39:25 | 61,438,9460 | ---- | C] () -- C:\Users\poi\Documents\clip0025.avi
[2009.11.18 15:26:41 | 12,076,23594 | ---- | C] () -- C:\Users\poi\Documents\clip0024.avi
[2009.11.18 11:04:16 | 23,481,82750 | ---- | C] () -- C:\Users\poi\Documents\clip0023.avi
[2009.08.10 22:12:14 | 00,417,628 | ---- | C] () -- C:\Users\poi\AppData\Local\dd_vcredistMSI6DAF.txt
[2009.08.10 22:12:14 | 00,011,468 | ---- | C] () -- C:\Users\poi\AppData\Local\dd_vcredistUI6DAF.txt
[2009.06.30 18:56:54 | 00,024,576 | ---- | C] () -- C:\Users\poi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.27 10:14:28 | 00,426,364 | ---- | C] () -- C:\Users\poi\AppData\Local\dd_vcredistMSI5A79.txt
[2009.06.27 10:14:28 | 00,011,470 | ---- | C] () -- C:\Users\poi\AppData\Local\dd_vcredistUI5A79.txt
[2009.06.26 16:06:00 | 00,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.26 16:05:48 | 00,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.26 13:45:33 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.26 12:05:07 | 00,000,732 | ---- | C] () -- C:\Users\poi\AppData\Local\d3d9caps64.dat
[2009.06.10 05:31:04 | 00,089,088 | ---- | C] () -- C:\Windows\SysWow64\nvimage.dll
[2008.01.21 03:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\thoro gibts zu.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\fdsdfsdf.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\epic.wav:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0030.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0027.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0024.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0023.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0022.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0021.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0019.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0017.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0016.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0015.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\poi\Documents\clip0008.avi:TOC.WMV
< End of report >



++++++++++++++++++++++++++++++++++++++++++++++++++++++++

log 2:

OTL Extras logfile created on: 17.12.2009 13:23:29 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\poi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,98 Gb Total Physical Memory | 0,49 Gb Available Physical Memory | 24,52% Memory free
4,00 Gb Paging File | 2,29 Gb Available in Paging File | 57,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 314,00 Gb Total Space | 146,53 Gb Free Space | 46,66% Space Free | Partition Type: NTFS
Drive D: | 5,25 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 151,76 Gb Total Space | 92,90 Gb Free Space | 61,22% Space Free | Partition Type: NTFS

Computer Name: LUCY
Current User Name: poi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024925BE-CC0E-4ADE-8D67-28D0530E6EE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04CD799A-E694-4B28-B5DD-A9DAB895029C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B304EA9-6A51-4800-8056-97C2714ADDA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16668F7F-8FFF-45AF-B017-035C1C9004CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1CC391E7-AD99-4ECF-8A5B-8E36DEF5D9EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1EBCCA78-72D5-4A63-9982-C4AE75E478F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{1EBF3704-AA99-4C3F-B44F-EAA993A8C900}" = lport=139 | protocol=6 | dir=in | app=system |
"{219778CB-755A-4389-BDF0-757B90CB8CCC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{21A0AC08-E140-4252-AFE5-11CEAC0049C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27033DCC-7484-4BCD-8B1E-790FA8210C65}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2780C933-A194-4B57-8704-4E2DFB15BBB3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27EDE78C-190E-4CB3-A063-69B234CFB13D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{306D0C7C-E410-4A81-A22C-015B9A68A239}" = rport=445 | protocol=6 | dir=out | app=system |
"{404D84D3-41F5-4871-B556-686D4F347EF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{47726520-2F1D-4D2E-AC1C-F7D3A10A8313}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52B1A8D9-C9CC-4CB7-B5B0-15720E2B364E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5EB05351-1D82-4624-A976-2AB85E2348E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60392F78-B6F0-4F4E-A2BC-794C2868AC57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6C1F31BE-3EB2-4938-9249-C200B45E56C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C2E6E65-EC8C-4E74-B1FE-3EBF1AF8B74F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D548D09-BE30-4670-8F32-4333D9FD5D2D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76C4B737-7CEC-40CE-9A65-C226081C66C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{788DD064-90AA-4AE0-A56D-5948239BDFE3}" = lport=445 | protocol=6 | dir=in | app=system |
"{832D22EC-FD88-41F5-B62E-056857058A29}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AA30B1C9-F639-498F-9355-F62ADDCE0389}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABD01C33-2185-4E39-8B6A-385D18B2D6DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC277770-D421-408B-B4AE-EC54F6070CDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBFE38F6-2F96-47E5-9F26-2150E0FF5130}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BC59D572-3C59-4AAD-903F-E00D40218DA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C32A3CDA-3541-4CF1-8A00-3C3BEF3B4413}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6ABB10C-4EB6-40CC-BB4D-617693E5620B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EB046107-F5D7-43C1-80AE-C16854D46B42}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF0BC682-F8AF-4332-A36D-BD7324C28B6D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F2028ECC-C13D-425F-A194-5BA7E8620590}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3B7F8EB-42BE-4D3E-8632-DDA0ADB98768}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F5699578-2486-4076-A6C3-42A63A967049}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6762B4E-1C40-4A8E-91ED-1756E6FA0879}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F82A825E-D05A-470E-9DDB-F69AA908E4FA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8B3D5DB-3F5B-4D12-B055-202E8CCAA47F}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F8E53931-DC9E-4B1F-9479-87163CD39F47}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9BCFEF5-4E29-4696-B9CE-5588C8ACC812}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{FBCBEE31-42FD-46DF-90B5-25D48D731511}" = rport=139 | protocol=6 | dir=out | app=system |
"{FCA2E6DA-EC11-41D3-A9D8-1F178B597528}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B72850-7D89-4138-8B0D-467C5B631482}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{14A45757-794A-4426-86F6-4DA025835DC7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{188802F0-924B-46E8-BDB8-77FC43BF755E}" = protocol=6 | dir=out | app=system |
"{18A70D75-C29A-4814-A4E8-A46C18803697}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ABD0A3B-B4CB-4B4C-9E0F-B756524A9F59}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1CE585A5-FCC4-4447-A67D-42BF7042D7A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25F1873E-2536-4FE7-8D1E-508CED39231B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{27F6FF09-BF3C-4961-8D15-19567BD40C72}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2813E4AE-C6D9-44EA-ADAD-4C0D4A5E561B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3BBDAE79-631F-4728-BBE8-6E7EEEFBD328}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4F5F897E-D484-4AAD-94FD-8D5461AE876B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50989740-7CD0-464A-A46A-04D7BA8BCF08}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{52628388-74C8-45EB-9E62-B6DBE25F8F78}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{5E1EB0CC-A43C-4C67-ABC4-5D2DC60987E4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{604FC583-F683-4F5A-9204-85D9FA3705DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{68A362A5-1B2F-422B-8700-97D5B5AA9005}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84B1362E-31AF-45B9-8A65-3F6392AEB89B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{853E0410-A434-4D74-9718-228065BF89F6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{8694CA95-54D7-4909-B2BA-0418C18F5121}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{94CC3051-31C4-48C1-A0EF-4CB7F1B69CB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9555661D-4E22-43E1-9316-5333F3ACB544}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3B8AC3F-551D-4A24-837D-4EF8EC32E705}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A8D1DE1C-D9F4-420A-BAE5-B7C33F1C4ED2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A97912AB-F900-4E93-AF7B-36FDFB62BAFE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AD5889F8-B9B8-4EAD-8AA6-2F813B129CF3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{BB4ADAA6-F6E5-474C-A9C4-C6FD1979B284}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEE4BF86-6287-4221-A2AD-47C0589ECB48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C72328AD-1839-4CC7-8657-E76FEE78AE46}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DE78594C-FB3F-46B5-B2A6-62D14C72CDB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E2E3A9F0-7A5A-4B8F-B6B2-96EFA9A94263}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EEA09FF3-DFE0-4473-B876-E9008D8C7CB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEBFA727-04E8-4341-B4BD-90383155B14A}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{EF9BE659-6BDC-4D48-AF61-C809E78DB803}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F02CFC39-7811-42C4-A1F5-13A1593917C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F2BECDB7-F855-4F7D-9599-9DFD529993C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FB9FF8F6-ED57-43E4-ABC4-A4793F52F9CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD396BA6-0191-40E4-8E05-9AD24E0DA806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{07CCA743-7FFA-4037-BF7E-9814AF5E77D9}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{1CB6E219-2D8E-4A2B-B49B-B465E48DFFA7}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{2E59BC33-28B0-4AA2-8C3C-29BAFBA3891C}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{5D9C03EF-020B-421A-B728-AC87CF1A1E74}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E756D29B-63A3-4595-B576-495056B8D94D}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{136B7C74-9217-48C8-8291-ED3123942EA6}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{536FE2FE-8BC5-47C1-BCF3-C6B2D481E190}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{90BA5777-C7AC-46F8-ADE9-DD8864C2C410}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{96CE8A2F-4722-4F02-8718-4973D21BCD9A}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{C6DBEB1D-186F-4ED7-9059-40953FF31558}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"HECI" = Intel(R) Management Engine Interface
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D50DC5-48FB-48E9-9F02-43296E477450}" = Intel(R) Platform Administration Technology
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{FD9C1975-01D1-49D2-B854-BE009B996ACB}" = Aion
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ArtMoney SE_is1" = ArtMoney SE v7.31
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Powergramo" = PowerGramo Enterprise
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 3" = TeamViewer 3
"VirtualCloneDrive" = VirtualCloneDrive
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.12.2009 21:01:49 | Computer Name = Lucy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18319, Zeitstempel
0x4a966702, fehlerhaftes Modul mshtml.dll, Version 7.0.6001.18344, Zeitstempel
0x4adc7722, Ausnahmecode 0xc0000005, Fehleroffset 0x00045619, Prozess-ID 0x9ac, Anwendungsstartzeit
01ca7cedfd7a4fb5.

Error - 15.12.2009 06:20:26 | Computer Name = Lucy | Source = WinMgmt | ID = 10
Description =

Error - 15.12.2009 14:49:04 | Computer Name = Lucy | Source = WinMgmt | ID = 10
Description =

Error - 16.12.2009 06:28:28 | Computer Name = Lucy | Source = WinMgmt | ID = 10
Description =

Error - 16.12.2009 10:56:42 | Computer Name = Lucy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18349, Zeitstempel
0x4ae6d1b5, fehlerhaftes Modul msidcrl40.dll, Version 5.0.818.5, Zeitstempel 0x49790438,
Ausnahmecode 0x40000015, Fehleroffset 0x000cbe90, Prozess-ID 0x1048, Anwendungsstartzeit
01ca7e3b879d3dbf.

Error - 16.12.2009 11:40:01 | Computer Name = Lucy | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18349 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1b3c Anfangszeit: 01ca7e6023682a6f Zeitpunkt
der Beendigung: 42

Error - 16.12.2009 17:20:24 | Computer Name = Lucy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18349, Zeitstempel
0x4ae6d1b5, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
Ausnahmecode 0xc0000005, Fehleroffset 0x00091903, Prozess-ID 0x1aec, Anwendungsstartzeit
01ca7e8d31a9a2cf.

Error - 16.12.2009 20:44:51 | Computer Name = Lucy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18349, Zeitstempel
0x4ae6d1b5, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
Ausnahmecode 0xc0000005, Fehleroffset 0x000e0638, Prozess-ID 0x1e64, Anwendungsstartzeit
01ca7e95b5bd9c8f.

Error - 17.12.2009 00:27:02 | Computer Name = Lucy | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18349, Zeitstempel
0x4ae6d1b5, fehlerhaftes Modul mshtml.dll, Version 7.0.6001.18349, Zeitstempel
0x4ae6f33f, Ausnahmecode 0xc0000005, Fehleroffset 0x00095135, Prozess-ID 0x29ec,
Anwendungsstartzeit 01ca7eb2294e81cf.

Error - 17.12.2009 07:48:19 | Computer Name = Lucy | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 06.10.2009 10:50:39 | Computer Name = Lucy | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 20.10.2009 10:56:12 | Computer Name = Lucy | Source = Service Control Manager | ID = 7000
Description =

Error - 20.10.2009 10:56:11 | Computer Name = Lucy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.s nicht geladen. Wenden Sie sich
an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 20.10.2009 17:51:19 | Computer Name = Lucy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.s nicht geladen. Wenden Sie sich
an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 20.10.2009 17:51:21 | Computer Name = Lucy | Source = Service Control Manager | ID = 7000
Description =

Error - 20.10.2009 20:10:56 | Computer Name = Lucy | Source = HTTP | ID = 15016
Description =

Error - 20.10.2009 20:13:01 | Computer Name = Lucy | Source = Service Control Manager | ID = 7000
Description =

Error - 20.10.2009 20:13:00 | Computer Name = Lucy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.s nicht geladen. Wenden Sie sich
an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 20.10.2009 22:25:22 | Computer Name = Lucy | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.s nicht geladen. Wenden Sie sich
an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 20.10.2009 22:25:24 | Computer Name = Lucy | Source = Service Control Manager | ID = 7000
Description =

Error - 21.10.2009 06:53:59 | Computer Name = Lucy | Source = HTTP | ID = 15016
Description =


< End of report >
__________________

Alt 17.12.2009, 13:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
spielaccount gehackt...trojaner im system? - Standard

spielaccount gehackt...trojaner im system?



Wo ist das Log von Malwarebytes?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2009, 14:34   #5
Ratamatabu
 
spielaccount gehackt...trojaner im system? - Standard

spielaccount gehackt...trojaner im system?



ups^^

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3379
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17.12.2009 15:32:48
mbam-log-2009-12-17 (15-32-48).txt

Scan-Methode: Vollständiger Scan (C:\|I:\|)
Durchsuchte Objekte: 260573
Laufzeit: 49 minute(s), 21 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Antwort

Themen zu spielaccount gehackt...trojaner im system?
adobe, antivir, antivir guard, avg, avira, bho, desktop, explorer, frage, hijack, hijackthis, icq, internet, internet explorer, jusched.exe, link geklickt, local\temp, lsass.exe, microsoft, object, photoshop, programdata, rundll, software, system, syswow64, temp, toolbars, vista, windows, wmp



Ähnliche Themen: spielaccount gehackt...trojaner im system?


  1. Rockstar Social Club wurde gehackt - Gefahr fürs übrige System?
    Überwachung, Datenschutz und Spam - 23.04.2015 (5)
  2. Mail Delivery System Mails... Mail-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (7)
  3. mail gehackt - ebay-Konto missbraucht, Scans erhärten den Verdacht - System befallen!
    Log-Analyse und Auswertung - 06.01.2014 (15)
  4. Packstation Account gehackt - System sauber?
    Plagegeister aller Art und deren Bekämpfung - 01.01.2014 (14)
  5. Mein System gehackt? Log anbei
    Log-Analyse und Auswertung - 07.05.2013 (1)
  6. WoW Account gehackt. Keylogger? In der Vergangenheit den BND Trojaner vom System beseitigt. Highjack Log anbei
    Log-Analyse und Auswertung - 28.08.2012 (11)
  7. Xbox-Live Account gehackt oder ist mein System schmutzig?
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (9)
  8. B-Net Acc gehackt....System scan...
    Log-Analyse und Auswertung - 20.02.2012 (13)
  9. Ein Online Account wurde gehackt... System sicher?
    Log-Analyse und Auswertung - 29.12.2011 (25)
  10. system komplett gehackt und infiziert
    Log-Analyse und Auswertung - 23.11.2011 (4)
  11. Mein system wurde gehackt! Brauche Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 28.06.2011 (80)
  12. Sehr merkwürdige Pishing-Mail - System gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (0)
  13. E-mail Postfach sowie der Spielaccount gehackt
    Log-Analyse und Auswertung - 19.04.2011 (6)
  14. [Gehackt]Gehackt dank nem kleinen Bruder
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (2)
  15. Keylogger auf dem System? (Wow wurde gehackt)
    Log-Analyse und Auswertung - 16.12.2009 (3)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema spielaccount gehackt...trojaner im system? - wie bereits der titel erwähnt, mir wurde mein acc bei aion "geklaut" nun habe ich im forum dort einen netten herren kennen gelernt der mich auf diese seite verwiesen hat... - spielaccount gehackt...trojaner im system?...
Archiv
Du betrachtest: spielaccount gehackt...trojaner im system? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.