Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.08.2010, 13:32   #1
Chris9028
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



Moin,
Nach Spyware SecurityTool, welche sich immer geöffnet hat habe ich nach einer Internet Anleitung Spyhunter installiert, wie kann ich beide Sachen löschen? Das System läuft sehr langsam und Pogramme öffnen nicht.


Running processes:
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
D:\Tobit Radio.fx\Client\rfx-tray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\ESGRKCHK.exe
C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\***Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - D:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RfxSrvTray] "D:\Tobit Radio.fx\Client\rfx-tray.exe"
O4 - HKCU\..\Run: [{A00A4989-1AA9-4EA0-576E-49DF8C976023}] C:\Users\Christian\AppData\Roaming\Myloy\evaqi.exe
O4 - HKCU\..\Run: [{AEDF1C09-3C20-01EE-C2E1-3F80EE4CA27D}] C:\Users\Christian\AppData\Roaming\Avcye\awupv.exe
O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
O4 - HKCU\..\Run: [Hlasoxiyaloguj] rundll32.exe "C:\Users\Christian\AppData\Local\catiml32.dll",Startup
O4 - HKCU\..\RunOnce: [1064524652] "C:\Users\Christian\AppData\Local\1064524652.exe" 9 40
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: NDAS Geräte-Manager.lnk = C:\Program Files\NDAS\System\ndasmgmt.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - D:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanag[/I]er\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\vmware\vmware player\vsocklib.dll
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NDAS Service (ndassvc) - XIMETA, Inc. - C:\Program Files\NDAS\System\ndassvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - D:\Tobit Radio.fx\Server\rfx-server.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files (x86)\TVersity\Media Server\MediaServer.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13900 bytes

Alt 27.08.2010, 13:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.08.2010, 14:25   #3
Chris9028
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.08.2010 14:19:15 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Christian\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 7,37 Gb Free Space | 15,10% Space Free | Partition Type: NTFS
Drive D: | 184,06 Gb Total Space | 156,86 Gb Free Space | 85,23% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 596,17 Gb Total Space | 5,36 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 1,84 Gb Total Space | 0,90 Gb Free Space | 48,80% Space Free | Partition Type: FAT
Drive P: | 232,87 Gb Total Space | 52,06 Gb Free Space | 22,36% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Christian\Downloads\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
PRC - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - D:\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\ESGRKCHK.exe (Enigma Software Group USA, LLC.)
PRC - C:\Program Files (x86)\Google\Update\1.2.183.27\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - D:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\ciphgini.dll ()
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\Windows\SysWOW64\msvcp71.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation)
MOD - D:\Tobit Radio.fx\Client\rfx-helper.dll (Tobit.Software)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found
SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found
SRV:64bit: - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\SysNative\TUProgSt.exe (TuneUp Software)
SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (ndassvc) -- C:\Program Files\NDAS\System\ndassvc.exe (XIMETA, Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (SpyHunter 4 Service) -- C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (Enigma Software Group USA, LLC.)
SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TVersityMediaServer) -- D:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
SRV - (nSvcIp) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (SBSDWSCService) -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ufad-ws60) -- D:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (lpx) -- C:\Windows\SysNative\drivers\lpx6x.sys (XIMETA, Inc.)
DRV:64bit: - (ndasscsi) -- C:\Windows\SysNative\drivers\ndasscsi.sys (XIMETA, Inc.)
DRV:64bit: - (ndasrofs) -- C:\Windows\SysNative\drivers\ndasrofs.sys (XIMETA, Inc.)
DRV:64bit: - (ndasfat) -- C:\Windows\SysNative\drivers\ndasfat.sys (XIMETA, Inc.)
DRV:64bit: - (ndasfs) -- C:\Windows\SysNative\drivers\ndasfs.sys (XIMETA, Inc.)
DRV:64bit: - (lfsfilt) -- C:\Windows\SysNative\drivers\lfsfilt.sys (XIMETA, Inc.)
DRV:64bit: - (ndasbus) -- C:\Windows\SysNative\drivers\ndasbus.sys (XIMETA, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (esgiguard) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (vstor2-ws60) -- D:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.29
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.14 23:57:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.04.06 22:04:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.02 21:41:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.08.07 18:43:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.08.27 02:18:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.27 02:18:09 | 000,000,000 | ---D | M]
 
[2010.08.07 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.08.26 23:32:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions
[2010.08.07 18:40:39 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.08.18 16:10:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.08.07 18:40:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.08.07 18:40:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.07 18:40:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\l1auyh6c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.07 18:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2010.08.27 12:08:20 | 000,392,792 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 13563 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - D:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [{A00A4989-1AA9-4EA0-576E-49DF8C976023}] C:\Users\Christian\AppData\Roaming\Myloy\evaqi.exe File not found
O4 - HKCU..\Run: [{AEDF1C09-3C20-01EE-C2E1-3F80EE4CA27D}] C:\Users\Christian\AppData\Roaming\Avcye\awupv.exe File not found
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe ()
O4 - HKCU..\Run: [Hlasoxiyaloguj] C:\Users\Christian\AppData\Local\catiml32.DLL (MaresWEB)
O4 - HKCU..\Run: [RfxSrvTray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [1064524652] C:\Users\Christian\AppData\Local\1064524652.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - D:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - D:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.27 12:08:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.05.10 09:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08a74059-d190-11de-951b-001a4d584fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{08a74059-d190-11de-951b-001a4d584fe1}\Shell\AutoRun\command - "" = M:\setup.exe -- File not found
O33 - MountPoints2\{11657179-9045-11df-b8d6-c6fbea79f308}\Shell - "" = AutoRun
O33 - MountPoints2\{11657179-9045-11df-b8d6-c6fbea79f308}\Shell\AutoRun\command - "" = X:\LaunchU3.exe -- File not found
O33 - MountPoints2\{99a739dd-d149-11de-8e3b-001a4d584fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{99a739dd-d149-11de-8e3b-001a4d584fe1}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\P:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autoript - (C:\Windows\system32\ciphgini.dll) - C:\Windows\SysWOW64\ciphgini.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.27 10:57:11 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2010.08.27 10:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010.08.27 10:56:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.08.27 10:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.08.19 01:54:23 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Neuer Ordner
[2010.08.18 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Axis Communications
[2010.08.18 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\AXIS Camera Management - Templates
[2010.08.18 00:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Axis Communications
[2010.08.17 03:16:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Admigro PowerTeacher DeLuxe
[2009.07.14 01:24:58 | 000,076,800 | ---- | C] (MaresWEB) -- C:\Users\Christian\AppData\Local\catiml32.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.27 14:21:30 | 008,912,896 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2010.08.27 14:10:10 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.27 13:28:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.27 12:08:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.08.27 12:02:31 | 000,000,110 | ---- | M] () -- C:\spyhunter.fix
[2010.08.27 12:02:22 | 000,002,292 | ---- | M] () -- C:\Users\Christian\Desktop\SpyHunter.lnk
[2010.08.27 12:00:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 12:00:40 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 11:53:45 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.27 11:53:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010.08.27 11:53:44 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010.08.27 11:53:44 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TM.blf
[2010.08.27 11:53:32 | 000,000,258 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2010.08.27 11:53:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.27 11:53:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.27 11:53:20 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.27 11:03:33 | 015,957,872 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db
[2010.08.27 02:20:35 | 001,101,312 | ---- | M] () -- C:\Users\Christian\AppData\Local\1064524652.exe
[2010.08.27 02:18:10 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.27 01:49:54 | 000,179,669 | ---- | M] () -- C:\Users\Christian\Desktop\5614_1_yksHvM92Dh_Bildgröße ändern.jpg
[2010.08.27 01:49:12 | 000,218,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.27 01:46:25 | 000,028,458 | ---- | M] () -- C:\Users\Christian\Desktop\_VW_Polo_GTI_14_TSI4ba0ae1bce5de.jpg
[2010.08.27 00:15:24 | 000,391,709 | ---- | M] () -- C:\Users\Christian\Desktop\5614_1_yksHvM92Dh.jpg
[2010.08.26 03:19:05 | 000,046,592 | -H-- | M] () -- C:\Windows\SysWow64\ciphgini.dll
[2010.08.25 15:25:18 | 000,048,640 | ---- | M] () -- C:\Users\Christian\Desktop\GEZ-1.doc
[2010.08.24 21:45:57 | 001,066,330 | ---- | M] () -- C:\Users\Christian\Desktop\dlstream.pdf
[2010.08.19 22:17:07 | 001,488,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.19 22:17:07 | 000,649,822 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.19 22:17:07 | 000,612,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.19 22:17:07 | 000,128,408 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.19 22:17:07 | 000,105,424 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.19 16:41:20 | 000,336,524 | ---- | M] () -- C:\Users\Christian\Desktop\DSC01357.jpg
[2010.08.18 00:54:55 | 001,396,293 | ---- | M] () -- C:\Users\Christian\Desktop\ig_210_210a_211_211a_30235_en_1007.pdf
[2010.08.18 00:54:50 | 001,391,955 | ---- | M] () -- C:\Users\Christian\Desktop\ig_210_210a_211_211a_30235_de_1007.pdf
[2010.08.17 03:19:21 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\PowerTeacher.lnk
[2010.08.11 15:51:47 | 000,069,978 | ---- | M] () -- C:\Users\Christian\Documents\Reservierungsbestätigung.pdf
[2010.08.07 18:43:00 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.08.07 18:42:57 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010.08.07 18:42:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010.08.07 18:42:47 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010.08.07 18:42:31 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.08.07 18:23:54 | 000,044,571 | ---- | M] () -- C:\Users\Christian\Documents\bookmarks-2010-08-07.json
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.27 12:08:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.08.27 12:02:22 | 000,002,292 | ---- | C] () -- C:\Users\Christian\Desktop\SpyHunter.lnk
[2010.08.27 11:53:44 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2010.08.27 11:53:44 | 000,524,288 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2010.08.27 11:53:44 | 000,065,536 | -HS- | C] () -- C:\Users\Christian\ntuser.dat{e5539f03-b1c0-11df-a731-005056c00008}.TM.blf
[2010.08.27 10:57:21 | 000,000,110 | ---- | C] () -- C:\spyhunter.fix
[2010.08.27 02:20:35 | 001,101,312 | ---- | C] () -- C:\Users\Christian\AppData\Local\1064524652.exe
[2010.08.27 01:49:54 | 000,179,669 | ---- | C] () -- C:\Users\Christian\Desktop\5614_1_yksHvM92Dh_Bildgröße ändern.jpg
[2010.08.27 01:46:52 | 000,391,709 | ---- | C] () -- C:\Users\Christian\Desktop\5614_1_yksHvM92Dh.jpg
[2010.08.27 01:46:31 | 000,028,458 | ---- | C] () -- C:\Users\Christian\Desktop\_VW_Polo_GTI_14_TSI4ba0ae1bce5de.jpg
[2010.08.26 03:19:05 | 000,046,592 | -H-- | C] () -- C:\Windows\SysWow64\ciphgini.dll
[2010.08.25 00:49:45 | 000,048,640 | ---- | C] () -- C:\Users\Christian\Desktop\GEZ-1.doc
[2010.08.24 21:45:57 | 001,066,330 | ---- | C] () -- C:\Users\Christian\Desktop\dlstream.pdf
[2010.08.19 16:41:16 | 000,336,524 | ---- | C] () -- C:\Users\Christian\Desktop\DSC01357.jpg
[2010.08.18 00:54:55 | 001,396,293 | ---- | C] () -- C:\Users\Christian\Desktop\ig_210_210a_211_211a_30235_en_1007.pdf
[2010.08.18 00:54:50 | 001,391,955 | ---- | C] () -- C:\Users\Christian\Desktop\ig_210_210a_211_211a_30235_de_1007.pdf
[2010.08.17 03:19:21 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\PowerTeacher.lnk
[2010.08.11 15:51:40 | 000,069,978 | ---- | C] () -- C:\Users\Christian\Documents\Reservierungsbestätigung.pdf
[2010.08.07 18:43:00 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.08.07 18:35:35 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.07 18:23:54 | 000,044,571 | ---- | C] () -- C:\Users\Christian\Documents\bookmarks-2010-08-07.json
[2010.05.02 21:37:51 | 000,000,834 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.04.19 17:37:30 | 000,218,112 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 21:36:14 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010.03.12 18:40:20 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.11.15 17:21:20 | 000,007,605 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg
[2009.11.15 16:13:18 | 000,000,098 | ---- | C] () -- C:\Windows\etkinst.ini
[2009.11.15 16:06:15 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2009.11.15 15:41:00 | 001,507,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.15 01:18:02 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.08.2010 14:19:15 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Christian\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 7,37 Gb Free Space | 15,10% Space Free | Partition Type: NTFS
Drive D: | 184,06 Gb Total Space | 156,86 Gb Free Space | 85,23% Space Free | Partition Type: NTFS
Drive E: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 596,17 Gb Total Space | 5,36 Gb Free Space | 0,90% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 1,84 Gb Total Space | 0,90 Gb Free Space | 48,80% Space Free | Partition Type: FAT
Drive P: | 232,87 Gb Total Space | 52,06 Gb Free Space | 22,36% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC
Current User Name: Christian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 3.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "D:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "D:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "D:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "D:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.300
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{568E7944-73F2-414E-BA4F-D3F5F9A183B2}" = Microsoft LifeCam
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{D3A65B0A-403B-4C20-A488-BFED2BC5D2EF}" = HP OfficeJet J5700
"{F03F55D3-D558-4219-8973-7A65639BD795}" = NDAS-Software 3.61.2056
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3
"Shop for HP Supplies" = Shop for HP Supplies
"Smart PDF Converter Pro_is1" = Smart PDF Converter Pro 4.2.3.275
"x64 Components_is1" = x64 Components v2.5.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075315E8-E9E1-4DB3-8CBD-0BEBA9E2BAC3}" = ProductContext
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1742DE47-1693-4E7C-8121-8E1D6AED5B25}" = J5700
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3DF12C94-8D3D-43D4-AF3C-754F51CB89CD}" = HP Install Network Printer Wizard
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70CAF6DA-C2F4-40C4-A0A4-10FB04701669}" = bpd_scan
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FB030B-05F9-4421-9D90-8FF2BBA70FE7}_is1" = AXIS Camera Management 2.00
"{8B0B72BC-3007-45E9-BBA3-7B7EF8819FA3}" = 5700_Help
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95431C66-CF9A-4913-BFFF-6050785AFB65}" = SpyHunter
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B929A084-395B-4886-8474-CC55CF76F17E}" = Mindjet MindManager 8
"{BA12FD6D-169A-11D7-A6A9-00C026281E5A}" = Twin USB Vibration Gamepad
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D405ED38-2149-471F-B876-07839A00DBDC}" = PowerTeacher DeLuxe
"{D43B1A55-6957-4E93-A674-338F78B4A202}" = BPDSoftware
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E0A1335B-3D84-413B-B92C-DF2D4BAACA0C}" = BPDSoftware_Ini
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ETKA" = ETKA
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HyperCam 2" = HyperCam 2
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"LOGO!Soft Comfort V5.0" = LOGO!Soft Comfort V5.0
"MediaMonkey_is1" = MediaMonkey 3.1
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"Steam App 100" = Condition Zero Deleted Scenes
"Steam App 240" = Counter-Strike: Source
"Steam App 80" = Condition Zero
"Tobit Radio.fx Server" = Radio.fx
"TrueCrypt" = TrueCrypt
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.7.2.1 Beta
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.08.2010 07:26:54 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.08.2010 07:27:48 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "d:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.08.2010 09:23:16 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 1.0.1.764,
 Zeitstempel: 0x4c29483f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6606c11b  ID des fehlerhaften
 Prozesses: 0x119c  Startzeit der fehlerhaften Anwendung: 0x01cb444065bf8c98  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\RecordingManager.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: eacca098-b04b-11df-84a6-005056c00008
 
Error - 25.08.2010 10:09:01 | Computer Name = Christian-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.08.2010 08:01:57 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 1.0.1.764,
 Zeitstempel: 0x4c29483f  Name des fehlerhaften Moduls: QTCF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4aa21f2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6b6ac11b
ID
 des fehlerhaften Prozesses: 0xb38  Startzeit der fehlerhaften Anwendung: 0x01cb451195944590
Pfad
 der fehlerhaften Anwendung: D:\Program Files (x86)\RecordingManager.exe  Pfad des
 fehlerhaften Moduls: QTCF.dll  Berichtskennung: b96a1760-b109-11df-8690-005056c00008
 
Error - 26.08.2010 08:04:36 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RealPlay.exe, Version: 12.0.0.879,
 Zeitstempel: 0x4c294b86  Name des fehlerhaften Moduls: QTCF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4aa21f2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6bbbc11b
ID
 des fehlerhaften Prozesses: 0x1014  Startzeit der fehlerhaften Anwendung: 0x01cb4516d265efa0
Pfad
 der fehlerhaften Anwendung: D:\Program Files (x86)\RealPlay.exe  Pfad des fehlerhaften
 Moduls: QTCF.dll  Berichtskennung: 17f9b3d0-b10a-11df-8690-005056c00008
 
Error - 26.08.2010 08:04:53 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RealPlay.exe, Version: 12.0.0.879,
 Zeitstempel: 0x4c294b86  Name des fehlerhaften Moduls: QTCF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4aa21f2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c08c11b
ID
 des fehlerhaften Prozesses: 0x116c  Startzeit der fehlerhaften Anwendung: 0x01cb4516dc7d18b0
Pfad
 der fehlerhaften Anwendung: D:\Program Files (x86)\RealPlay.exe  Pfad des fehlerhaften
 Moduls: QTCF.dll  Berichtskennung: 21f93630-b10a-11df-8690-005056c00008
 
Error - 26.08.2010 08:05:26 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RealPlay.exe, Version: 12.0.0.879,
 Zeitstempel: 0x4c294b86  Name des fehlerhaften Moduls: QTCF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4aa21f2c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c08c11b
ID
 des fehlerhaften Prozesses: 0x11e4  Startzeit der fehlerhaften Anwendung: 0x01cb4516f0020b70
Pfad
 der fehlerhaften Anwendung: D:\Program Files (x86)\RealPlay.exe  Pfad des fehlerhaften
 Moduls: QTCF.dll  Berichtskennung: 3619ccb0-b10a-11df-8690-005056c00008
 
Error - 26.08.2010 08:09:55 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 1.0.1.764,
 Zeitstempel: 0x4c29483f  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c08c11b  ID des fehlerhaften
 Prozesses: 0x770  Startzeit der fehlerhaften Anwendung: 0x01cb45173840eaf0  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\RecordingManager.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: d6196cc0-b10a-11df-8690-005056c00008
 
Error - 26.08.2010 19:06:53 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AvastSvc.exe, Version: 5.0.159.0,
 Zeitstempel: 0x4ad39e2a  Name des fehlerhaften Moduls: aswCmnOS.dll, Version: 5.0.656.0,
 Zeitstempel: 0x4c73ec73  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000089b1  ID des fehlerhaften
 Prozesses: 0x52c  Startzeit der fehlerhaften Anwendung: 0x01cb4557dadbdb40  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Alwil Software\Avast5\defs\10082601\aswCmnOS.dll
Berichtskennung:
 9cd94730-b166-11df-9d2c-005056c00008
 
[ System Events ]
Error - 26.08.2010 15:51:16 | Computer Name = Christian-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 26.08.2010 19:06:59 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.08.2010 19:06:59 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Mail Scanner" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.08.2010 19:06:59 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "avast! Web Scanner" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.08.2010 20:35:57 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.08.2010 20:43:52 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.08.2010 20:43:54 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
Error - 26.08.2010 20:45:04 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%1153
 
Error - 27.08.2010 04:44:32 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2010 um 03:28:17 unerwartet heruntergefahren.
 
Error - 27.08.2010 04:44:33 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%1153
 
 
< End of report >
         
--- --- ---
__________________

Alt 27.08.2010, 14:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



Ich wollte zuerst den Vollscan mit Malwarebytes sehen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.08.2010, 23:48   #5
Chris9028
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4488

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.08.2010 23:43:24
mbam-log-2010-08-28 (23-43-24).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|P:\|)
Objects scanned: 437888
Time elapsed: 2 hour(s), 36 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\cleansweep.exe (Trojan.Agent) -> No action taken.

Files Infected:
C:\Users\Christian\AppData\Local\1064524652.exe (Rogue.SecurityTool) -> No action taken.
C:\Users\Christian\AppData\Local\catiml32.dll (Trojan.Agent.Gen) -> No action taken.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTXX65G8\setup[1].exe (Rogue.SecurityTool) -> No action taken.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZLCFMZP\setup[1].exe (Rootkit.TDSS.Gen) -> No action taken.
C:\Users\Christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3CLQIA1\setup[2].exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\Christian\AppData\Local\Temp\sGoHmkMDhg.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4a9d5bc4-4b1a6fc3 (Trojan.PWS) -> No action taken.
C:\Users\Christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4a9d5bc4-523d316f (Trojan.Malagent) -> No action taken.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> No action taken.
C:\cleansweep.exe\trz8E4A.tmp (Trojan.Agent) -> No action taken.
C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.


Alt 29.08.2010, 16:35   #6
Chris9028
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Standard

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



*push*
Ich brauche eure Hilfe!!

Alt 29.08.2010, 21:13   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Ausrufezeichen

Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen



Hör auf zu drängeln!
Wenns zu dringend und wichtig ist, musst Du einen kostenpflichtigen VorOrt-Service bestellen aber das Board wo Du kostenlose Hilfe von mir und anderen rein freiwillig bekommst, sollte man nicht mit einer kommerziellen Geschichte verwechseln.


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
MOD - C:\Windows\SysWOW64\ciphgini.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [{A00A4989-1AA9-4EA0-576E-49DF8C976023}] C:\Users\Christian\AppData\Roaming\Myloy\evaqi.exe File not found
O4 - HKCU..\Run: [{AEDF1C09-3C20-01EE-C2E1-3F80EE4CA27D}] C:\Users\Christian\AppData\Roaming\Avcye\awupv.exe File not found
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe ()
O4 - HKCU..\Run: [Hlasoxiyaloguj] C:\Users\Christian\AppData\Local\catiml32.DLL (MaresWEB)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [1064524652] C:\Users\Christian\AppData\Local\1064524652.exe ()
O32 - AutoRun File - [2009.07.15 21:39:51 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.05.10 09:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08a74059-d190-11de-951b-001a4d584fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{08a74059-d190-11de-951b-001a4d584fe1}\Shell\AutoRun\command - "" = M:\setup.exe -- File not found
O33 - MountPoints2\{11657179-9045-11df-b8d6-c6fbea79f308}\Shell - "" = AutoRun
O33 - MountPoints2\{11657179-9045-11df-b8d6-c6fbea79f308}\Shell\AutoRun\command - "" = X:\LaunchU3.exe -- File not found
O33 - MountPoints2\{99a739dd-d149-11de-8e3b-001a4d584fe1}\Shell - "" = AutoRun
O33 - MountPoints2\{99a739dd-d149-11de-8e3b-001a4d584fe1}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

:Files
C:\cleansweep.exe
C:\Users\Christian\AppData\Roaming\Myloy
C:\Users\Christian\AppData\Roaming\Avcye

:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Geändert von cosinus (29.08.2010 um 21:19 Uhr)

Antwort

Themen zu Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen
0 bytes, adobe, antivirus, avast, avast!, bho, dll, enigma, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, langsam, löschen, löschen?, mozilla, nvidia, programdata, rundll, safer networking, scan, security, sehr langsam, senden, server, software, spyhunter 4, spyware, system, syswow64, windows



Ähnliche Themen: Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen


  1. ilivid add on eingefangen hab spyhunter 4 installiert bei windows 7 32 bit wie kann ich das deinstallieren
    Log-Analyse und Auswertung - 01.10.2015 (3)
  2. SpyHunter installiert und prompt die Quittung dafür bekommen
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (30)
  3. SpyHunter 4(absichtlich)installiert.......na und?
    Antiviren-, Firewall- und andere Schutzprogramme - 07.08.2015 (74)
  4. WIN7: PUA/Installmonetizer installiert sich nach dem Löschen immer wieder selbst
    Log-Analyse und Auswertung - 25.07.2015 (12)
  5. Spyhunter 4 installiert, Blacole erkannt
    Plagegeister aller Art und deren Bekämpfung - 27.11.2014 (25)
  6. Spyhunter 4 löschen
    Log-Analyse und Auswertung - 21.08.2014 (11)
  7. Spyhunter 4 installiert - gescannt - vorm löschen wieder deinstalliert - Resteentfernung
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (9)
  8. Spyhunter 4 installiert, benutzt aber danach gelöscht
    Log-Analyse und Auswertung - 17.01.2014 (7)
  9. Mit Spyhunter 47 Bedrohungen gefunden, Spyhunter wurde aber wieder deinstalliert.
    Log-Analyse und Auswertung - 25.10.2013 (9)
  10. Löschen von Spyhunter
    Log-Analyse und Auswertung - 09.09.2013 (17)
  11. Spyhunter installiert, wie bei Deinstallation vorgehen?
    Log-Analyse und Auswertung - 05.09.2013 (13)
  12. Iminent wurde automatisch heruntergeladen und installiert - Wie kann ich es wieder deinstallieren?
    Log-Analyse und Auswertung - 23.07.2013 (22)
  13. win7 anti-spyware 2011 - Logfiles nach Löschen mit OTH&Malwarebytes
    Log-Analyse und Auswertung - 25.04.2011 (1)
  14. Riesenproblem nach SecurityTool
    Plagegeister aller Art und deren Bekämpfung - 12.03.2010 (2)
  15. Kann nicht Spyware Adware löschen!
    Plagegeister aller Art und deren Bekämpfung - 27.07.2006 (15)
  16. Problem nach ZA-Installation/löschen von Spyware
    Log-Analyse und Auswertung - 12.04.2006 (2)
  17. Internet wech, nach Löschen von Spyware
    Antiviren-, Firewall- und andere Schutzprogramme - 25.01.2006 (7)

Zum Thema Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen - Moin, Nach Spyware SecurityTool, welche sich immer geöffnet hat habe ich nach einer Internet Anleitung Spyhunter installiert, wie kann ich beide Sachen löschen? Das System läuft sehr langsam und Pogramme - Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen...
Archiv
Du betrachtest: Nach Spyware SecurityTool wurde Spyhunter installiert, wie kann ich es löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.