| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Tool 2011 ExtremeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.12.2010, 12:18
| #1 |
 |  System Tool 2011 Extreme Hallo ich ahbe ein ziemlich großes Problem, gestern abend ging mein PC quasi in die Brüche. Ich habe mir den System Tool Virus eingefangen seit dem geht nichts mehr. Vorweg, es gab ein paar anzeichen vorher wie zum Beispiel Trojaner die gelöscht werden mussten (Antivir hat sie erkannt). Außerdem kam bei Google Bilder die Meldung: "Kann nicht ausgeführt werden, ihr PC sendet automatische Anfragen" (so weit ich weiß kann das auf ein Botnetzwerk hinweisen, habe selbst überhaupt keine ahnung habs nur gegooglet. Nunja gestern Abend surfte ich im Internet, als sich plötzlich mein Hintergrund änderte und mir System Tools alle 5 Sek. mit seiner "Sie haben 10 000 Viren Meldung" auf die nerven ging. Wenns nur das wäre hätte ich auch keine Probleme, aber es kamen noch weitere Sachen hinzu die mir das PC Leben dann doch erschwerten. 1. Ich kann nichts mehr ausführen, kein hijack oder antivir ( welches sich, wen wunderts, komplett verkrümmelt hat  ).Ich kann noch das Internet ausführen, jedoch öffnet sich Opera garnicht, Firefox stürzt jede Minute ab ohen Grund und Chrome hat auch keine Lust. Das einzigste was Problem los lief war Internet Explorer. 2. Task Manager funktioniert nicht mehr ( es kommt eine Meldung mit schwarzem bildschirm) 3. Systemwiederherstellung reagierte nicht mehr. 4. Der PC stürzte 2mal ab und es erschien ein Bluescreen mit der Meldung das ich den PC kaltstarten sollte und mir wenns niochmal passiert sorgen machen sollte (so in etwa  ). Bluescreen kam in beiden fällen, dazu muss ichs agen das der schonmal kam vor einigen Monaten, aber da wars halt das erste Mal und ich hab mir keine Gedanken gemacht. Das ganze ist im normalen Modus. Eben habe ich den PC über den abgesicherten Modus angemacht, und bis jetzt läuft alles. Antivir macht egrade einen Systemcheck. Ich kann auch System wiederherstellung amchen, sodass System Tools 2011 nicht drauf ist. Das ist wenigstens mal eine Möglichkeit IRGENDETWAS zu machen... Meine Frage, wie gehe ich am besten vor um den Virus restlos zu entfernen? Ich würde erst Antivir zuende checken lassen, dann Systemwiederherstellung und alle Virenprogramme durchlaufen lassen die finden kann. Allerdings scheint der Virus ja tief zu sitzen wenn sogar Bluescreen erscheint oder irrre ich mich? Ganz schön langer Text, helft mir bitte trotzdem  DANKE Edit: hijack file habe ich eben an diesem PC ausgewertet (externe festplatte sei dank) und er hat nichts gefunden. Edit2: kann das evtl. daran liegen, das ich es im abgesicherten modus hab laufen lassen? kenn mich nicht aus ;D ich habe jetzt im abgesicherten Modus Spybot durchlaufen lassen und CCleaner. Spybot hat 106 Fehler behoben und der Virus scheint weg zu sein, wie es im moment scheint. das heißt es funktioniert alles wieder. da der virus aber bestimmt nicht restlos weg ist, brauch ich immer noch hilfe.. welche logs soll ich posten? ich brauch meinen PC heute noch |
|
30.12.2010, 15:37
| #2 |
| /// Helfer-Team  | System Tool 2011 Extreme Hallo pir4nha und willkommen am Trojaner Board,
__________________je nach noch vorhandenem Befall kann so eine Bereinigung schon mal ein paar Tage dauern und an einem Tag wird das meist nix, das solltest du erstmal im Vorraus wissen (Wir Helfer können auch nicht nonstop online sein) Vorweg ein paar Hinweise (Bitte beachten!):
Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung: Poste zuerst einmal die schon erstellten Logs, also von Avira Antivir und das von Spybot. Das Logfile von HijackThis ist nicht nötig. Erstelle stattdessen mit dem folgenden Tool neue Logfiles und poste sie hierher: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ |
|
30.12.2010, 16:35
| #3 |
| | System Tool 2011 ExtremeCode:
ATTFilter OTL logfile created on: 30.12.2010 16:13:32 - Run 1 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\...\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS Computer Name: ...-PC | User Name: .. | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:57:30 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe ========== Modules (SafeList) ========== MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.09.06 17:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions [2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions [2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net [2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au [2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam [2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com [2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions [2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml [2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\...\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml [2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml [2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml [2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\.\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml [2010.12.29 17:51:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.15 18:57:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions [2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng46 Toolbar) - {86BF3498-8C44-4C3D-BBFB-05BD50858039} - C:\Program Files (x86)\Softonic-Eng46\tbSoft.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\.\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ctfmions - (C:\Windows\system32\mshtHost.dll) - C:\Windows\SysWow64\mshtHost.dll File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe [2010.12.30 16:07:57 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part [2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Malwarebytes [2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.30 13:33:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe [2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\backups [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\.\Desktop\spybotsd162.exe [2010.12.30 12:40:21 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe [2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe [2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000 [2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Adobe [2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\Render [2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\.\Desktop\PSDS [2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Adobe [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Opera [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Local\Opera [2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8 [2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\.\AppData\Roaming\Avira [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe [2010.12.30 16:08:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\.\Desktop\OTL.exe.part [2010.12.30 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 14:12:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.30 14:09:58 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.30 14:09:58 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.30 14:09:58 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.30 14:09:58 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.30 14:09:58 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.30 14:07:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.30 14:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.30 14:04:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 13:53:07 | 000,066,999 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-2.jpg [2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.12.30 13:33:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\.\Desktop\mbam-setup-1.50.1.1100.exe [2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\.\Desktop\spybotsd162.exe [2010.12.30 12:31:12 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\.\Desktop\ccsetup302.exe [2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp [2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\.\Desktop\HiJackThis204.exe [2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\.\Desktop\nature-signature.jpg [2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\.\Desktop\allianz_arena_2.jpg [2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\.\Desktop\Real Render by TribunX.7z [2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\.\Desktop\dergruene.rar [2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\.\Desktop\W_Solo.jpg [2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:23 | 000,159,557 | ---- | M] () -- C:\Users\.\Desktop\Unbenannt-1.jpg [2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\.\Desktop\COD.psd [2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\.\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\.\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\.\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-284412.png [2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd [2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-177338.jpg [2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\.\Desktop\wallpaper-297605.png [2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:06 | 000,066,999 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-2.jpg [2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\.\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp [2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\.\Desktop\nature-signature.jpg [2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\.\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users.\Desktop\allianz_arena_2.jpg [2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\.\Desktop\LIL-Wayne-psd51253.png [2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\.\Desktop\dergruene.rar [2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\.\Desktop\Real Render by TribunX.7z [2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\.\Desktop\W_Solo.jpg [2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\.\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:21 | 000,159,557 | ---- | C] () -- C:\Users\.\Desktop\Unbenannt-1.jpg [2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\.\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\.\Desktop\INFECTED.ttf [2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\.\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\.\Desktop\COD.psd [2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\.\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\.\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\.\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-284412.png [2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3 by KeReN-R.abr [2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\.\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\.\Desktop\1293455011_itachisasuke.psd [2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\..\Desktop\wallpaper-297605.png [2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\.\Desktop\wallpaper-177338.jpg [2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\.\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\.\Desktop\GFX-S_Res-Pack.zip [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\.\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini [2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\.\AppData\Roaming\clipboard.txt [2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll ========== LOP Check ========== [2010.10.01 23:35:53 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Alien Skin [2010.03.18 21:27:23 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Canon [2010.12.30 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\DNA [2010.11.22 20:15:34 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\gtk-2.0 [2010.12.17 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Hiku [2010.12.28 19:21:16 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\ICQ [2010.05.03 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\iTSfv [2010.12.17 16:39:36 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Ogetv [2010.03.15 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\OpenOffice.org [2010.12.22 12:28:48 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Opera [2010.03.21 20:32:12 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\Teeworlds [2010.10.02 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\.\AppData\Roaming\TS3Client [2010.12.16 10:24:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > extra: Code:
ATTFilter OTL Extras logfile created on: 30.12.2010 16:13:32 - Run 1
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 198,35 Gb Free Space | 42,60% Space Free | Partition Type: NTFS
Computer Name: -PC | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"iTSfv_is1" = iTSfv 5.61.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fraps" = Fraps
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Softonic-Eng46 Toolbar" = Softonic-Eng46 Toolbar
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47770" = Medal of Honor Beta
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2010 21:16:51 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 29.12.2010 21:17:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 29.12.2010 21:22:13 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 29.12.2010 21:22:14 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 29.12.2010 21:24:36 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 30.12.2010 06:36:15 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = VSS | ID = 8193
Description =
Error - 30.12.2010 06:37:18 | Computer Name = -PC | Source = System Restore | ID = 8193
Description =
Error - 30.12.2010 06:48:32 | Computer Name = -PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cchrome.exe, Version: 0.0.0.0, Zeitstempel:
0x4cffee6d Name des fehlerhaften Moduls: chrome.dll, Version: 8.0.552.224, Zeitstempel:
0x4cffee38 Ausnahmecode: 0x80000003 Fehleroffset: 0x000d1649 ID des fehlerhaften Prozesses:
0x5a4 Startzeit der fehlerhaften Anwendung: 0x01cba80f0f22ac3e Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Google\Chrome\Application\cchrome.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\chrome.dll
Berichtskennung:
576b3937-1402-11e0-b727-ad342654e7b7
Error - 30.12.2010 08:00:42 | Computer Name = -PC | Source = SignInAssistant | ID = 0
Description =
[ System Events ]
Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren.
Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren.
Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren.
Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren.
Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren.
Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren.
Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren.
Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren.
Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren.
< End of report >
antivirr hab ich nicht zuende gemacht und spybot find ichd en log nicht. |
|
30.12.2010, 16:58
| #4 |
| /// Helfer-Team | System Tool 2011 Extreme Schau wegen Spybot mal hier: 1.) Berichte in Spybot Search&Destroy anzeigen lassen Spybot starten => im Menü Modus => erweiterter Modus einstellen => links auf Werkzeuge klicken => Berichte anzeigen => Bericht anzeigen => Bericht kopieren und hier einfügen. Ältere Berichte kannst Du über "Frühere Berichte ansehen" anzeigen lassen. Und falls Avira Funde gemacht hat: 2.) Avira Antivir - Was wurde gefunden? Damit wir uns die Funde deines Antivirenprogrammes mal genau ansehen können, gehe bitte wie folgt vor:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
30.12.2010, 17:11
| #5 |
| | System Tool 2011 Extreme okay antivir hat nichts gefunden spybotlog: Code:
ATTFilter --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi
2010-11-30 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2010-12-14 Includes\DialerC.sbi
2010-01-25 Includes\HeavyDuty.sbi
2010-11-30 Includes\Hijackers.sbi
2010-11-30 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2010-12-14 Includes\KeyloggersC.sbi
2010-12-14 Includes\Malware.sbi
2010-12-28 Includes\MalwareC.sbi
2010-05-18 Includes\PUPS.sbi
2010-12-14 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2010-12-14 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2010-12-28 Includes\Spyware.sbi
2010-12-28 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2010-12-17 Includes\TrojansC-02.sbi
2010-12-16 Includes\TrojansC-03.sbi
2010-12-16 Includes\TrojansC-04.sbi
2010-12-28 Includes\TrojansC-05.sbi
2010-12-28 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 466CE40EAA865752F4930A472563E4E1
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
size: 47904
MD5: 5ECB6C431E7F4F4BF3113B5145F6EF41
Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A
Located: HK_LM:Run, DivXUpdate
command: "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
file: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
size: 1226608
MD5: A58E05767687E1E636D160ECEA9BC8ED
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: E5B82EA4B98828D50C61137BFA8793F1
Located: HK_LM:Run, LogMeIn Hamachi Ui
command: "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
file: C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
size: 1910152
MD5: 9099462DE4CB8AFA9FD66832B8EFE00F
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-19...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1173504
MD5: EA6EADF6314E43783BA8EEE79F93F73C
Located: HK_CU:RunOnce, mctadmin
where: S-1-5-20...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Pando Media Booster
where: S-1-5-21-1130963293-2590934308-1779700388-1001...
command: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
file: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
size: 2937528
MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF
Located: Startup (allgemein), GamersFirst LIVE!.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
file: C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
size: 2845552
MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA
Located: Startup (Benutzer), OpenOffice.org 3.2.lnk
where: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: 28675E96E9CC2A81C0B0E182674E03C7
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 21.12.2009 17:27:44
Date (last access): 16.05.2010 18:33:24
Date (last write): 21.12.2009 17:27:44
Filesize: 75200
Attributes: archive
MD5: DC1E56092CC57FB4605B088D3DCCBF7A
CRC32: FF82C62B
Version: 9.3.0.148
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} (Canon Easy-WebPrint EX BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Canon Easy-WebPrint EX BHO
CLSID name: Canon Easy-WebPrint EX BHO
Path: C:\Program Files (x86)\Canon\Easy-WebPrint EX\
Long name: ewpexbho.dll
Short name:
Date (created): 15.03.2010 22:10:16
Date (last access): 15.03.2010 22:10:16
Date (last write): 25.11.2009 11:16:22
Filesize: 202080
Attributes: archive
MD5: 6A37CDFFE611498A0AA90B6FC6A2A1B5
CRC32: 964CC614
Version: 1.1.0.0
{86bf3498-8c44-4c3d-bbfb-05bd50858039} (Softonic-Eng46 Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Softonic-Eng46 Toolbar
Path: C:\Program Files (x86)\Softonic-Eng46\
Long name: tbSoft.dll
Short name:
Date (created): 09.05.2010 13:00:18
Date (last access): 09.05.2010 13:00:18
Date (last write): 22.02.2010 11:05:02
Filesize: 2353176
Attributes: archive
MD5: 1FECF655218FDF7329BEA67F519C8642
CRC32: EEFAFA9D
Version: 5.3.5.4
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live ID-Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live ID-Anmelde-Hilfsprogramm
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 21.09.2010 14:08:38
Date (last access): 06.11.2010 15:32:14
Date (last write): 21.09.2010 14:08:38
Filesize: 439168
Attributes: archive
MD5: 6BF01E200063D7274F3AF06D226671F5
CRC32: C8953126
Version: 7.250.4225.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
Date (last write): 15.03.2010 20:20:48
Filesize: 41760
Attributes: archive
MD5: 883EF2DD3C9F68691CE02DAAC7267D41
CRC32: C0FCD56C
Version: 6.0.180.7
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
Date (last write): 15.03.2010 20:20:48
Filesize: 108320
Attributes: archive
MD5: AD9E4059789D2389B746C58421194722
CRC32: 64C51ACB
Version: 6.0.180.7
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 15.03.2010 20:20:48
Date (last access): 15.03.2010 20:20:48
Date (last write): 15.03.2010 20:20:48
Filesize: 108320
Attributes: archive
MD5: AD9E4059789D2389B746C58421194722
CRC32: 64C51ACB
Version: 6.0.180.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 15.03.2010 20:20:50
Date (last access): 15.03.2010 20:20:50
Date (last write): 15.03.2010 20:20:50
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWow64\Macromed\Flash\
Long name: Flash10e.ocx
Short name:
Date (created): 27.01.2010 01:58:36
Date (last access): 15.03.2010 17:42:30
Date (last write): 27.01.2010 01:58:36
Filesize: 3981080
Attributes: readonly archive
MD5: C06E6E160F34CE092301BD2B29067F3F
CRC32: D922F8F5
Version: 10.0.45.2
--- Process list ---
PID: 0 ( 0) [System]
PID: 2904 (2656) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
size: 2937528
MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF
PID: 2960 (2656) C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
size: 2845552
MD5: 2A7C1ED70988284E5C11D8BD1AB9F9FA
PID: 744 (3024) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
size: 7424000
MD5: ABC2C67DFD48930F846934B907C3D606
PID: 1876 ( 744) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
size: 7418368
MD5: 15D982E21248E9BE337D9B40247AF30E
PID: 2896 (2964) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A
PID: 3004 (2964) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
PID: 964 (2964) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
size: 1910152
MD5: 9099462DE4CB8AFA9FD66832B8EFE00F
PID: 2732 (2964) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: E5B82EA4B98828D50C61137BFA8793F1
PID: 2312 (2964) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
size: 1226608
MD5: A58E05767687E1E636D160ECEA9BC8ED
PID: 3780 (3488) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
size: 13088
MD5: 0933539E330EDBDEB81277AE5F84E7DF
PID: 660 (3004) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
size: 490216
MD5: E9638B0CBB5DAE86F6E9DA843C19399D
PID: 3024 (2656) C:\Program Files (x86)\iTunes\iTunes.exe
size: 9777448
MD5: B52E84B0CB3A58CE93A7FBA19ADAC2ED
PID: 3944 (3024) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
size: 37664
MD5: 3C029253D99D17D76D0BD78F5134D7F6
PID: 1268 (2656) C:\Program Files (x86)\Steam\Steam.exe
size: 1242448
MD5: 3DD25048297A24AB4B3BFC17ABA5D0DB
PID: 2948 (2656) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 912344
MD5: 0E20A3213ED010FC4997D1EF48082ABC
PID: 3044 (2948) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: BA9A09CF1B9503C363617F3748F6D791
PID: 1488 (2656) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 260 ( 4) smss.exe
PID: 340 ( 332) csrss.exe
PID: 400 ( 332) wininit.exe
size: 96256
PID: 428 ( 392) csrss.exe
PID: 460 ( 400) services.exe
PID: 476 ( 400) lsass.exe
PID: 484 ( 400) lsm.exe
PID: 540 ( 392) winlogon.exe
PID: 624 ( 460) svchost.exe
size: 20992
PID: 708 ( 460) nvvsvc.exe
PID: 748 ( 460) svchost.exe
size: 20992
PID: 844 ( 460) svchost.exe
size: 20992
PID: 876 ( 460) svchost.exe
size: 20992
PID: 904 ( 460) svchost.exe
size: 20992
PID: 984 ( 844) audiodg.exe
PID: 352 ( 460) svchost.exe
size: 20992
PID: 588 ( 460) svchost.exe
size: 20992
PID: 1136 ( 708) nvvsvc.exe
PID: 1184 ( 460) spoolsv.exe
PID: 1212 ( 460) sched.exe
PID: 1252 ( 460) svchost.exe
size: 20992
PID: 1380 ( 460) svchost.exe
size: 20992
PID: 1400 ( 460) avguard.exe
PID: 1428 ( 460) AppleMobileDeviceService.exe
PID: 1504 ( 460) mDNSResponder.exe
PID: 1548 ( 460) svchost.exe
size: 20992
PID: 1580 ( 460) hamachi-2.exe
PID: 1604 ( 460) ICQ Service.exe
PID: 1664 (1400) avshadow.exe
PID: 1672 ( 340) conhost.exe
PID: 1736 ( 460) nlssrv32.exe
size: 57344
PID: 1804 ( 460) PnkBstrA.exe
size: 75064
PID: 1828 ( 460) nvSCPAPISvr.exe
PID: 1888 ( 460) WLIDSVC.EXE
PID: 1980 (1888) WLIDSVCM.EXE
PID: 2352 ( 460) svchost.exe
size: 20992
PID: 3060 ( 460) svchost.exe
size: 20992
PID: 2436 ( 460) wmpnetwk.exe
PID: 2172 ( 460) SearchIndexer.exe
size: 428032
PID: 2484 ( 460) C:\Windows\System32\taskhost.exe
PID: 2300 ( 876) C:\Windows\System32\dwm.exe
PID: 2656 (2272) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 2908 (2656) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
size: 2184520
MD5: BA636F9E95FA09C1F7A0F394B75AC85B
PID: 3380 ( 460) iPodService.exe
PID: 4024 ( 460) svchost.exe
size: 20992
PID: 3808 ( 428) C:\Windows\System32\conhost.exe
PID: 3136 ( 428) C:\Windows\System32\conhost.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30.12.2010 17:09:24
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://www.google.de/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 7: WindowsLive NSP
GUID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Namespace Provider 8: WindowsLive Local NSP
GUID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Filename: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
|
|
30.12.2010, 20:49
| #6 |
| /// Helfer-Team | System Tool 2011 Extreme Soweit erstmal nichts ernstes zu sehen. 1.) Deinstallation von Software
Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist. 2.) Fixen mit OTL
3.) Malwarebytes Antimalware Downloade Malwarebytes Anti-Malware von einem dieser Downloadspiegel: Malwarebytes - MajorGeeks.com - BestTechie
4.) Eset Online Scan ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte poste in deiner nächsten Antwort:
__________________ --> System Tool 2011 Extreme |
|
31.12.2010, 14:26
| #7 |
| | System Tool 2011 Extreme MALEWAREBYTES Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5426
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31.12.2010 01:17:22
mbam-log-2010-12-31 (01-17-22).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 595161
Laufzeit: 1 Stunde(n), 19 Minute(n), 18 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\\documents\fritz!box_reconnect\bat\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
c:\Users\\documents\fritz!box_reconnect\exe\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
Code:
ATTFilter All processes killed
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ctfmions:C:\Windows\system32\mshtHost.dll deleted successfully.
C:\Users\\Desktop\OTL.exe.part moved successfully.
C:\Users\\Desktop\mbam-setup-1.50.1.1100.exe moved successfully.
C:\Users\\Desktop\ccsetup302.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User:
->Temp folder emptied: 57161292 bytes
->Temporary Internet Files folder emptied: 2202764 bytes
->Java cache emptied: 1666119 bytes
->FireFox cache emptied: 731879643 bytes
->Google Chrome cache emptied: 6278376 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8996 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1910 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 764,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.18.2 log created on 12302010_234519
Files\Folders moved on Reboot...
C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=41eff60002fe594a9893f794f62c4f74
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-31 12:40:17
# local_time=2010-12-31 01:40:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 9460 30288329 36879 0
# compatibility_mode=5893 16776573 100 94 218767 46160744 0 0
# compatibility_mode=8192 67108863 100 0 3858 3858 0 0
# scanned=8029
# found=0
# cleaned=0
# scan_time=943
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=41eff60002fe594a9893f794f62c4f74
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-31 01:21:58
# local_time=2010-12-31 02:21:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 49040 30327909 76459 0
# compatibility_mode=5893 16776573 100 94 5632 46200324 0 0
# compatibility_mode=8192 67108863 100 0 43438 43438 0 0
# scanned=448802
# found=1
# cleaned=0
# scan_time=7065
C:\Program Files (x86)\GamersFirst\War Rock\System\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
|
|
31.12.2010, 16:19
| #8 |
| /// Helfer-Team | System Tool 2011 Extreme Okay. Wie läuft der PC?
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
31.12.2010, 16:46
| #9 |
| | System Tool 2011 Extreme gut soweit, gestern irgendwann hat antivir noch ein trojaner gefunden, ansonsten keine beschwerden. danke schonmal  |
|
31.12.2010, 17:30
| #10 |
| /// Helfer-Team | System Tool 2011 Extreme Wo hat Avira denn den Trojaner gefunden? Ich brauche immer den Dateinamen und den Fundort! Zb. C:\Windows\System32\böse.exe
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
31.12.2010, 19:24
| #11 |
| | System Tool 2011 Extreme Die Datei 'C:\ProgramData\lFfKf09000\lFfKf09000.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.akcc' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48131536.qua' verschoben! |
|
01.01.2011, 14:48
| #12 |
| /// Helfer-Team | System Tool 2011 Extreme Okay poste mir bitte nochmal zwei neue OTL-Logfiles: Systemscan mit OTL
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
01.01.2011, 16:05
| #13 |
| | System Tool 2011 ExtremeCode:
ATTFilter OTL logfile created on: 01.01.2011 15:57:09 - Run 2 OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: -PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe PRC - [2010.12.19 11:03:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010.12.19 11:03:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe PRC - [2010.12.09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.06 08:31:52 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2010.11.17 12:25:56 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2010.11.05 14:37:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.10.08 07:05:38 | 002,845,552 | ---- | M] (GamersFirst) -- C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe PRC - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.03.27 12:05:35 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.01.15 01:31:50 | 000,286,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe Photoshop CS5\App\PhotoshopCS5\LogTransport2.exe PRC - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.01.11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe ========== Modules (SafeList) ========== MOD - [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010.12.09 12:58:46 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.09 12:57:08 | 003,020,888 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll -- (Akamai) SRV - [2010.12.06 08:31:50 | 002,101,640 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.11.17 14:27:43 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.05 14:37:48 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.10.05 13:41:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.11 21:00:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.12.09 13:22:56 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.22 13:50:50 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.03 14:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 00 F7 5E 27 DB CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng46 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: Strata40@SpewBoy.au:0.6.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.19 15:52:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.19 11:03:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\components [2010.12.22 12:11:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugins [2010.03.11 20:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Extensions [2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions [2010.03.12 16:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.06.25 13:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.10.30 19:36:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.25 13:51:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.22 17:54:38 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\illimitux@illimitux.net [2010.06.25 13:51:31 | 000,000,000 | ---D | M] ("Strata40") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au [2010.06.25 13:51:38 | 000,000,000 | ---D | M] (StrataBuddy) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\StrataBuddy@ReduxTeam [2010.03.12 16:06:48 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\tabprogressbar@studio17.wordpress.com [2010.06.25 13:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\Strata40@SpewBoy.au\chrome\mozapps\extensions [2010.03.10 15:56:06 | 000,000,931 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml [2010.03.18 16:30:50 | 000,002,272 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml [2010.12.29 17:51:46 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml [2010.12.22 12:11:44 | 000,000,950 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml [2010.12.17 16:08:25 | 000,001,056 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml [2010.12.31 18:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.03.02 16:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\chrome\mozapps\extensions [2010.03.27 12:05:35 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.12.17 21:27:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.12.17 21:27:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.12.17 21:27:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.17 21:27:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.17 21:27:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.12.30 13:43:11 | 000,428,463 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysNative\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.31 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Signaturen [2010.12.31 12:04:57 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Neuer Ordner [2010.12.31 01:20:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2010.12.30 23:45:19 | 000,000,000 | ---D | C] -- C:\_OTL [2010.12.30 16:08:34 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe [2010.12.30 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes [2010.12.30 14:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.30 14:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.30 14:01:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.30 14:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.30 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\backups [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.12.30 12:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010.12.30 12:42:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.12.30 12:40:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\\Desktop\spybotsd162.exe [2010.12.30 01:47:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.12.30 01:06:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe [2010.12.30 00:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\lFfKf09000 [2010.12.30 00:37:42 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Adobe [2010.12.29 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Render [2010.12.29 15:29:38 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\PSDS [2010.12.29 12:52:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Adobe [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Opera [2010.12.22 12:28:48 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Opera [2010.12.22 12:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2010.12.22 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8 [2010.12.21 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6 [2010.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Avira [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.12.18 20:03:39 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.18 20:03:38 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.18 20:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.12.15 11:35:44 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 11:35:44 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 11:35:44 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 11:35:44 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 11:35:44 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 11:35:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 11:35:44 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 11:35:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 11:35:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 11:35:43 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 11:35:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 11:35:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 11:35:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 11:35:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 11:35:35 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.15 11:35:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 11:35:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 11:35:26 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 11:35:26 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 11:35:26 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 11:35:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 11:35:26 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 11:35:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 11:35:26 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 11:35:26 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 11:35:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 11:35:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 11:35:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 11:35:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.09 12:57:43 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.12.09 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi ========== Files - Modified Within 30 Days ========== [2011.01.01 15:46:36 | 000,036,845 | ---- | M] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg [2011.01.01 15:40:50 | 000,102,184 | ---- | M] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg [2011.01.01 15:36:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.01 12:21:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.01 12:18:35 | 001,613,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.01 12:18:35 | 000,696,862 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.01 12:18:35 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.01 12:18:35 | 000,148,158 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.01 12:18:35 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.01 12:14:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.01 12:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.01 12:14:03 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2010.12.31 18:13:28 | 000,000,059 | ---- | M] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL [2010.12.31 17:13:01 | 000,070,987 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-1.jpg [2010.12.31 16:33:08 | 000,071,685 | ---- | M] () -- C:\Users\\Desktop\Unbenannt-2.jpg [2010.12.31 16:03:53 | 000,076,203 | ---- | M] () -- C:\Users\\Desktop\Style Signature.jpg [2010.12.31 16:02:34 | 000,114,134 | ---- | M] () -- C:\Users\\Desktop\Style Signature.psd [2010.12.31 01:19:10 | 002,672,312 | ---- | M] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe [2010.12.31 00:21:45 | 000,000,462 | ---- | M] () -- C:\Users\\Desktop\listen-dsl.asx [2010.12.30 16:08:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe [2010.12.30 14:01:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:35 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 13:43:11 | 000,428,463 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.12.30 12:47:18 | 000,001,262 | ---- | M] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:38:28 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\\Desktop\spybotsd162.exe [2010.12.30 02:19:33 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp [2010.12.30 01:00:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\\Desktop\HiJackThis204.exe [2010.12.30 00:52:06 | 000,296,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.29 22:09:45 | 000,061,583 | ---- | M] () -- C:\Users\\Desktop\nature-signature.jpg [2010.12.29 20:39:27 | 000,020,268 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | M] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | M] () -- C:\Users\\Desktop\allianz_arena_2.jpg [2010.12.29 17:59:48 | 057,914,401 | ---- | M] () -- C:\Users\\Desktop\Real Render by TribunX.7z [2010.12.29 17:59:23 | 050,234,709 | ---- | M] () -- C:\Users\\Desktop\dergruene.rar [2010.12.29 17:46:04 | 000,049,651 | ---- | M] () -- C:\Users\\Desktop\W_Solo.jpg [2010.12.29 14:56:45 | 006,670,715 | ---- | M] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:50:28 | 000,121,849 | ---- | M] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:21:39 | 000,373,544 | ---- | M] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:15 | 014,163,122 | ---- | M] () -- C:\Users\\Desktop\COD.psd [2010.12.28 16:08:06 | 006,221,522 | ---- | M] () -- C:\Users\\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | M] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:38 | 000,001,825 | ---- | M] () -- C:\Users\\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | M] () -- C:\Users\\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | M] () -- C:\Users\\Desktop\wallpaper-284412.png [2010.12.28 14:44:19 | 003,386,135 | ---- | M] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:58 | 000,634,020 | ---- | M] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd [2010.12.28 12:08:25 | 000,462,991 | ---- | M] () -- C:\Users\\Desktop\wallpaper-177338.jpg [2010.12.27 22:00:05 | 000,507,347 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:32 | 006,039,469 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | M] () -- C:\Users\\Desktop\wallpaper-297605.png [2010.12.21 21:26:24 | 033,554,432 | ---- | M] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.18 11:51:10 | 000,102,236 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.16 14:08:58 | 184,554,007 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 14:07:52 | 146,067,426 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 14:03:00 | 067,044,414 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:39:47 | 113,462,666 | ---- | M] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip ========== Files Created - No Company Name ========== [2011.01.01 15:46:36 | 000,036,845 | ---- | C] () -- C:\Users\\Desktop\derw-schnellerhoeherweidner-digi-43726.jpg [2011.01.01 15:40:50 | 000,102,184 | ---- | C] () -- C:\Users\\Desktop\metalpunknukeemdowng.jpg [2010.12.31 18:13:28 | 000,000,059 | ---- | C] () -- C:\Users\\Desktop\HouseTime - We aRe oNe - Windows Media Player.URL [2010.12.31 16:03:52 | 000,076,203 | ---- | C] () -- C:\Users\\Desktop\Style Signature.jpg [2010.12.31 16:02:34 | 000,114,134 | ---- | C] () -- C:\Users\\Desktop\Style Signature.psd [2010.12.31 01:19:04 | 002,672,312 | ---- | C] () -- C:\Users\\Desktop\esetsmartinstaller_enu.exe [2010.12.31 00:21:03 | 000,000,462 | ---- | C] () -- C:\Users\\Desktop\listen-dsl.asx [2010.12.30 14:01:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.30 13:53:06 | 000,071,685 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-2.jpg [2010.12.30 12:44:13 | 000,001,262 | ---- | C] () -- C:\Users\\Desktop\Spybot - Search & Destroy.lnk [2010.12.30 12:42:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.12.30 01:46:04 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp [2010.12.29 22:09:44 | 000,061,583 | ---- | C] () -- C:\Users\\Desktop\nature-signature.jpg [2010.12.29 20:39:26 | 000,020,268 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.ttf [2010.12.29 20:38:58 | 000,160,343 | ---- | C] () -- C:\Users\\Desktop\Evolution_True_Type_Font_by_PAULW.jpg [2010.12.29 18:10:12 | 000,232,284 | ---- | C] () -- C:\Users\\Desktop\allianz_arena_2.jpg [2010.12.29 18:02:01 | 000,222,322 | ---- | C] () -- C:\Users\\Desktop\LIL-Wayne-psd51253.png [2010.12.29 17:57:28 | 050,234,709 | ---- | C] () -- C:\Users\\Desktop\dergruene.rar [2010.12.29 17:56:09 | 057,914,401 | ---- | C] () -- C:\Users\\Desktop\Real Render by TribunX.7z [2010.12.29 17:46:04 | 000,049,651 | ---- | C] () -- C:\Users\\Desktop\W_Solo.jpg [2010.12.29 14:56:33 | 006,670,715 | ---- | C] () -- C:\Users\\Desktop\Sui's Psd Pack Nr.1.rar [2010.12.28 18:56:21 | 000,070,987 | ---- | C] () -- C:\Users\\Desktop\Unbenannt-1.jpg [2010.12.28 18:47:42 | 000,121,849 | ---- | C] () -- C:\Users\\Desktop\Cod Steam Flynt.jpg [2010.12.28 18:22:06 | 000,076,548 | ---- | C] () -- C:\Users\\Desktop\INFECTED.ttf [2010.12.28 18:21:39 | 000,373,544 | ---- | C] () -- C:\Users\\Desktop\INFECTED_Font_by_asianpride7625.zip [2010.12.28 16:08:13 | 014,163,122 | ---- | C] () -- C:\Users\\Desktop\COD.psd [2010.12.28 16:08:05 | 006,221,522 | ---- | C] () -- C:\Users\\Desktop\kugel.psd [2010.12.28 15:42:36 | 002,047,499 | ---- | C] () -- C:\Users\\Desktop\wallpaper-modernwarfare2-1.jpg [2010.12.28 15:31:37 | 000,001,825 | ---- | C] () -- C:\Users\\Desktop\mushir_patternset1.pat [2010.12.28 15:30:27 | 000,002,068 | ---- | C] () -- C:\Users\\Desktop\attachment.jpg [2010.12.28 15:09:16 | 001,767,732 | ---- | C] () -- C:\Users\\Desktop\wallpaper-284412.png [2010.12.28 14:48:13 | 004,740,138 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3 by KeReN-R.abr [2010.12.28 14:44:14 | 003,386,135 | ---- | C] () -- C:\Users\\Desktop\GrungeBrushes3_by_KeReN_R.zip [2010.12.28 13:20:56 | 000,634,020 | ---- | C] () -- C:\Users\\Desktop\1293455011_itachisasuke.psd [2010.12.27 22:00:04 | 000,507,347 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.jpg [2010.12.27 20:43:30 | 006,039,469 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.psd [2010.12.27 20:34:02 | 000,824,683 | ---- | C] () -- C:\Users\\Desktop\wallpaper-297605.png [2010.12.27 20:14:16 | 000,462,991 | ---- | C] () -- C:\Users\\Desktop\wallpaper-177338.jpg [2010.12.21 21:23:49 | 033,554,432 | ---- | C] () -- C:\Users\\Desktop\Legend of Zelda, The - Ocarina of Time (E) (GC) [!].z64 [2010.12.16 13:59:35 | 146,067,426 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_4.zip [2010.12.16 13:58:52 | 184,554,007 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_3.zip [2010.12.16 13:57:51 | 067,044,414 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack_2.zip [2010.12.16 11:36:08 | 113,462,666 | ---- | C] () -- C:\Users\\Desktop\GFX-S_Res-Pack.zip [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.07.05 17:48:54 | 000,008,704 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.05 17:41:22 | 000,001,226 | ---- | C] () -- C:\ProgramData\ss.ini [2010.07.05 17:33:06 | 000,000,123 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.06.21 13:13:11 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.06.05 17:10:52 | 000,000,661 | ---- | C] () -- C:\Users\\AppData\Roaming\clipboard.txt [2010.05.03 13:42:49 | 001,590,194 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2002.10.06 19:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll [2002.10.05 00:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2002.10.05 00:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2002.10.05 00:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 01.01.2011 15:57:09 - Run 2
OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\
\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 179,44 Gb Free Space | 38,53% Space Free | Partition Type: NTFS
Drive D: | 67,41 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name:
-PC | User Name:
| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"iTSfv_is1" = iTSfv 5.61.0.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.40
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.3
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Album Art Downloader XUI" = Album Art Downloader XUI 0.33
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP550 series Benutzerregistrierung" = Canon MP550 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"Eye Candy 6" = Alien Skin Eye Candy 6
"Fraps" = Fraps
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars" = GUILD WARS
"HyperCam 2" = HyperCam 2
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b8 (x86 de)" = Mozilla Firefox 4.0b8 (x86 de)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NAVIGON Fresh" = NAVIGON Fresh 3.0.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.9
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenAL" = OpenAL
"Opera 11.00.1156" = Opera 11.00
"paw·ned²" = paw·ned² v1.3
"PunkBusterSvc" = PunkBuster Services
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 4560" = Company of Heroes
"Steam App 47770" = Medal of Honor Beta
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Steamless Day of Defeat Source Pack" = Steamless Day of Defeat Source Pack
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.12.2010 20:20:15 | Computer Name =
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 07:23:24 | Computer Name =
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 07:23:43 | Computer Name =
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 07:23:44 | Computer Name =
-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\
\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 09:23:46 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 15:36:04 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 31.12.2010 15:39:15 | Computer Name = -PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 31.12.2010 15:39:47 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\\Desktop\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 01.01.2011 09:01:31 | Computer Name = -PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 01.01.2011 09:02:54 | Computer Name = -PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 14.07.2010 06:59:15 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?07.?2010 um 12:57:59 unerwartet heruntergefahren.
Error - 15.07.2010 08:32:33 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?07.?2010 um 14:31:21 unerwartet heruntergefahren.
Error - 18.07.2010 16:50:07 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?07.?2010 um 22:47:45 unerwartet heruntergefahren.
Error - 23.07.2010 03:16:57 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?07.?2010 um 09:15:27 unerwartet heruntergefahren.
Error - 28.07.2010 05:53:35 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?07.?2010 um 11:52:21 unerwartet heruntergefahren.
Error - 29.07.2010 15:19:55 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?07.?2010 um 21:18:17 unerwartet heruntergefahren.
Error - 31.07.2010 13:58:46 | Computer Name = -PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 11.08.2010 06:21:53 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?08.?2010 um 12:20:07 unerwartet heruntergefahren.
Error - 12.08.2010 08:59:50 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?08.?2010 um 14:56:10 unerwartet heruntergefahren.
Error - 15.08.2010 05:51:20 | Computer Name = -PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?08.?2010 um 11:49:07 unerwartet heruntergefahren.
< End of report >
|
|
01.01.2011, 22:10
| #14 |
| /// Helfer-Team | System Tool 2011 Extreme So gehts weiter: 1.) Fixen mit OTL
2.) Einstellungen prüfen unter Windows 7 Stelle sicher, dass bei dir alle Ordner, Dateien und Laufwerke angezeigt werden:
3.) Dateiüberprüfung auf Virustotal Besuche Virustotal Suche dort nacheinander folgende Dateien und lade sie über den Button "Send file" hoch. Code:
ATTFilter C:\fsqwr.bmp
Wenn eine Datei nicht zu finden ist, sag mir bitte Bescheid. 4.) Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 5.) Sicherheitsrisiko Adobe Acrobat Reader Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader X" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn. Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren). Bitte poste in deiner nächsten Antwort:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
02.01.2011, 16:09
| #15 |
| | System Tool 2011 ExtremeCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Softonic-Eng46 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2560206&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\f5e71xr0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\conduit.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\google-und-download-suche.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\f5e71xr0.default\searchplugins\icqplugin.xml moved successfully.
Folder C:\ProgramData\lFfKf09000\ not found.
C:\Users\\Desktop\esetsmartinstaller_enu.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User:
->Temp folder emptied: 519460933 bytes
->Temporary Internet Files folder emptied: 5343465 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 216412423 bytes
->Google Chrome cache emptied: 6866843 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9907 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4750 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 713,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.18.2 log created on 01022011_152314
Files\Folders moved on Reboot...
C:\Users\\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D397A3Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D462039d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6D7A5350d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6E1B45F2d01 not found!
File\Folder C:\Users\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6ED67E8Ad01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6EF66F3Ad01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F064D01d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F3BA44Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6F8F2D34d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FE827D8d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\6FF0AB43d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\701A92EEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\702374ACd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C5E1B5B2d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6276D85d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6BBC6FEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C6F47057d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C7C86ABFd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8051499d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C811C2E5d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C822D4A6d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F13C2d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C83F484Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C86B9E07d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C8886357d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9011321d01 not found!
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C915444Bd01 moved successfully.
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9363504d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9DEDB2Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\C9EDFF7Ed01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CA90C243d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CAA4DE56d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBB1CB6Dd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBE10192d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CBEFABBEd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD180734d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD34221Cd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CD552AA1d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEDC8CABd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CEF8938Cd01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF1316D4d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF528845d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CF6D7AD0d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\CFC7EA92d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D081ED70d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D0B59087d01 not found!
File\Folder C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\Cache\D144B14Cd01 not found!
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\urlclassifier3.sqlite moved successfully.
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XPC.mfl moved successfully.
C:\Users\\AppData\Local\Mozilla\Firefox\Profiles\f5e71xr0.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter fsqwr.bmp
Submission date:
2011-01-02 15:05:51 (UTC)
Current status:
queued (#7) queued (#8) analysing finished
Result:
0/ 43 (0.0%)
Antivirus results
AhnLab-V3 - 2011.01.02.00 - 2011.01.01 - -
AntiVir - 7.11.0.248 - 2011.01.01 - -
Antiy-AVL - 2.0.3.7 - 2011.01.02 - -
Avast - 4.8.1351.0 - 2011.01.02 - -
Avast5 - 5.0.677.0 - 2011.01.02 - -
AVG - 9.0.0.851 - 2011.01.02 - -
BitDefender - 7.2 - 2011.01.02 - -
CAT-QuickHeal - 11.00 - 2011.01.02 - -
ClamAV - 0.96.4.0 - 2011.01.01 - -
Command - 5.2.11.5 - 2011.01.01 - -
Comodo - 7273 - 2011.01.02 - -
DrWeb - 5.0.2.03300 - 2011.01.02 - -
Emsisoft - 5.1.0.1 - 2011.01.02 - -
eSafe - 7.0.17.0 - 2010.12.30 - -
eTrust-Vet - None - 2010.12.31 - -
F-Prot - 4.6.2.117 - 2011.01.01 - -
F-Secure - 9.0.16160.0 - 2011.01.02 - -
Fortinet - 4.2.254.0 - 2011.01.02 - -
GData - 21 - 2011.01.02 - -
Ikarus - T3.1.1.90.0 - 2011.01.02 - -
Jiangmin - 13.0.900 - 2011.01.02 - -
K7AntiVirus - 9.75.3406 - 2010.12.31 - -
Kaspersky - 7.0.0.125 - 2011.01.02 - -
McAfee - 5.400.0.1158 - 2011.01.02 - -
McAfee-GW-Edition - 2010.1C - 2011.01.01 - -
Microsoft - 1.6402 - 2011.01.02 - -
NOD32 - 5753 - 2011.01.02 - -
Norman - 6.06.12 - 2011.01.01 - -
nProtect - 2011-01-02.01 - 2011.01.02 - -
Panda - 10.0.2.7 - 2011.01.02 - -
PCTools - 7.0.3.5 - 2011.01.02 - -
Prevx - 3.0 - 2011.01.02 - -
Rising - 22.80.04.04 - 2010.12.31 - -
Sophos - 4.60.0 - 2011.01.02 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.01.01 - -
Symantec - 20101.3.0.103 - 2011.01.02 - -
TheHacker - 6.7.0.1.109 - 2010.12.30 - -
TrendMicro - 9.120.0.1004 - 2011.01.02 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2011.01.02 - -
VBA32 - 3.12.14.2 - 2010.12.30 - -
VIPRE - 7922 - 2011.01.02 - -
ViRobot - 2010.12.31.4232 - 2011.01.02 - -
VirusBuster - 13.6.122.0 - 2011.01.01 - -
File info:
MD5: dbc2a803c50fe550e257108fdca9de11
SHA1: 6f440a3ca8a0dd7c965ea046df154af792f55fc7
SHA256: 311957539b85983277009c8c1285c8661860f1ecf5802319fd2ca22203ac4a87
File size: 1228854 bytes
Scan date: 2011-01-02 15:05:51 (UTC)
|
|
| Themen zu System Tool 2011 Extreme |
| antivir, bildschirm, bluescreen, bot, checken, entfernen, erste mal, firefox, frage, funktioniert nicht mehr, gelöscht, google, google bilder, hijack, hintergrund, internet, nerven, netzwerk, opera, problem, programme, starten, system, system tools, system wiederherstellung, systemwiederherstellung, task manager funktioniert nicht, trojaner, viren, virus, virus eingefangen, öffnet |
Button.
Linear-Darstellung
