Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: itunes Account gehackt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.01.2011, 14:32   #1
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



Hallo,

mein itunes Account ist scheinbar gehackt worden, da bereits 3 x unberechtigt Geld abgebucht wurde. Apple war "so nett", mir die Beträge zu erstatten. Meinen itunes-Account habe ich noch nicht re-aktiviert, weil ich glaube, dass mein PC ein Phishing-Problem haben könnte.

Ich bitte um Unerstützung.

Gruß
Chrissi

Alt 16.01.2011, 14:39   #2
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
2. reiche alle evtl vorhandenen scan logs mit funden nach
3.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 16.01.2011, 15:01   #3
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



anbei die Logs OTL und Extras


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.01.2011 15:45:26 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\A. Meyer\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 50,62 Gb Free Space | 20,73% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 680,12 Gb Free Space | 98,95% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: AMEYER-PC | User Name: A. Meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\A. Meyer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\A. Meyer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation)
DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 08 77 5D A4 05 CA 01  [binary data]
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {767a0048-69da-4392-b458-55b7a96b66f7}:0.12.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.13 13:49:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.13 13:49:02 | 000,000,000 | ---D | M]
 
[2009.11.21 21:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Extensions
[2011.01.16 11:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions
[2010.06.05 22:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.04 12:48:59 | 000,000,000 | ---D | M] (Scrollbar Anywhere) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{767a0048-69da-4392-b458-55b7a96b66f7}
[2010.10.04 20:59:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.24 08:55:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.17 17:43:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\moveplayer@movenetworks.com
[2009.11.21 21:16:15 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010.11.02 20:19:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\vshare@toolbar
[2011.01.16 13:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.05 22:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.30 08:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.09 19:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.31 10:17:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.31 10:17:57 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.31 10:17:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.31 10:17:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.31 10:17:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\A. Meyer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\A. Meyer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.14 20:02:08 | 006,573,888 | ---- | M] () - D:\Automatikk feat. Bass  Sultan Hengzt - Morgen wird ein besserer Tag.mp3 -- [ NTFS ]
O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{86396378-7193-11de-9853-002215171e8f}\Shell - "" = AutoRun
O33 - MountPoints2\{86396378-7193-11de-9853-002215171e8f}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{d2930de7-6aec-11de-8891-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d2930de7-6aec-11de-8891-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.16 15:42:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A. Meyer\Desktop\OTL.exe
[2011.01.16 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.01.15 13:45:18 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Avira
[2011.01.13 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Hurts - Happiness - Debut Album (2010) 320k - upp
[2011.01.12 09:32:08 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 09:32:08 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 09:32:08 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 09:32:08 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 09:32:07 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 09:32:07 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 09:32:07 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 09:32:07 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 09:32:07 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 09:32:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 09:32:06 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 09:32:06 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 09:32:06 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 09:32:05 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 09:32:05 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 09:32:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 09:32:05 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 09:32:05 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 09:32:05 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 09:32:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 09:32:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 09:32:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 09:32:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 09:32:05 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 09:32:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 09:32:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 09:32:04 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 09:31:57 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 09:31:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.11 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Chakuza - Suchen und Zerstoeren 2 DE (2010) - NOiR
[2011.01.10 23:46:53 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Haftbefehl-Azzlack_Stereotyp-2CD-DE-2010-NOiR
[2011.01.10 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Kollegah - Hoodtape Vol.1 X-Mas Edition-2010-PIMPSKEE
[2011.01.10 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Farid_Bang_-_Asphalt_Massaka_2
[2011.01.10 19:55:27 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\257ers - Zwen
[2010.12.22 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2010.12.22 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010.12.22 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited
[2010.12.22 21:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.12.22 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Local\OpenCandy
[2010.12.22 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy
[2010.12.22 21:09:47 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeStar
[2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeStar
[2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freestar
[2010.12.22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Documents\Downloads
[2010.12.22 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo
[2010.12.21 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\www.bitreactor.to_Saw.3D.Vollendung.R5.MD.German.READ.NFO.XViD-AOE
[2010.12.21 21:39:06 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Apple Computer
[2010.12.21 21:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010.12.21 21:38:30 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.12.21 21:38:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.12.21 21:38:30 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.12.21 21:38:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.12.21 21:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.12.21 21:37:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.12.21 21:37:34 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.12.21 21:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.12.20 07:40:17 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\www.bitreactor.to_Ich_Und_Ich_-_Hilf_Mir-WEB-DE-2010-L2M
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.16 15:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A. Meyer\Desktop\OTL.exe
[2011.01.16 13:18:12 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 13:18:12 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.16 13:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.16 13:10:44 | 2146,734,079 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.13 09:06:21 | 006,377,639 | ---- | M] () -- C:\Users\A. Meyer\Desktop\Rihanna feat. Drake - What's My Name [www.RNBxBeatz.com].mp3
[2011.01.03 22:30:54 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.12.27 12:18:11 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2010.12.25 15:08:21 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.25 15:08:21 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.25 15:08:21 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.25 15:08:21 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.25 15:08:21 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.22 21:09:51 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.12.22 21:04:36 | 000,001,120 | ---- | M] () -- C:\Users\A. Meyer\Desktop\FreeStar Burner-DVD.lnk
[2010.12.21 21:39:02 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.12.19 21:31:08 | 000,310,337 | ---- | M] () -- C:\Users\A. Meyer\Desktop\Skifahrt 2011 Anmeldung.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.13 09:05:59 | 006,377,639 | ---- | C] () -- C:\Users\A. Meyer\Desktop\Rihanna feat. Drake - What's My Name [www.RNBxBeatz.com].mp3
[2010.12.27 12:18:11 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk
[2010.12.22 21:09:51 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.12.22 21:04:36 | 000,001,120 | ---- | C] () -- C:\Users\A. Meyer\Desktop\FreeStar Burner-DVD.lnk
[2010.12.21 21:39:02 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.12.19 21:31:08 | 000,310,337 | ---- | C] () -- C:\Users\A. Meyer\Desktop\Skifahrt 2011 Anmeldung.pdf
[2010.11.02 14:35:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.06.12 14:07:42 | 000,055,382 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-tongue-2.jpg
[2010.06.12 14:07:39 | 000,027,192 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-sexy.jpg
[2010.06.12 14:07:36 | 000,064,637 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-scandal.jpg
[2010.06.12 14:07:27 | 000,080,949 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-nude.jpg
[2010.06.12 14:07:24 | 000,037,800 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-scandal.jpg
[2010.06.12 14:07:22 | 000,048,949 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-scandal-2.jpg
[2010.06.12 14:07:19 | 000,062,438 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-nude.jpg
[2010.06.12 14:07:17 | 000,056,852 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-lingerie.jpg
[2010.06.12 14:07:15 | 000,057,191 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-kiss.jpg
[2010.06.12 14:07:13 | 000,050,434 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-bed.jpg
[2010.06.12 14:07:10 | 000,000,000 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\chrtmp
[2010.06.12 14:07:08 | 000,031,605 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-ass.jpg
[2010.04.05 15:09:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.04.05 15:09:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.04.05 15:09:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.04.05 14:33:08 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.02.07 16:43:50 | 000,000,096 | ---- | C] () -- C:\Users\A. Meyer\AppData\Local\fusioncache.dat
[2010.02.07 12:59:03 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.23 21:01:51 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.21 21:47:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.07 15:30:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.07 13:04:01 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.07.07 13:04:01 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.07.07 12:39:15 | 000,037,655 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2009.07.07 12:39:03 | 000,037,191 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.05.15 14:19:54 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\ViaClassCoInstaller.dll
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011.01.16 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Azureus
[2010.12.22 21:09:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited
[2010.11.03 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DAEMON Tools Lite
[2010.10.04 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.02 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Games
[2010.12.22 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo
[2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\gtk-2.0
[2010.11.16 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ICQ
[2010.11.02 14:34:41 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Leadertech
[2009.11.21 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\MyPhoneExplorer
[2010.12.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy
[2009.12.24 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Samsung
[2010.04.13 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2009.07.07 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\TMP
[2010.05.22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ubisoft
[2010.12.07 15:50:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Adobe
[2010.05.25 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ahead
[2010.12.24 17:53:31 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Apple Computer
[2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ATI
[2011.01.15 13:45:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Avira
[2011.01.16 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Azureus
[2010.12.22 21:09:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited
[2010.11.03 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DAEMON Tools Lite
[2010.08.01 20:39:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DivX
[2010.08.17 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\dvdcss
[2010.10.04 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.02 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Games
[2010.12.22 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo
[2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\gtk-2.0
[2010.11.16 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ICQ
[2010.12.24 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Identities
[2009.11.21 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\InstallShield
[2010.11.02 14:34:41 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Leadertech
[2009.11.21 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Macromedia
[2010.06.09 08:37:03 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Media Center Programs
[2010.12.22 21:12:56 | 000,000,000 | --SD | M] -- C:\Users\A. Meyer\AppData\Roaming\Microsoft
[2009.11.21 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Mozilla
[2009.11.21 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\MyPhoneExplorer
[2010.12.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy
[2009.12.24 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Samsung
[2010.11.08 16:37:49 | 000,000,000 | RH-D | M] -- C:\Users\A. Meyer\AppData\Roaming\SecuROM
[2010.04.13 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2009.07.07 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\TMP
[2009.09.18 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\U3
[2010.05.22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ubisoft
[2010.11.22 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\vlc
[2009.08.06 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.23 09:24:05 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\A. Meyer\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2010.08.02 17:49:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\A. Meyer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.04.18 18:24:25 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\A. Meyer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.07.07 15:03:54 | 000,010,134 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{963AE89F-073A-9030-CBCD-D0AE55ED06FC}\ARPPRODUCTICON.exe
[2009.07.07 13:16:25 | 000,009,158 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
[2009.07.17 00:04:42 | 000,010,134 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.12.22 21:09:49 | 000,331,304 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\DLMgr_3_1.6.44.exe
[2010.05.05 18:53:38 | 004,072,576 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\registrybooster21.exe
[2010.12.22 21:10:00 | 004,125,269 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\registrybooster21Wrapped.exe
[2010.02.28 16:09:22 | 000,069,632 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\SysNative\drivers\iaStor.sys
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2d2ec4fd9937ddb4\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


[/CODE]




OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.01.2011 15:45:26 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\A. Meyer\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 50,62 Gb Free Space | 20,73% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 680,12 Gb Free Space | 98,95% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: AMEYER-PC | User Name: A. Meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{88EB92AB-ABD3-E13C-3AEE-B7518354B55A}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C5D6A1-F7BD-6004-9644-6501417CB411}" = ccc-utility64
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{012E6D05-BD3B-452D-D91A-B43B59F435F6}" = Catalyst Control Center Graphics Previews Vista
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0CC3A34F-2425-D43D-C6BA-515906FF177F}" = Catalyst Control Center HydraVision Full
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{2C76ED7E-A591-A078-1E10-49893CFED8C4}" = CCC Help Hungarian
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{364C73AF-2EA2-AD13-CFC3-44ECA869BF07}" = CCC Help Greek
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes jagt Jack the Ripper
"{42FDDCAE-937F-5E10-17BB-9BE3AD0A79F5}" = CCC Help German
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5263AA89-3D92-E447-0834-62E5FFCC468E}" = CCC Help Polish
"{52B6FCEC-7146-17FC-6877-18DAE0EDF05F}" = Euro-Fahrschule 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59579B12-97E6-437E-B988-BA032165D355}" = Xtra Controller
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{661F74E7-4FC3-AAAC-7024-E95E3334A68B}" = CCC Help Italian
"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{71A8B8AC-EEA5-385A-D3A0-229DA1380C18}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7368042D-2D55-DF18-58C7-2AFB9422D5AB}" = Catalyst Control Center Core Implementation
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{86166D93-9D32-DDC2-A458-F18C976C82E9}" = ccc-core-static
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92654DBC-2499-6E2E-4BE4-455056D09820}" = Catalyst Control Center Graphics Light
"{92FE6D1B-BA3C-70DC-CCF4-B378FCA907B9}" = Catalyst Control Center Graphics Previews Common
"{963AE89F-073A-9030-CBCD-D0AE55ED06FC}" = Catalyst Control Center InstallProxy
"{96442B62-2C2C-859B-983B-E0A3DC5C4E07}" = CCC Help Spanish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6A3F389-FD27-3501-0184-0B9CA9D7722A}" = HydraVision
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6E4268D-F2E8-297B-BDAB-43B4CD4297DF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6E4423E-8D32-5C2A-DF2A-4E2E98E9D6F9}" = CCC Help French
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Webcam Deluxe
"{E8ECE426-F0AC-C64A-C879-D37023DE0B90}" = Catalyst Control Center Graphics Full New
"{EAD50D08-DA4A-1A3C-6324-F26180CB152C}" = CCC Help Portuguese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F7065504-BFE4-2A9E-EFDF-8207BBABC46D}" = CCC Help English
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FDC42E3F-2615-AA7F-23CC-74996D12631B}" = ccc-core-static
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Setup.divx.com" = DivX-Setup
"Drakensang - Am Fluss der Zeit - DEMO_is1" = Drakensang - Am Fluss der Zeit - DEMO
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeStar Burner-DVD Software" = FreeStar Burner-DVD Software 1.0.2
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MPE" = MyPhoneExplorer
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1" = Euro-Fahrschule 2010
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"vShare" = vShare Plugin
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.04.2010 17:09:59 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2010 07:11:33 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2010 09:40:10 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.04.2010 16:46:58 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2010 04:28:34 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2010 09:45:40 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.04.2010 11:18:44 | Computer Name = AMeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.04.2010 05:30:41 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2010 07:23:05 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.04.2010 09:20:11 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.01.2011 18:52:43 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 14.01.2011 18:52:43 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2011 05:02:33 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 15.01.2011 05:02:33 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 15.01.2011 18:55:24 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 15.01.2011 18:55:24 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2011 06:24:12 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.01.2011 06:24:12 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.01.2011 08:10:54 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.01.2011 08:10:54 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


[/CODE]
__________________

Alt 16.01.2011, 15:22   #4
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
falls du aktuelle logs bereits vorliegen hast, ebenfalls posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2011, 16:12   #5
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5531

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.01.2011 17:07:11
mbam-log-2011-01-16 (17-07-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 315651
Laufzeit: 31 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 16.01.2011, 16:17   #6
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
wie war das itunes passwort gewählt? etwas leicht zu erratenes wie
123
oder
passwort
oder nen name?
__________________
--> itunes Account gehackt?

Alt 16.01.2011, 16:40   #7
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



das itunes passwort war nicht super kompliziert, aber auch nicht einfach ein name.


Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-15.01 - A. Meyer 16.01.2011  17:29:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8191.6363 [GMT 1:00]
ausgeführt von:: c:\users\A. Meyer\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\A. Meyer\AppData\Roaming\chrtmp

.
(((((((((((((((((((((((   Dateien erstellt von 2010-12-16 bis 2011-01-16  ))))))))))))))))))))))))))))))
.

2011-01-16 16:32 . 2011-01-16 16:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-01-16 16:32 . 2011-01-16 16:32	--------	d-----w-	c:\users\A2480~1~MEY\AppData\Local\temp
2011-01-16 15:28 . 2011-01-16 15:28	709456	----a-w-	c:\windows\isRS-000.tmp
2011-01-15 12:45 . 2011-01-15 12:45	--------	d-----w-	c:\users\A. Meyer\AppData\Roaming\Avira
2011-01-15 09:07 . 2010-11-10 05:35	8199504	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{89043FB8-FC71-4312-873C-A3E96CA39259}\mpengine.dll
2011-01-12 08:31 . 2010-10-16 05:17	720896	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 08:31 . 2010-10-16 05:16	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 08:31 . 2010-10-16 05:16	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 08:31 . 2010-10-16 05:16	1425408	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 08:31 . 2010-10-16 05:16	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 08:31 . 2010-10-16 04:34	573440	----a-w-	c:\windows\SysWow64\odbc32.dll
2011-01-12 08:31 . 2010-10-16 04:33	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 08:31 . 2010-10-16 04:33	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 08:31 . 2010-10-16 04:33	987136	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 08:31 . 2010-10-16 04:33	208896	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2010-12-22 20:10 . 2010-12-22 20:10	--------	d-----w-	c:\program files (x86)\Uniblue
2010-12-22 20:09 . 2010-12-22 20:09	--------	d-----w-	c:\users\A. Meyer\AppData\Roaming\Canneverbe Limited
2010-12-22 20:09 . 2010-12-22 20:09	--------	d-----w-	c:\programdata\Canneverbe Limited
2010-12-22 20:09 . 2010-12-22 20:12	--------	d-----w-	c:\users\A. Meyer\AppData\Local\OpenCandy
2010-12-22 20:09 . 2010-12-22 20:09	--------	d-----w-	c:\users\A. Meyer\AppData\Roaming\OpenCandy
2010-12-22 20:09 . 2010-12-22 20:09	--------	d-----w-	c:\program files\CDBurnerXP
2010-12-22 20:04 . 2010-12-22 20:04	--------	d-----w-	c:\program files (x86)\freestar
2010-12-22 20:04 . 2010-12-22 20:04	--------	d-----w-	c:\users\A. Meyer\AppData\Roaming\GetRightToGo
2010-12-21 20:39 . 2010-12-24 16:53	--------	d-----w-	c:\users\A. Meyer\AppData\Roaming\Apple Computer
2010-12-21 20:38 . 2010-12-21 20:38	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-12-21 20:38 . 2009-05-18 12:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-12-21 20:38 . 2008-04-17 11:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2010-12-21 20:38 . 2008-04-17 11:12	107368	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2010-12-21 20:38 . 2010-12-21 20:38	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-12-21 20:38 . 2010-12-21 20:38	--------	d-----w-	c:\program files\iTunes
2010-12-21 20:38 . 2010-12-21 20:38	--------	d-----w-	c:\program files (x86)\iTunes
2010-12-21 20:38 . 2010-12-21 20:38	--------	d-----w-	c:\program files\iPod
2010-12-21 20:37 . 2010-12-21 20:37	--------	d-----w-	c:\program files (x86)\Apple Software Update
2010-12-21 20:37 . 2010-12-21 20:37	--------	d-----w-	c:\program files\Common Files\Apple
2010-12-21 20:37 . 2010-12-21 20:37	--------	d-----w-	c:\program files\Bonjour
2010-12-21 20:37 . 2010-12-21 20:37	--------	d-----w-	c:\program files (x86)\Bonjour

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-06-09 07:36	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-06-09 07:36	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-05 11:50 . 2009-09-12 18:25	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2010-11-12 18:46 . 2010-11-12 18:46	4280320	----a-w-	c:\windows\SysWow64\GPhotos.scr
2010-11-12 17:53 . 2010-06-05 21:34	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-15 12:26	1194496	----a-w-	c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 12:26	57856	----a-w-	c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 12:26	978944	----a-w-	c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 12:26	44544	----a-w-	c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 12:26	482816	----a-w-	c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 12:26	386048	----a-w-	c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 12:26	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 12:26	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2010-11-02 16:10 . 2010-11-02 13:35	43520	----a-w-	c:\windows\SysWow64\CmdLineExt03.dll
2010-11-02 05:18 . 2010-12-15 12:26	524288	----a-w-	c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 12:26	473600	----a-w-	c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 12:26	1169408	----a-w-	c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 12:26	1114624	----a-w-	c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 12:26	464384	----a-w-	c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 12:26	285696	----a-w-	c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 12:26	496128	----a-w-	c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 12:26	305152	----a-w-	c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 12:26	192000	----a-w-	c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 12:26	179712	----a-w-	c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-15 12:26	2048	----a-w-	c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-15 12:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2010-10-20 05:20 . 2010-12-15 12:26	46080	----a-w-	c:\windows\system32\atmlib.dll
2010-10-20 04:54 . 2010-12-15 12:26	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2010-10-20 03:09 . 2010-12-15 12:26	3124224	----a-w-	c:\windows\system32\win32k.sys
2010-10-20 03:05 . 2010-12-15 12:26	367104	----a-w-	c:\windows\system32\atmfd.dll
2010-10-20 02:58 . 2010-12-15 12:26	294400	----a-w-	c:\windows\SysWow64\atmfd.dll
2010-10-19 09:41 . 2009-10-03 08:08	270720	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32	279944	----a-w-	c:\program files (x86)\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-11-05 116056]
"ICQ"="c:\program files (x86)\ICQ7.0\ICQ.exe" [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-05 281768]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-03 61440]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 14120]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2007-08-29 139264]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 OM0530;Hercules Deluxe Webcam;c:\windows\system32\Drivers\ov530vx.sys [2007-07-13 172928]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-11-02 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-05-19 173096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-03 834544]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-05 135336]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-12-27 460800]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\A. Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\zl9dyi2m.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bild.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Scrollbar Anywhere: {767a0048-69da-4392-b458-55b7a96b66f7} - %profile%\extensions\{767a0048-69da-4392-b458-55b7a96b66f7}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-16  17:33:38
ComboFix-quarantined-files.txt  2011-01-16 16:33

Vor Suchlauf: 9 Verzeichnis(se), 54.885.163.008 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 55.778.344.960 Bytes frei

- - End Of File - - F7C60CE6C82A8A88218884AEDB171B61
         
--- --- ---

Alt 16.01.2011, 16:55   #8
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2011, 17:20   #9
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



hallo,

anbei die liste aus meinem ccleaner.

Code:
ATTFilter
3DMark06	Futuremark Corporation	07.07.2009		1.1.1 unbekannt
Adobe AIR	Adobe Systems Inc.	01.08.2010		2.0.2.12610 notwendig
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.11.2009		10.0.22.87 notwendig
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	30.07.2010	6,00MB	10.1.53.64 notwendig
Adobe Reader 9.1.2 - Deutsch	Adobe Systems Incorporated	06.07.2009	234MB	9.1.2 notwendig
Adobe Shockwave Player	Adobe Systems, Inc.	21.01.2010		10.2.0.22 notwendig
ANNO 1404	Ubisoft	24.05.2010		1.02.0000 notwendig
Apple Application Support	Apple Inc.	12.12.2010	52,8MB	1.4.1 unbekannt
Apple Mobile Device Support	Apple Inc.	20.12.2010	22,3MB	3.3.0.69 unbekannt
Apple Software Update	Apple Inc.	20.12.2010	2,26MB	2.1.2.120 unbekannt
Ask Toolbar	Ask.com	28.07.2009		4.1.0.2 unnötig
ATI Catalyst Install Manager	ATI Technologies, Inc.	06.07.2009	18,2MB	3.0.728.0 notwendig
Avira AntiVir Personal - Free Antivirus	Avira GmbH	24.12.2010	61,8MB	10.0.0.609 notwendig
AVM FRITZ!WLAN	AVM Berlin	20.11.2009		notwendig
Bonjour	Apple Inc.	20.12.2010	1,58MB	2.0.4.0 unbekannt
CCleaner	Piriform	15.01.2011		3.02 notwendig
CDBurnerXP	CDBurnerXP	21.12.2010	16,2MB	4.3.8.2474 notwendig
Compatibility Pack for the 2007 Office system	Microsoft Corporation	09.11.2010	264MB	12.0.6425.1000 notwendig
Crysis(R)	Electronic Arts	06.02.2010	2.462MB	1.00.0000 notwendig
Der Stein der Weisen		05.01.2010		 notwendig
Die Sims 2		31.07.2010		 notwendig
Die Sims 2: Nightlife		31.07.2010		notwendig
Die Sims 2: Wilde Campus-Jahre		31.07.2010		notwendig
Die Sims™ 2 Apartment-Leben	Electronic Arts	31.07.2010	notwendig	
Die Sims™ 2 Freizeit-Spaß	Electronic Arts	31.07.2010	notwendig	
Die Sims™ 2 Gute Reise	Electronic Arts	31.07.2010		notwendig
Die Sims™ 2 Haustiere		31.07.2010		notwendig
Die Sims™ 2 Vier Jahreszeiten		31.07.2010	notwendig	
Die Sims™ 3	Electronic Arts	26.12.2010		1.18.9 notwendig
Die Sims™ 3 Late Night	Electronic Arts	26.12.2010		6.1.11 notwendig
Die Sims™ 3 Reiseabenteuer	Electronic Arts	25.03.2010		2.6.11 notwendig
Die Sims™ 3 Traumkarrieren	Electronic Arts	26.07.2010		4.2.32 notwendig
DivX-Setup	DivX, Inc. 	29.06.2010		1.0.2.22 notwendig
Drakensang - Am Fluss der Zeit	dtp	12.08.2010		notwendig
Drakensang - Am Fluss der Zeit - DEMO	dtp	08.08.2010	3.035MB	 notwendig
EA Download Manager	Electronic Arts, Inc.	02.01.2011		7.2.0.32 notwendig
Empire Earth		04.04.2010		notwendig
Euro-Fahrschule 2010	UNKNOWN	12.04.2010		1.0 notwendig
Express Gate Updater	DeviceVM	06.07.2009	5,16MB	1.1.1.2 unbekannt
FIFA 08	Electronic Arts	21.01.2010	3.956MB	1.0.1.1 unnötig
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	03.10.2010	8,11MB	notwendig
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	03.10.2010	32,1MB	notwendig
FreeStar Burner-DVD Software 1.0.2	FreeStar, Org.	21.12.2010		1.0.2 notwendig
Futuremark SystemInfo	Futuremark Corporation	07.07.2009		3.20.1.2 unbekannt
GameSpy Comrade	GameSpy	06.02.2010	19,0MB	1.5.0.156 unbekannt
GIMP 2.6.7		12.09.2009		unnötig
Gothic 3 Gold	JoWooD	06.11.2010	3.229MB	1.0.0 notwendig
GUILD WARS		06.02.2010		notwendig
Hercules Webcam Deluxe	Hercules	04.12.2009		3.2.2.5 notwendig
Hercules Webcam Station Evolution SE	Hercules	04.12.2009		3.2.2.5 notwendig
Host OpenAL (ADI)		20.11.2009		unbekannt
ICQ7	ICQ	27.02.2010		7.0 notwendig
Intel® Matrix Storage Manager	Intel Corporation	20.11.2009	notwendig	
iTunes	Apple Inc.	20.12.2010	145,7MB	10.1.1.4 notwendig
Java(TM) 6 Update 23	Sun Microsystems, Inc.	14.08.2009	95,0MB	6.0.230 notwendig
Kaminfeuer Titanium Edition II		12.12.2010		unnötig
Malwarebytes' Anti-Malware	Malwarebytes Corporation	15.01.2011	10,5MB	notwendig
Marvell Miniport Driver	Marvell	20.11.2009		10.22.4.3 unbekannt
McAfee Security Scan Plus	McAfee, Inc.	03.08.2010	8,30MB	2.0.181.2 unnötig
Microsoft .NET Framework 1.1	Microsoft	06.02.2010	34,8MB	1.1.4322 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	23.11.2010	38,8MB	4.0.30319 notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	21.11.2009		12.0.6425.1000 notwendig
Microsoft Office Word Viewer 2003	Microsoft Corporation	09.11.2010	86,4MB	11.0.8173.0 notwendig
Microsoft Silverlight	Microsoft Corporation	19.12.2010	148,8MB	4.0.51204.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	29.07.2009	0,25MB	8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.07.2009	0,25MB	8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	06.11.2010	2,38MB	8.0.56336 notwendig
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	06.07.2009	0,69MB	8.0.56336 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	13.09.2009	0,19MB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	11.09.2009	0,58MB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	27.03.2010	0,58MB	9.0.30729.4148 notwendig
Microsoft WSE 3.0 Runtime	Microsoft Corp.	16.07.2009	0,92MB	3.0.5305.0 notwendig
Mozilla Firefox (3.6.13)	Mozilla	10.12.2010		3.6.13 (de) notwendig
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	06.07.2009	1,28MB	4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,33MB	4.20.9876.0 notwendig
MyPhoneExplorer	F.J. Wechselberger	20.11.2009		1.7.3 unnötig
Nero 7 Essentials	Nero AG	06.07.2009	2.640MB	7.03.1151 notwendig
NVIDIA GAME System Software 2.8.1	NVIDIA Corporation	01.08.2010	5,72MB	2.8.1 notwendig
NVIDIA PhysX	NVIDIA Corporation	11.11.2009	119,8MB	9.09.0203 notwendig
OpenAL		20.11.2009		unbekannt
Picasa 3	Google, Inc.	20.11.2010		3.8 notwendig
PunkBuster Services	Even Balance, Inc.	06.02.2010		0.986 unbekannt
QuickTime	Apple Inc.	12.12.2010	73,7MB	7.69.80.9 notwendig
Risen	Deep Silver	11.11.2009		1.00.0000 notwendig
SAMSUNG Android USB Modem Software		25.12.2009	notwendig	
SAMSUNG Mobile Composite Device Software		25.12.2009	notwendig	
Samsung Mobile Modem Device Software		25.12.2009	notwendig	
SAMSUNG Mobile Modem Driver Set		25.12.2009		notwendig
SAMSUNG Mobile Modem V2 Software		25.12.2009	notwendig	
Samsung Mobile phone USB driver Drive Software		27.02.2010	notwendig	
Samsung Mobile phone USB driver Software		25.12.2009	notwendig	
SAMSUNG Mobile USB Device	SAMSUNG	25.12.2009	0,13MB	1.00.0000 notwendig
SAMSUNG Mobile USB Download Driver Software		25.12.2009	notwendig	
SAMSUNG Mobile USB Modem 1.0 Software		25.12.2009		notwendig
Samsung Mobile USB Modem Device Software		25.12.2009	notwendig	
SAMSUNG Mobile USB Modem Software		25.12.2009		notwendig
Samsung New PC Studio	Samsung Electronics Co., Ltd.	25.12.2009	259MB	1.00.0000 notwendig
Samsung New PC Studio USB Driver Installer	Samsung Electronics Co., Ltd.	27.02.2010	8,50MB	1.00.0000 notwendig
SAMSUNG USB Mobile Device Software		25.12.2009		notwendig
Sherlock Holmes jagt Jack the Ripper	Frogwares	01.08.2010		1.00.0777 notwendig
SoundMAX	Analog Devices	06.07.2009		6.10.2.6480 notwendig
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	06.07.2009	29,7MB	9.0.0 notwendig
The Witcher	CD Projekt Red	08.08.2009		1.00.0000 notwendig
Uniblue RegistryBooster	Uniblue Systems Ltd	21.12.2010	16,8MB	unbekannt
Uninstall 1.0.0.1		03.10.2010	10,6MB	unbekannt
VirtualCom driver	ait	25.12.2009	0,41MB	1.0.0 unbekannt
VLC media player 1.0.1	VideoLAN Team	20.11.2009		1.0.1 notwendig
vShare Plugin		01.11.2010	unbekannt	
Vuze	Vuze Inc.	15.01.2010	notwendig	
Warcraft III		29.05.2010	notwendig	
Warcraft III: All Products		29.05.2010	notwendig	
Windows Media Player Firefox Plugin	Microsoft Corp	31.07.2009	0,29MB	1.0.0.8 notwendig
WinRAR archiver		20.11.2009	notwendig	
Xtra Controller	Hercules	04.12.2009		3.2.2.1 notwendig
Zoo Tycoon: Complete Collection		22.12.2009		notwendig
         

Alt 16.01.2011, 17:24   #10
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



deinstaliere:
3DMark06
Adobe Reader 9
ersetzen:
Adobe - Adobe Reader herunterladen - Alle Versionen

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok

deinstaliere:
Ask Toolbar
Bonjour
FIFA 08
Futuremark
GIMP
Kaminfeuer
McAfee Security Scan
MyPhoneExplorer
Uniblue
bereinige dann dateien + registry.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2011, 17:55   #11
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



habe alles nach anleitung deinstalliert und adobe neu installiert.
weitere vorschläge?

Alt 16.01.2011, 18:18   #12
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



ja immer mit der ruhe :-)
avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
und "nachhohlen falls zeit überschritten" auswählen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2011, 20:20   #13
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



hi,
alles gemacht. antivir hat 0 fehler gefunden.
anbei log.

Code:
ATTFilter

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 16. Januar 2011  20:36

Es wird nach 2371662 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : A. Meyer
Computername   : AMEYER-PC

Versionsinformationen:
BUILD.DAT      : 10.0.0.567     32097 Bytes  19.04.2010 15:50:00
AVSCAN.EXE     : 10.0.3.0      433832 Bytes  01.04.2010 12:37:35
AVSCAN.DLL     : 10.0.3.0       56168 Bytes  30.03.2010 11:42:16
LUKE.DLL       : 10.0.2.3      104296 Bytes  07.03.2010 18:32:59
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 11:59:47
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:05:36
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 19:16:07
VBASE002.VDF   : 7.11.0.1        2048 Bytes  14.12.2010 19:16:08
VBASE003.VDF   : 7.11.0.2        2048 Bytes  14.12.2010 19:16:08
VBASE004.VDF   : 7.11.0.3        2048 Bytes  14.12.2010 19:16:08
VBASE005.VDF   : 7.11.0.4        2048 Bytes  14.12.2010 19:16:08
VBASE006.VDF   : 7.11.0.5        2048 Bytes  14.12.2010 19:16:08
VBASE007.VDF   : 7.11.0.6        2048 Bytes  14.12.2010 19:16:09
VBASE008.VDF   : 7.11.0.7        2048 Bytes  14.12.2010 19:16:09
VBASE009.VDF   : 7.11.0.8        2048 Bytes  14.12.2010 19:16:09
VBASE010.VDF   : 7.11.0.9        2048 Bytes  14.12.2010 19:16:09
VBASE011.VDF   : 7.11.0.10       2048 Bytes  14.12.2010 19:16:09
VBASE012.VDF   : 7.11.0.11       2048 Bytes  14.12.2010 19:16:09
VBASE013.VDF   : 7.11.0.52     128000 Bytes  16.12.2010 19:16:10
VBASE014.VDF   : 7.11.0.91     226816 Bytes  20.12.2010 19:16:11
VBASE015.VDF   : 7.11.0.122    136192 Bytes  21.12.2010 19:16:12
VBASE016.VDF   : 7.11.0.156    122880 Bytes  24.12.2010 19:16:12
VBASE017.VDF   : 7.11.0.185    146944 Bytes  27.12.2010 19:16:13
VBASE018.VDF   : 7.11.0.228    132608 Bytes  30.12.2010 19:16:14
VBASE019.VDF   : 7.11.1.5      148480 Bytes  03.01.2011 19:16:15
VBASE020.VDF   : 7.11.1.37     156672 Bytes  07.01.2011 19:16:16
VBASE021.VDF   : 7.11.1.65     140800 Bytes  10.01.2011 19:16:18
VBASE022.VDF   : 7.11.1.87     225280 Bytes  11.01.2011 19:16:20
VBASE023.VDF   : 7.11.1.124    125440 Bytes  14.01.2011 19:16:20
VBASE024.VDF   : 7.11.1.125      2048 Bytes  14.01.2011 19:16:20
VBASE025.VDF   : 7.11.1.126      2048 Bytes  14.01.2011 19:16:20
VBASE026.VDF   : 7.11.1.127      2048 Bytes  14.01.2011 19:16:21
VBASE027.VDF   : 7.11.1.128      2048 Bytes  14.01.2011 19:16:21
VBASE028.VDF   : 7.11.1.129      2048 Bytes  14.01.2011 19:16:21
VBASE029.VDF   : 7.11.1.130      2048 Bytes  14.01.2011 19:16:21
VBASE030.VDF   : 7.11.1.131      2048 Bytes  14.01.2011 19:16:21
VBASE031.VDF   : 7.11.1.146     67072 Bytes  16.01.2011 19:16:21
Engineversion  : 8.2.4.140 
AEVDF.DLL      : 8.1.2.1       106868 Bytes  16.01.2011 19:16:41
AESCRIPT.DLL   : 8.1.3.52     1282426 Bytes  16.01.2011 19:16:40
AESCN.DLL      : 8.1.7.2       127349 Bytes  16.01.2011 19:16:37
AESBX.DLL      : 8.1.3.2       254324 Bytes  16.01.2011 19:16:43
AERDL.DLL      : 8.1.9.2       635252 Bytes  16.01.2011 19:16:37
AEPACK.DLL     : 8.2.4.7       512375 Bytes  16.01.2011 19:16:35
AEOFFICE.DLL   : 8.1.1.10      201084 Bytes  16.01.2011 19:16:33
AEHEUR.DLL     : 8.1.2.64     3154294 Bytes  16.01.2011 19:16:33
AEHELP.DLL     : 8.1.16.0      246136 Bytes  16.01.2011 19:16:25
AEGEN.DLL      : 8.1.5.1       397683 Bytes  16.01.2011 19:16:24
AEEMU.DLL      : 8.1.3.0       393589 Bytes  16.01.2011 19:16:23
AECORE.DLL     : 8.1.19.0      196984 Bytes  16.01.2011 19:16:22
AEBB.DLL       : 8.1.1.0        53618 Bytes  16.01.2011 19:16:22
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 11:59:10
AVPREF.DLL     : 10.0.0.0       44904 Bytes  14.01.2010 11:59:07
AVREP.DLL      : 10.0.0.8       62209 Bytes  18.02.2010 16:47:40
AVREG.DLL      : 10.0.3.0       53096 Bytes  01.04.2010 12:35:44
AVSCPLR.DLL    : 10.0.3.0       83816 Bytes  01.04.2010 12:39:49
AVARKT.DLL     : 10.0.0.14     227176 Bytes  01.04.2010 12:22:11
AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  26.01.2010 09:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 12:57:53
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 15:38:54
NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 14:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 13:10:08
RCTEXT.DLL     : 10.0.53.0      98152 Bytes  09.04.2010 14:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, G:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 10
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PCK,+PFS,

Beginn des Suchlaufs: Sonntag, 16. Januar 2011  20:36

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SoundTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLanGUI.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NPSAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WlanNetService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'aaCenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '451' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\' <Sims3EP03>
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'G:\'
Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Sonntag, 16. Januar 2011  21:18
Benötigte Zeit: 42:11 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  29091 Verzeichnisse wurden überprüft
 803475 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 803475 Dateien ohne Befall
   4313 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
  39199 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Alt 17.01.2011, 18:16   #14
spidey63
 
itunes Account gehackt? - Standard

itunes Account gehackt?



Hallo Markus,

was kann ich noch tun ?

Alt 17.01.2011, 18:24   #15
markusg
/// Malware-holic
 
itunes Account gehackt? - Standard

itunes Account gehackt?



übersehen, sorry.
sieht alles gut aus bisher.
Free ESET Online Antivirus Scanner
eset online scan, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu itunes Account gehackt?
account, apple, berechtigt, bereits, beträge, gehackt, geld, glaube, itunes, phishing, schei



Ähnliche Themen: itunes Account gehackt?


  1. FB Account gehackt.
    Smartphone, Tablet & Handy Security - 20.10.2015 (8)
  2. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  3. WoW Account gehackt
    Log-Analyse und Auswertung - 08.10.2014 (5)
  4. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  5. GMX Account gehackt
    Log-Analyse und Auswertung - 07.01.2014 (9)
  6. GMX Account gehackt!
    Log-Analyse und Auswertung - 08.08.2012 (0)
  7. GMX-Account gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  8. iTunes Account gehackt - Rechner Überprüfung
    Log-Analyse und Auswertung - 31.01.2012 (5)
  9. Account gehackt!
    Log-Analyse und Auswertung - 08.08.2011 (19)
  10. Account gehackt
    Log-Analyse und Auswertung - 30.03.2010 (13)
  11. WoW Account 2 mal gehackt
    Log-Analyse und Auswertung - 05.02.2010 (0)
  12. Keylogger, WoW - Account gehackt :X
    Log-Analyse und Auswertung - 17.12.2009 (10)
  13. wow-account gehackt
    Log-Analyse und Auswertung - 14.12.2009 (5)
  14. WoW - Account gehackt und nun
    Log-Analyse und Auswertung - 01.09.2009 (27)
  15. MSN account gehackt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2009 (4)
  16. Account gehackt
    Log-Analyse und Auswertung - 24.06.2008 (1)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)

Zum Thema itunes Account gehackt? - Hallo, mein itunes Account ist scheinbar gehackt worden, da bereits 3 x unberechtigt Geld abgebucht wurde. Apple war "so nett", mir die Beträge zu erstatten. Meinen itunes-Account habe ich noch - itunes Account gehackt?...
Archiv
Du betrachtest: itunes Account gehackt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.