| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: itunes Account gehackt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.01.2011, 15:32
| #1 |
 |  itunes Account gehackt? Hallo, mein itunes Account ist scheinbar gehackt worden, da bereits 3 x unberechtigt Geld abgebucht wurde. Apple war "so nett", mir die Beträge zu erstatten. Meinen itunes-Account habe ich noch nicht re-aktiviert, weil ich glaube, dass mein PC ein Phishing-Problem haben könnte. Ich bitte um Unerstützung. Gruß Chrissi |
|
16.01.2011, 15:39
| #2 |
| /// Malware-holic   | itunes Account gehackt? 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs mit funden nach 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
16.01.2011, 16:01
| #3 |
| | itunes Account gehackt? anbei die Logs OTL und Extras
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.01.2011 15:45:26 - Run 1 OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\A. Meyer\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,14 Gb Total Space | 50,62 Gb Free Space | 20,73% Space Free | Partition Type: NTFS Drive D: | 687,37 Gb Total Space | 680,12 Gb Free Space | 98,95% Space Free | Partition Type: NTFS Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: AMEYER-PC | User Name: A. Meyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\A. Meyer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.) PRC - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\A. Meyer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation) DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 08 77 5D A4 05 CA 01 [binary data] IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1 FF - prefs.js..extensions.enabledItems: {767a0048-69da-4392-b458-55b7a96b66f7}:0.12.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.13 13:49:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.13 13:49:02 | 000,000,000 | ---D | M] [2009.11.21 21:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Extensions [2011.01.16 11:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions [2010.06.05 22:46:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.04 12:48:59 | 000,000,000 | ---D | M] (Scrollbar Anywhere) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2010.10.04 20:59:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.24 08:55:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.17 17:43:44 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\moveplayer@movenetworks.com [2009.11.21 21:16:15 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\quickdrag@mozilla.ktechcomputing.com [2010.11.02 20:19:09 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\A. Meyer\AppData\Roaming\mozilla\Firefox\Profiles\zl9dyi2m.default\extensions\vshare@toolbar [2011.01.16 13:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.05 22:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 08:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.09 19:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.31 10:17:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.31 10:17:57 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.31 10:17:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.31 10:17:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.31 10:17:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2643983100-559862435-3460398365-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\A. Meyer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\A. Meyer\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.14 20:02:08 | 006,573,888 | ---- | M] () - D:\Automatikk feat. Bass Sultan Hengzt - Morgen wird ein besserer Tag.mp3 -- [ NTFS ] O32 - AutoRun File - [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.06.27 10:12:50 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{86396378-7193-11de-9853-002215171e8f}\Shell - "" = AutoRun O33 - MountPoints2\{86396378-7193-11de-9853-002215171e8f}\Shell\AutoRun\command - "" = H:\pushinst.exe O33 - MountPoints2\{d2930de7-6aec-11de-8891-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2930de7-6aec-11de-8891-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.09.21 08:23:57 | 000,054,544 | R--- | M] (Electronic Arts) O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.16 15:42:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\A. Meyer\Desktop\OTL.exe [2011.01.16 13:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.01.15 13:45:18 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Avira [2011.01.13 21:23:31 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Hurts - Happiness - Debut Album (2010) 320k - upp [2011.01.12 09:32:08 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 09:32:08 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 09:32:08 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.01.12 09:32:08 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.01.12 09:32:07 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 09:32:07 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 09:32:07 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 09:32:07 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.01.12 09:32:07 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.01.12 09:32:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.12 09:32:06 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 09:32:06 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.12 09:32:06 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.12 09:32:05 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 09:32:05 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 09:32:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 09:32:05 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.12 09:32:05 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.12 09:32:05 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 09:32:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 09:32:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 09:32:05 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 09:32:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 09:32:05 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 09:32:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 09:32:04 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.01.12 09:32:04 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.12 09:31:57 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 09:31:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.11 00:05:14 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Chakuza - Suchen und Zerstoeren 2 DE (2010) - NOiR [2011.01.10 23:46:53 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Haftbefehl-Azzlack_Stereotyp-2CD-DE-2010-NOiR [2011.01.10 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Kollegah - Hoodtape Vol.1 X-Mas Edition-2010-PIMPSKEE [2011.01.10 23:04:12 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\Farid_Bang_-_Asphalt_Massaka_2 [2011.01.10 19:55:27 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\257ers - Zwen [2010.12.22 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2010.12.22 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2010.12.22 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited [2010.12.22 21:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2010.12.22 21:09:49 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Local\OpenCandy [2010.12.22 21:09:48 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy [2010.12.22 21:09:47 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP [2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeStar [2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeStar [2010.12.22 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\freestar [2010.12.22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Documents\Downloads [2010.12.22 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo [2010.12.21 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\www.bitreactor.to_Saw.3D.Vollendung.R5.MD.German.READ.NFO.XViD-AOE [2010.12.21 21:39:06 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\AppData\Roaming\Apple Computer [2010.12.21 21:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2010.12.21 21:38:30 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll [2010.12.21 21:38:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll [2010.12.21 21:38:30 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2010.12.21 21:38:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.12.21 21:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010.12.21 21:37:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.12.21 21:37:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.12.21 21:37:34 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.12.21 21:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.12.20 07:40:17 | 000,000,000 | ---D | C] -- C:\Users\A. Meyer\Desktop\www.bitreactor.to_Ich_Und_Ich_-_Hilf_Mir-WEB-DE-2010-L2M [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.16 15:42:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\A. Meyer\Desktop\OTL.exe [2011.01.16 13:18:12 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.16 13:18:12 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.16 13:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.16 13:10:44 | 2146,734,079 | -HS- | M] () -- C:\hiberfil.sys [2011.01.13 09:06:21 | 006,377,639 | ---- | M] () -- C:\Users\A. Meyer\Desktop\Rihanna feat. Drake - What's My Name [www.RNBxBeatz.com].mp3 [2011.01.03 22:30:54 | 000,001,258 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2010.12.27 12:18:11 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk [2010.12.25 15:08:21 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.25 15:08:21 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.25 15:08:21 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.25 15:08:21 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.25 15:08:21 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.22 21:09:51 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.12.22 21:04:36 | 000,001,120 | ---- | M] () -- C:\Users\A. Meyer\Desktop\FreeStar Burner-DVD.lnk [2010.12.21 21:39:02 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.12.19 21:31:08 | 000,310,337 | ---- | M] () -- C:\Users\A. Meyer\Desktop\Skifahrt 2011 Anmeldung.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.13 09:05:59 | 006,377,639 | ---- | C] () -- C:\Users\A. Meyer\Desktop\Rihanna feat. Drake - What's My Name [www.RNBxBeatz.com].mp3 [2010.12.27 12:18:11 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Late Night.lnk [2010.12.22 21:09:51 | 000,001,742 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2010.12.22 21:04:36 | 000,001,120 | ---- | C] () -- C:\Users\A. Meyer\Desktop\FreeStar Burner-DVD.lnk [2010.12.21 21:39:02 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.12.19 21:31:08 | 000,310,337 | ---- | C] () -- C:\Users\A. Meyer\Desktop\Skifahrt 2011 Anmeldung.pdf [2010.11.02 14:35:05 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.06.12 14:07:42 | 000,055,382 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-tongue-2.jpg [2010.06.12 14:07:39 | 000,027,192 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-sexy.jpg [2010.06.12 14:07:36 | 000,064,637 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-scandal.jpg [2010.06.12 14:07:27 | 000,080,949 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-nude.jpg [2010.06.12 14:07:24 | 000,037,800 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-scandal.jpg [2010.06.12 14:07:22 | 000,048,949 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-scandal-2.jpg [2010.06.12 14:07:19 | 000,062,438 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-new-nude.jpg [2010.06.12 14:07:17 | 000,056,852 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-lingerie.jpg [2010.06.12 14:07:15 | 000,057,191 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-kiss.jpg [2010.06.12 14:07:13 | 000,050,434 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-bed.jpg [2010.06.12 14:07:10 | 000,000,000 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\chrtmp [2010.06.12 14:07:08 | 000,031,605 | ---- | C] () -- C:\Users\A. Meyer\AppData\Roaming\vanessa-hudgens-ass.jpg [2010.04.05 15:09:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2010.04.05 15:09:22 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2010.04.05 15:09:22 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2010.04.05 14:33:08 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.02.07 16:43:50 | 000,000,096 | ---- | C] () -- C:\Users\A. Meyer\AppData\Local\fusioncache.dat [2010.02.07 12:59:03 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.23 21:01:51 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.11.21 21:47:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.07.07 15:30:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.07.07 13:04:01 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2009.07.07 13:04:01 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2009.07.07 12:39:15 | 000,037,655 | ---- | C] () -- C:\Windows\Ascd_log.ini [2009.07.07 12:39:03 | 000,037,191 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.05.15 14:19:54 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\ViaClassCoInstaller.dll [2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2011.01.16 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Azureus [2010.12.22 21:09:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited [2010.11.03 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DAEMON Tools Lite [2010.10.04 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.02 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Games [2010.12.22 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo [2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\gtk-2.0 [2010.11.16 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ICQ [2010.11.02 14:34:41 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Leadertech [2009.11.21 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\MyPhoneExplorer [2010.12.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy [2009.12.24 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Samsung [2010.04.13 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1 [2009.07.07 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\TMP [2010.05.22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ubisoft [2010.12.07 15:50:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.07 16:34:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Adobe [2010.05.25 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ahead [2010.12.24 17:53:31 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Apple Computer [2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ATI [2011.01.15 13:45:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Avira [2011.01.16 13:08:12 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Azureus [2010.12.22 21:09:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Canneverbe Limited [2010.11.03 09:12:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DAEMON Tools Lite [2010.08.01 20:39:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DivX [2010.08.17 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\dvdcss [2010.10.04 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.02 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Games [2010.12.22 21:04:34 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\GetRightToGo [2009.11.21 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\gtk-2.0 [2010.11.16 13:29:50 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\ICQ [2010.12.24 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Identities [2009.11.21 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\InstallShield [2010.11.02 14:34:41 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Leadertech [2009.11.21 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Macromedia [2010.06.09 08:37:03 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Media Center Programs [2010.12.22 21:12:56 | 000,000,000 | --SD | M] -- C:\Users\A. Meyer\AppData\Roaming\Microsoft [2009.11.21 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Mozilla [2009.11.21 21:16:15 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\MyPhoneExplorer [2010.12.22 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy [2009.12.24 19:36:55 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Samsung [2010.11.08 16:37:49 | 000,000,000 | RH-D | M] -- C:\Users\A. Meyer\AppData\Roaming\SecuROM [2010.04.13 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1 [2009.07.07 13:00:28 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\TMP [2009.09.18 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\U3 [2010.05.22 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\Ubisoft [2010.11.22 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\vlc [2009.08.06 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\A. Meyer\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.10.23 09:24:05 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\A. Meyer\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2010.08.02 17:49:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\A. Meyer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.04.18 18:24:25 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\A. Meyer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.07.07 15:03:54 | 000,010,134 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{963AE89F-073A-9030-CBCD-D0AE55ED06FC}\ARPPRODUCTICON.exe [2009.07.07 13:16:25 | 000,009,158 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe [2009.07.17 00:04:42 | 000,010,134 | R--- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.12.22 21:09:49 | 000,331,304 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\DLMgr_3_1.6.44.exe [2010.05.05 18:53:38 | 004,072,576 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\registrybooster21.exe [2010.12.22 21:10:00 | 004,125,269 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\OpenCandy\OpenCandy_C03B0D3F69D342649DC30432F0D51BA1\registrybooster21Wrapped.exe [2010.02.28 16:09:22 | 000,069,632 | ---- | M] () -- C:\Users\A. Meyer\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\SysNative\drivers\iaStor.sys [2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2d2ec4fd9937ddb4\iaStor.sys [2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > [/CODE] OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.01.2011 15:45:26 - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\A. Meyer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 79,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 50,62 Gb Free Space | 20,73% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 680,12 Gb Free Space | 98,95% Space Free | Partition Type: NTFS
Drive E: | 6,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: AMEYER-PC | User Name: A. Meyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{19639A51-FCC5-40BA-9F07-D8292A07249B}" = VirtualCom driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{88EB92AB-ABD3-E13C-3AEE-B7518354B55A}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C6C5D6A1-F7BD-6004-9644-6501417CB411}" = ccc-utility64
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{012E6D05-BD3B-452D-D91A-B43B59F435F6}" = Catalyst Control Center Graphics Previews Vista
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0CC3A34F-2425-D43D-C6BA-515906FF177F}" = Catalyst Control Center HydraVision Full
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{2C76ED7E-A591-A078-1E10-49893CFED8C4}" = CCC Help Hungarian
"{30E1022C-17EB-482A-8C82-16B79B98C4E4}" = Express Gate Updater
"{364C73AF-2EA2-AD13-CFC3-44ECA869BF07}" = CCC Help Greek
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes jagt Jack the Ripper
"{42FDDCAE-937F-5E10-17BB-9BE3AD0A79F5}" = CCC Help German
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5263AA89-3D92-E447-0834-62E5FFCC468E}" = CCC Help Polish
"{52B6FCEC-7146-17FC-6877-18DAE0EDF05F}" = Euro-Fahrschule 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59579B12-97E6-437E-B988-BA032165D355}" = Xtra Controller
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{661F74E7-4FC3-AAAC-7024-E95E3334A68B}" = CCC Help Italian
"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Device
"{71A8B8AC-EEA5-385A-D3A0-229DA1380C18}" = Catalyst Control Center Localization All
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7368042D-2D55-DF18-58C7-2AFB9422D5AB}" = Catalyst Control Center Core Implementation
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{86166D93-9D32-DDC2-A458-F18C976C82E9}" = ccc-core-static
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92654DBC-2499-6E2E-4BE4-455056D09820}" = Catalyst Control Center Graphics Light
"{92FE6D1B-BA3C-70DC-CCF4-B378FCA907B9}" = Catalyst Control Center Graphics Previews Common
"{963AE89F-073A-9030-CBCD-D0AE55ED06FC}" = Catalyst Control Center InstallProxy
"{96442B62-2C2C-859B-983B-E0A3DC5C4E07}" = CCC Help Spanish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6A3F389-FD27-3501-0184-0B9CA9D7722A}" = HydraVision
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6E4268D-F2E8-297B-BDAB-43B4CD4297DF}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6E4423E-8D32-5C2A-DF2A-4E2E98E9D6F9}" = CCC Help French
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Webcam Deluxe
"{E8ECE426-F0AC-C64A-C879-D37023DE0B90}" = Catalyst Control Center Graphics Full New
"{EAD50D08-DA4A-1A3C-6324-F26180CB152C}" = CCC Help Portuguese
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F7065504-BFE4-2A9E-EFDF-8207BBABC46D}" = CCC Help English
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FDC42E3F-2615-AA7F-23CC-74996D12631B}" = ccc-core-static
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Setup.divx.com" = DivX-Setup
"Drakensang - Am Fluss der Zeit - DEMO_is1" = Drakensang - Am Fluss der Zeit - DEMO
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeStar Burner-DVD Software" = FreeStar Burner-DVD Software 1.0.2
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MPE" = MyPhoneExplorer
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"ST5UNST #1" = Kaminfeuer Titanium Edition II
"SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1" = Euro-Fahrschule 2010
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"vShare" = vShare Plugin
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2643983100-559862435-3460398365-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2010 17:09:59 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2010 07:11:33 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2010 09:40:10 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.04.2010 16:46:58 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2010 04:28:34 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2010 09:45:40 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.04.2010 11:18:44 | Computer Name = AMeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.04.2010 05:30:41 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2010 07:23:05 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2010 09:20:11 | Computer Name = AMeyer-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 14.01.2011 18:52:43 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 14.01.2011 18:52:43 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 15.01.2011 05:02:33 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 15.01.2011 05:02:33 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 15.01.2011 18:55:24 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 15.01.2011 18:55:24 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 16.01.2011 06:24:12 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.01.2011 06:24:12 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 16.01.2011 08:10:54 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.01.2011 08:10:54 | Computer Name = AMeyer-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
[/CODE] |
|
16.01.2011, 16:22
| #4 |
| /// Malware-holic | itunes Account gehackt? download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten. falls du aktuelle logs bereits vorliegen hast, ebenfalls posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2011, 17:12
| #5 |
| | itunes Account gehackt?Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5531
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
16.01.2011 17:07:11
mbam-log-2011-01-16 (17-07-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 315651
Laufzeit: 31 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
16.01.2011, 17:17
| #6 |
| /// Malware-holic | itunes Account gehackt? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix wie war das itunes passwort gewählt? etwas leicht zu erratenes wie 123 oder passwort oder nen name?
__________________ --> itunes Account gehackt? |
|
16.01.2011, 17:40
| #7 |
| | itunes Account gehackt? das itunes passwort war nicht super kompliziert, aber auch nicht einfach ein name. Code:
ATTFilter Combofix Logfile: |
|
16.01.2011, 17:55
| #8 |
| /// Malware-holic | itunes Account gehackt? lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2011, 18:20
| #9 |
| | itunes Account gehackt? hallo, anbei die liste aus meinem ccleaner. Code:
ATTFilter 3DMark06 Futuremark Corporation 07.07.2009 1.1.1 unbekannt
Adobe AIR Adobe Systems Inc. 01.08.2010 2.0.2.12610 notwendig
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 20.11.2009 10.0.22.87 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 30.07.2010 6,00MB 10.1.53.64 notwendig
Adobe Reader 9.1.2 - Deutsch Adobe Systems Incorporated 06.07.2009 234MB 9.1.2 notwendig
Adobe Shockwave Player Adobe Systems, Inc. 21.01.2010 10.2.0.22 notwendig
ANNO 1404 Ubisoft 24.05.2010 1.02.0000 notwendig
Apple Application Support Apple Inc. 12.12.2010 52,8MB 1.4.1 unbekannt
Apple Mobile Device Support Apple Inc. 20.12.2010 22,3MB 3.3.0.69 unbekannt
Apple Software Update Apple Inc. 20.12.2010 2,26MB 2.1.2.120 unbekannt
Ask Toolbar Ask.com 28.07.2009 4.1.0.2 unnötig
ATI Catalyst Install Manager ATI Technologies, Inc. 06.07.2009 18,2MB 3.0.728.0 notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 24.12.2010 61,8MB 10.0.0.609 notwendig
AVM FRITZ!WLAN AVM Berlin 20.11.2009 notwendig
Bonjour Apple Inc. 20.12.2010 1,58MB 2.0.4.0 unbekannt
CCleaner Piriform 15.01.2011 3.02 notwendig
CDBurnerXP CDBurnerXP 21.12.2010 16,2MB 4.3.8.2474 notwendig
Compatibility Pack for the 2007 Office system Microsoft Corporation 09.11.2010 264MB 12.0.6425.1000 notwendig
Crysis(R) Electronic Arts 06.02.2010 2.462MB 1.00.0000 notwendig
Der Stein der Weisen 05.01.2010 notwendig
Die Sims 2 31.07.2010 notwendig
Die Sims 2: Nightlife 31.07.2010 notwendig
Die Sims 2: Wilde Campus-Jahre 31.07.2010 notwendig
Die Sims™ 2 Apartment-Leben Electronic Arts 31.07.2010 notwendig
Die Sims™ 2 Freizeit-Spaß Electronic Arts 31.07.2010 notwendig
Die Sims™ 2 Gute Reise Electronic Arts 31.07.2010 notwendig
Die Sims™ 2 Haustiere 31.07.2010 notwendig
Die Sims™ 2 Vier Jahreszeiten 31.07.2010 notwendig
Die Sims™ 3 Electronic Arts 26.12.2010 1.18.9 notwendig
Die Sims™ 3 Late Night Electronic Arts 26.12.2010 6.1.11 notwendig
Die Sims™ 3 Reiseabenteuer Electronic Arts 25.03.2010 2.6.11 notwendig
Die Sims™ 3 Traumkarrieren Electronic Arts 26.07.2010 4.2.32 notwendig
DivX-Setup DivX, Inc. 29.06.2010 1.0.2.22 notwendig
Drakensang - Am Fluss der Zeit dtp 12.08.2010 notwendig
Drakensang - Am Fluss der Zeit - DEMO dtp 08.08.2010 3.035MB notwendig
EA Download Manager Electronic Arts, Inc. 02.01.2011 7.2.0.32 notwendig
Empire Earth 04.04.2010 notwendig
Euro-Fahrschule 2010 UNKNOWN 12.04.2010 1.0 notwendig
Express Gate Updater DeviceVM 06.07.2009 5,16MB 1.1.1.2 unbekannt
FIFA 08 Electronic Arts 21.01.2010 3.956MB 1.0.1.1 unnötig
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 03.10.2010 8,11MB notwendig
Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 03.10.2010 32,1MB notwendig
FreeStar Burner-DVD Software 1.0.2 FreeStar, Org. 21.12.2010 1.0.2 notwendig
Futuremark SystemInfo Futuremark Corporation 07.07.2009 3.20.1.2 unbekannt
GameSpy Comrade GameSpy 06.02.2010 19,0MB 1.5.0.156 unbekannt
GIMP 2.6.7 12.09.2009 unnötig
Gothic 3 Gold JoWooD 06.11.2010 3.229MB 1.0.0 notwendig
GUILD WARS 06.02.2010 notwendig
Hercules Webcam Deluxe Hercules 04.12.2009 3.2.2.5 notwendig
Hercules Webcam Station Evolution SE Hercules 04.12.2009 3.2.2.5 notwendig
Host OpenAL (ADI) 20.11.2009 unbekannt
ICQ7 ICQ 27.02.2010 7.0 notwendig
Intel® Matrix Storage Manager Intel Corporation 20.11.2009 notwendig
iTunes Apple Inc. 20.12.2010 145,7MB 10.1.1.4 notwendig
Java(TM) 6 Update 23 Sun Microsystems, Inc. 14.08.2009 95,0MB 6.0.230 notwendig
Kaminfeuer Titanium Edition II 12.12.2010 unnötig
Malwarebytes' Anti-Malware Malwarebytes Corporation 15.01.2011 10,5MB notwendig
Marvell Miniport Driver Marvell 20.11.2009 10.22.4.3 unbekannt
McAfee Security Scan Plus McAfee, Inc. 03.08.2010 8,30MB 2.0.181.2 unnötig
Microsoft .NET Framework 1.1 Microsoft 06.02.2010 34,8MB 1.1.4322 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.11.2010 38,8MB 4.0.30319 notwendig
Microsoft Office Home and Student 2007 Microsoft Corporation 21.11.2009 12.0.6425.1000 notwendig
Microsoft Office Word Viewer 2003 Microsoft Corporation 09.11.2010 86,4MB 11.0.8173.0 notwendig
Microsoft Silverlight Microsoft Corporation 19.12.2010 148,8MB 4.0.51204.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 29.07.2009 0,25MB 8.0.50727.4053 notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.11.2010 2,38MB 8.0.56336 notwendig
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.07.2009 0,69MB 8.0.56336 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 13.09.2009 0,19MB 9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.09.2009 0,58MB 9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 27.03.2010 0,58MB 9.0.30729.4148 notwendig
Microsoft WSE 3.0 Runtime Microsoft Corp. 16.07.2009 0,92MB 3.0.5305.0 notwendig
Mozilla Firefox (3.6.13) Mozilla 10.12.2010 3.6.13 (de) notwendig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 06.07.2009 1,28MB 4.20.9870.0 notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,33MB 4.20.9876.0 notwendig
MyPhoneExplorer F.J. Wechselberger 20.11.2009 1.7.3 unnötig
Nero 7 Essentials Nero AG 06.07.2009 2.640MB 7.03.1151 notwendig
NVIDIA GAME System Software 2.8.1 NVIDIA Corporation 01.08.2010 5,72MB 2.8.1 notwendig
NVIDIA PhysX NVIDIA Corporation 11.11.2009 119,8MB 9.09.0203 notwendig
OpenAL 20.11.2009 unbekannt
Picasa 3 Google, Inc. 20.11.2010 3.8 notwendig
PunkBuster Services Even Balance, Inc. 06.02.2010 0.986 unbekannt
QuickTime Apple Inc. 12.12.2010 73,7MB 7.69.80.9 notwendig
Risen Deep Silver 11.11.2009 1.00.0000 notwendig
SAMSUNG Android USB Modem Software 25.12.2009 notwendig
SAMSUNG Mobile Composite Device Software 25.12.2009 notwendig
Samsung Mobile Modem Device Software 25.12.2009 notwendig
SAMSUNG Mobile Modem Driver Set 25.12.2009 notwendig
SAMSUNG Mobile Modem V2 Software 25.12.2009 notwendig
Samsung Mobile phone USB driver Drive Software 27.02.2010 notwendig
Samsung Mobile phone USB driver Software 25.12.2009 notwendig
SAMSUNG Mobile USB Device SAMSUNG 25.12.2009 0,13MB 1.00.0000 notwendig
SAMSUNG Mobile USB Download Driver Software 25.12.2009 notwendig
SAMSUNG Mobile USB Modem 1.0 Software 25.12.2009 notwendig
Samsung Mobile USB Modem Device Software 25.12.2009 notwendig
SAMSUNG Mobile USB Modem Software 25.12.2009 notwendig
Samsung New PC Studio Samsung Electronics Co., Ltd. 25.12.2009 259MB 1.00.0000 notwendig
Samsung New PC Studio USB Driver Installer Samsung Electronics Co., Ltd. 27.02.2010 8,50MB 1.00.0000 notwendig
SAMSUNG USB Mobile Device Software 25.12.2009 notwendig
Sherlock Holmes jagt Jack the Ripper Frogwares 01.08.2010 1.00.0777 notwendig
SoundMAX Analog Devices 06.07.2009 6.10.2.6480 notwendig
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 06.07.2009 29,7MB 9.0.0 notwendig
The Witcher CD Projekt Red 08.08.2009 1.00.0000 notwendig
Uniblue RegistryBooster Uniblue Systems Ltd 21.12.2010 16,8MB unbekannt
Uninstall 1.0.0.1 03.10.2010 10,6MB unbekannt
VirtualCom driver ait 25.12.2009 0,41MB 1.0.0 unbekannt
VLC media player 1.0.1 VideoLAN Team 20.11.2009 1.0.1 notwendig
vShare Plugin 01.11.2010 unbekannt
Vuze Vuze Inc. 15.01.2010 notwendig
Warcraft III 29.05.2010 notwendig
Warcraft III: All Products 29.05.2010 notwendig
Windows Media Player Firefox Plugin Microsoft Corp 31.07.2009 0,29MB 1.0.0.8 notwendig
WinRAR archiver 20.11.2009 notwendig
Xtra Controller Hercules 04.12.2009 3.2.2.1 notwendig
Zoo Tycoon: Complete Collection 22.12.2009 notwendig
|
|
16.01.2011, 18:24
| #10 |
| /// Malware-holic | itunes Account gehackt? deinstaliere: 3DMark06 Adobe Reader 9 ersetzen: Adobe - Adobe Reader herunterladen - Alle Versionen bitte den mcafee security scan nicht mit instalieren. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere: Ask Toolbar Bonjour FIFA 08 Futuremark GIMP Kaminfeuer McAfee Security Scan MyPhoneExplorer Uniblue bereinige dann dateien + registry.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2011, 18:55
| #11 |
| | itunes Account gehackt? habe alles nach anleitung deinstalliert und adobe neu installiert. weitere vorschläge? |
|
16.01.2011, 19:18
| #12 |
| /// Malware-holic | itunes Account gehackt? ja immer mit der ruhe :-) avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig. den update auftrag auf 1x pro tag einstellen. und "nachhohlen falls zeit überschritten" auswählen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2011, 21:20
| #13 |
| | itunes Account gehackt? hi, alles gemacht. antivir hat 0 fehler gefunden. anbei log. Code:
ATTFilter Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 16. Januar 2011 20:36 Es wird nach 2371662 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : A. Meyer Computername : AMEYER-PC Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 12:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 11:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 18:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 19:16:07 VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 19:16:08 VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 19:16:08 VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 19:16:08 VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 19:16:08 VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 19:16:08 VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 19:16:09 VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 19:16:09 VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 19:16:09 VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 19:16:09 VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 19:16:09 VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 19:16:09 VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 19:16:10 VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 19:16:11 VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 19:16:12 VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 19:16:12 VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 19:16:13 VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 19:16:14 VBASE019.VDF : 7.11.1.5 148480 Bytes 03.01.2011 19:16:15 VBASE020.VDF : 7.11.1.37 156672 Bytes 07.01.2011 19:16:16 VBASE021.VDF : 7.11.1.65 140800 Bytes 10.01.2011 19:16:18 VBASE022.VDF : 7.11.1.87 225280 Bytes 11.01.2011 19:16:20 VBASE023.VDF : 7.11.1.124 125440 Bytes 14.01.2011 19:16:20 VBASE024.VDF : 7.11.1.125 2048 Bytes 14.01.2011 19:16:20 VBASE025.VDF : 7.11.1.126 2048 Bytes 14.01.2011 19:16:20 VBASE026.VDF : 7.11.1.127 2048 Bytes 14.01.2011 19:16:21 VBASE027.VDF : 7.11.1.128 2048 Bytes 14.01.2011 19:16:21 VBASE028.VDF : 7.11.1.129 2048 Bytes 14.01.2011 19:16:21 VBASE029.VDF : 7.11.1.130 2048 Bytes 14.01.2011 19:16:21 VBASE030.VDF : 7.11.1.131 2048 Bytes 14.01.2011 19:16:21 VBASE031.VDF : 7.11.1.146 67072 Bytes 16.01.2011 19:16:21 Engineversion : 8.2.4.140 AEVDF.DLL : 8.1.2.1 106868 Bytes 16.01.2011 19:16:41 AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 16.01.2011 19:16:40 AESCN.DLL : 8.1.7.2 127349 Bytes 16.01.2011 19:16:37 AESBX.DLL : 8.1.3.2 254324 Bytes 16.01.2011 19:16:43 AERDL.DLL : 8.1.9.2 635252 Bytes 16.01.2011 19:16:37 AEPACK.DLL : 8.2.4.7 512375 Bytes 16.01.2011 19:16:35 AEOFFICE.DLL : 8.1.1.10 201084 Bytes 16.01.2011 19:16:33 AEHEUR.DLL : 8.1.2.64 3154294 Bytes 16.01.2011 19:16:33 AEHELP.DLL : 8.1.16.0 246136 Bytes 16.01.2011 19:16:25 AEGEN.DLL : 8.1.5.1 397683 Bytes 16.01.2011 19:16:24 AEEMU.DLL : 8.1.3.0 393589 Bytes 16.01.2011 19:16:23 AECORE.DLL : 8.1.19.0 196984 Bytes 16.01.2011 19:16:22 AEBB.DLL : 8.1.1.0 53618 Bytes 16.01.2011 19:16:22 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 11:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 11:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 16:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 12:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 12:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 12:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 09:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 12:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 15:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 14:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 14:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, F:, G:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 10 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PCK,+PFS, Beginn des Suchlaufs: Sonntag, 16. Januar 2011 20:36 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SoundTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WLanGUI.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NPSAgent.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NMBgMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IoctlSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WlanNetService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'aaCenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '451' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'D:\' Beginne mit der Suche in 'E:\' <Sims3EP03> Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'G:\' Der zu durchsuchende Pfad G:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Ende des Suchlaufs: Sonntag, 16. Januar 2011 21:18 Benötigte Zeit: 42:11 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 29091 Verzeichnisse wurden überprüft 803475 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 803475 Dateien ohne Befall 4313 Archive wurden durchsucht 0 Warnungen 0 Hinweise 39199 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
|
17.01.2011, 19:16
| #14 |
| | itunes Account gehackt? Hallo Markus, was kann ich noch tun ? |
|
17.01.2011, 19:24
| #15 |
| /// Malware-holic | itunes Account gehackt? übersehen, sorry. sieht alles gut aus bisher. Free ESET Online Antivirus Scanner eset online scan, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu itunes Account gehackt? |
| account, apple, berechtigt, bereits, beträge, gehackt, geld, glaube, itunes, phishing, schei |
Linear-Darstellung
