Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner? Yahoo versendet Spam-Mails

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2011, 22:14   #1
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Ich habe heute bemerkt das mein Yahoo Account das 2-te mal schon SpamMails an alle meine Adressbucheinträge versendet. Ich habe Malwarebytes und Avira drüber laufen lassen aber es wird nix gefunden.
Was soll ich tun???

hier mein Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:02, on 04.04.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Users\Andi\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Ocs_SM] C:\Users\Andi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Grid] "C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\fusiontools\mfstart.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: hxxp://www.redshift.maris.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Andi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe


ach ja. . . .PW geändert. . aber selbst das dürfte doch das Prog. nicht davon abhalten oder?

Alt 05.04.2011, 15:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 05.04.2011, 17:15   #3
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo sendet Spam an Adressbucheinträge! 2-ter Anlauf



Ich habe heute bemerkt das mein Yahoo Account das 2-te mal schon SpamMails an alle meine Adressbucheinträge versendet. Ich habe Malwarebytes und Avira drüber laufen lassen aber es wird nix gefunden.
Was soll ich tun???

Folgende LOGs!OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.04.2011 17:35:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,80 Gb Total Space | 37,66 Gb Free Space | 42,40% Space Free | Partition Type: NTFS
Drive D: | 152,81 Gb Total Space | 89,41 Gb Free Space | 58,51% Space Free | Partition Type: NTFS
Drive G: | 80,08 Gb Total Space | 75,69 Gb Free Space | 94,52% Space Free | Partition Type: NTFS
Drive K: | 465,74 Gb Total Space | 187,14 Gb Free Space | 40,18% Space Free | Partition Type: exFAT
 
Computer Name: GRUNDI | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{038E0E55-9758-49A1-892D-5226FAED5395}" = CCC Help Italian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{12499C3D-9197-EF35-0499-2FD15F0B3750}" = CCC Help German
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1695F36D-6501-8139-FCC4-C8EAEDD8CEE0}" = CCC Help Polish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1C5509E5-0217-8D75-AE02-29F492990EC6}" = Catalyst Control Center HydraVision Full
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204F1BCA-E5C9-091E-797D-F1C89BC8EABC}" = CCC Help English
"{20AEA7B1-6155-44A2-B58E-430F2C9F4ABD}" = AMD OverDrive
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23D6C05C-E8BB-0812-7C96-33F0E25A6388}" = HydraVision
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2C85BCF9-4CD2-3428-F61F-DFC8120DA962}" = Catalyst Control Center Localization All
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EA290B-46FE-842B-570D-B7FD8DA524CE}" = CCC Help Finnish
"{36424AC9-1F0A-5F04-EE8A-AA67AFFF0E38}" = CCC Help Thai
"{37FF2633-E9CF-2BEA-07E5-5C7CEB95D19C}" = CCC Help Hungarian
"{3888AA11-8C88-75FE-C777-9091A30906F1}" = CCC Help Chinese Traditional
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FB5B60F-1DBE-4E41-D1B6-7725D2EB6C28}" = CCC Help Swedish
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{43787BBC-2502-F521-D190-4D0F3D3F577D}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-8006-0407-0002-0060B0CE6BBA}" = AutoCAD MEP 2010 - Deutsch
"{5783F2D7-8006-0407-1002-0060B0CE6BBA}" = AutoCAD MEP 2010 Language Pack - Deutsch
"{5783F2D7-8030-0409-0002-0060B0CE6BBA}" = AutoCAD Structural Detailing 2010
"{5783F2D7-8030-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5BA93046-491F-0DAF-BD71-6950CAB9C3B3}" = CCC Help Norwegian
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A1596D1-DD63-4938-9528-939B21EF3C27}" = ListLabel13_Redistributable
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D907623-DE58-4691-BB86-2E4F878BCDED}" = Extensions for ASD
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FA1BBE7-C9C9-A690-B02B-DA870D870C85}" = ccc-core-static
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A82B9-A40A-24B2-64D2-E94861E2394E}" = Catalyst Control Center Graphics Previews Common
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7C60408D-8FC1-4422-9566-773C07ACE757}" = TROX Easy Product Finder
"{7D2CD2B4-4AE7-6AB4-70CE-2520C1C9ABA9}" = ATI AVIVO Codecs
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8213E9E7-AFAF-79B8-DB19-F86FA9461F65}" = CCC Help Chinese Standard
"{826BAFB7-04F7-FADE-9498-ADBCEBFE1BDB}" = CCC Help Greek
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8792CEDD-7FFF-A9FC-430C-357D9277715D}" = Catalyst Control Center InstallProxy
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8B03690C-8D38-FE9D-7018-69217FC80377}" = CCC Help French
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D4E9553-BCEB-6FEC-2792-49957375B43D}" = CCC Help Spanish
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95C489A8-CB62-493C-8312-CA34ED2A3F12}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C93E320-6519-F9EB-9E3C-1D030D714262}" = ccc-utility
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CA76423-9C56-0E19-0FAC-29312B65387C}" = CCC Help Turkish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F15BE4B-F138-D323-3259-B64438DEB9AB}" = ATI Problem Report Wizard
"{A1F46482-7396-F8E7-305A-3D705A7118D2}" = CCC Help Portuguese
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A93F5A52-4BFB-FC4B-711B-A7DBF2D0B3D7}" = CCC Help Japanese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B365F570-2800-9F57-1E82-EC6F6C53BB3E}" = Catalyst Control Center Graphics Full Existing
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}" = Enemy Territory - Quake Wars(TM)
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C1505E9E-C2EF-71EE-2440-2A47F909C2ED}" = CCC Help Czech
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6B61052-2A15-1322-4EBD-1A8D6CCED0DA}" = CCC Help Russian
"{CAF9161C-0D5C-9C91-5A07-16C8AD61742B}" = Catalyst Control Center Graphics Full New
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5F587D9-7C72-F53B-5463-B05E781315E1}" = CCC Help Danish
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB61AE1-6C02-5388-EABD-35F872D95018}" = Catalyst Control Center Graphics Light
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1806FC2-13EE-A21F-F4A0-705D55BA47DE}" = Catalyst Control Center Core Implementation
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9DEC812-EF69-4ACB-9A15-C63605B59F2B}" = Kemper Dendrit 5.5 für CAD
"{FB366EEB-C608-0993-CB9E-54789A6107DC}" = Catalyst Control Center Graphics Previews Vista
"{FC3DCCA5-52FE-4BAB-B495-F3760767E4D1}" = O&O DiskRecovery
"{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8}" = Autodesk Design Review 2008
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE838287-9CFF-1C2F-C6C3-DD788F4BC761}" = ATI Catalyst Install Manager
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"AutoCAD MEP 2010 - Deutsch" = AutoCAD MEP 2010 - Deutsch
"AutoCAD MEP 2010 - Deutsch Version 3" = AutoCAD MEP 2010 - Deutsch Version 3
"AutoCAD Structural Detailing 2010" = AutoCAD Structural Detailing 2010
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8)
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MirandaFusion" = Miranda Fusion 3.0.14.0
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Nokia PC Suite" = Nokia PC Suite
"Opera 11.01.1190" = Opera 11.01
"Power Audio Extractor_is1" = Power Audio Extractor 3.6.1
"PunkBusterSvc" = PunkBuster Services
"SearchAnonymizer" = SearchAnonymizer
"Secure Eraser_is1" = Secure Eraser v3.2
"Square Privacy Cleaner Free_is1" = Square Privacy Cleaner Free v1.2
"streamWriter_is1" = streamWriter
"Teamspeak German" = Teamspeak German
"TeamViewer 6" = TeamViewer 6
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2011 22:53:57 | Computer Name = Grundi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 02.04.2011 23:02:58 | Computer Name = Grundi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4095,
Zeitstempel: 0x4d852c95 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000049 ID des fehlerhaften
Prozesses: 0x15ac Startzeit der fehlerhaften Anwendung: 0x01cbf1889726eca5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: e0c4b667-5d9e-11e0-89c6-002511218009
 
Error - 03.04.2011 01:01:08 | Computer Name = Grundi | Source = ESENT | ID = 482
Description = wuaueng.dll (1072) SUS20ClientDataStore: Versuch, in Datei "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb"
bei Offset 0 (0x0000000000000000) für 98304 (0x00018000) Bytes zu schreiben, ist
nach 0 Sekunden mit Systemfehler 112 (0x00000070): "Es steht nicht genug Speicherplatz
auf dem Datenträger zur Verfügung. " fehlgeschlagen. Fehler -1808 (0xfffff8f0) 
bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise
beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.
 
Error - 03.04.2011 11:01:45 | Computer Name = Grundi | Source = VSS | ID = 8194
Description = 
 
Error - 03.04.2011 11:02:58 | Computer Name = Grundi | Source = VSS | ID = 8194
Description = 
 
Error - 03.04.2011 11:23:17 | Computer Name = Grundi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.0.31,
Zeitstempel: 0x4c2a45d4 Name des fehlerhaften Moduls: DPXDownloadManagerPlugin.dll,
Version: 10.2.0.31, Zeitstempel: 0x4c2a4561 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00008ca7 ID des fehlerhaften Prozesses: 0xc38 Startzeit der fehlerhaften Anwendung:
0x01cbf212f3d50e1c Pfad der fehlerhaften Anwendung: C:\Program Files\DivX\DivX Plus
Player\DivX Plus Player.exe Pfad des fehlerhaften Moduls: C:\Program Files\DivX\DivX
Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll Berichtskennung: 4c96856c-5e06-11e0-89c6-002511218009
 
Error - 03.04.2011 11:28:34 | Computer Name = Grundi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 11.1.1190.0, 
Zeitstempel: 0x4d3fe4b1 Name des fehlerhaften Moduls: HydraGH.dll, Version: 4.2.14.0,
Zeitstempel: 0x4afa2a03 Ausnahmecode: 0x40000015 Fehleroffset: 0x00016afb ID des fehlerhaften
Prozesses: 0xbcc Startzeit der fehlerhaften Anwendung: 0x01cbf20e5095d20d Pfad der
fehlerhaften Anwendung: C:\Program Files\Opera\opera.exe Pfad des fehlerhaften Moduls:
C:\Program Files\ATI Technologies\HydraVision\HydraGH.dll Berichtskennung: 09855fad-5e07-11e0-89c6-002511218009
 
Error - 03.04.2011 17:05:39 | Computer Name = Grundi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.04.2011 11:42:35 | Computer Name = Grundi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.04.2011 12:06:28 | Computer Name = Grundi | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Media Center Events ]
Error - 08.10.2010 12:04:09 | Computer Name = Grundi | Source = MCUpdate | ID = 0
Description = 18:04:09 - Fehler beim Herstellen der Internetverbindung. 18:04:09 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 03.04.2011 12:29:27 | Computer Name = Grundi | Source = MCUpdate | ID = 0
Description = 18:29:27 - Fehler beim Herstellen der Internetverbindung. 18:29:27 
- Serververbindung konnte nicht hergestellt werden.. 
 
Error - 03.04.2011 12:29:37 | Computer Name = Grundi | Source = MCUpdate | ID = 0
Description = 18:29:32 - Fehler beim Herstellen der Internetverbindung. 18:29:32 
- Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 04.04.2011 10:58:24 | Computer Name = Grundi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
 
Error - 04.04.2011 15:54:24 | Computer Name = Grundi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
 
Error - 04.04.2011 16:40:54 | Computer Name = Grundi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 04.04.2011 16:41:39 | Computer Name = Grundi | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ewido security suite guard" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.04.2011 16:41:40 | Computer Name = Grundi | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ewido security suite control" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 04.04.2011 16:56:02 | Computer Name = Grundi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ewido security suite guard erreicht.
 
Error - 04.04.2011 17:25:16 | Computer Name = Grundi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 05.04.2011 01:49:51 | Computer Name = Grundi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
 
Error - 05.04.2011 11:05:51 | Computer Name = Grundi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-TV 878 BDA Driver" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1058
 
Error - 05.04.2011 11:30:23 | Computer Name = Grundi | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD External Events Utility" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.04.2011 17:35:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,80 Gb Total Space | 37,66 Gb Free Space | 42,40% Space Free | Partition Type: NTFS
Drive D: | 152,81 Gb Total Space | 89,41 Gb Free Space | 58,51% Space Free | Partition Type: NTFS
Drive G: | 80,08 Gb Total Space | 75,69 Gb Free Space | 94,52% Space Free | Partition Type: NTFS
Drive K: | 465,74 Gb Total Space | 187,14 Gb Free Space | 40,18% Space Free | Partition Type: exFAT
 
Computer Name: GRUNDI | User Name: Andi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.05 17:14:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
PRC - [2011.03.19 20:39:09 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.27 21:09:11 | 000,943,472 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.11.05 01:20:46 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.05 01:20:46 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.03.07 01:04:33 | 000,040,960 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.11 06:59:12 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.05 17:14:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.03.27 15:55:15 | 000,063,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL
MOD - [2010.03.27 15:55:11 | 003,780,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.06.10 23:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
MOD - [2009.02.09 03:13:57 | 000,043,160 | ---- | M] (Autodesk, Inc.) -- C:\Windows\System32\AcSignIcon.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.30 22:47:35 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.19 20:39:09 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.28 23:20:18 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.05 01:20:46 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.03.07 01:04:33 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Andi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2009.11.11 06:58:42 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.05 06:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Programme\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 20:39:09 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 22:01:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.03.06 20:53:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.11 07:34:10 | 005,092,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.10.13 10:14:30 | 001,872,320 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere MP(UVC)
DRV - [2009.10.07 08:48:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 08:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.28 15:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.03.17 12:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.12 03:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2006.04.04 19:29:56 | 000,086,016 | ---- | M] (DVB-TV Provide) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\878BDA.sys -- (878BDA)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 79 BB 8A FD AC CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.80
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.03.12 19:39:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 11:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.01 23:29:49 | 000,000,000 | ---D | M]
 
[2010.07.19 20:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Extensions
[2011.04.04 22:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\tx1w3adt.default\extensions
[2010.08.14 23:28:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\tx1w3adt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.04 22:04:17 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Andi\AppData\Roaming\mozilla\Firefox\Profiles\tx1w3adt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.03.29 20:37:28 | 000,000,947 | ---- | M] () -- C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\tx1w3adt.default\searchplugins\icqplugin.xml
[2011.01.06 20:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.23 18:38:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.06 20:24:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.12 19:39:07 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.13 15:19:33 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.13 15:19:33 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.13 15:19:33 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.13 15:19:33 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.13 15:19:33 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.12 23:47:01 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmPCIaudio] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Andi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Square Privacy Cleaner Free Startup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DriverScanner] File not found
O4 - HKCU..\Run: [Grid] C:\Program Files\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKCU..\Run: [Miranda Fusion] C:\Programme\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: maris.com ([www.redshift] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.17 22:34:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.08.17 14:48:16 | 000,000,040 | ---- | M] () - K:\autorun.inf -- [ exFAT ]
O33 - MountPoints2\{2ac95a14-381a-11df-b0f0-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{2ac95a14-381a-11df-b0f0-002511218009}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007.10.23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{95f4117b-02d6-11e0-9812-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{95f4117b-02d6-11e0-9812-002511218009}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{95f41181-02d6-11e0-9812-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{95f41181-02d6-11e0-9812-002511218009}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c24d1f27-2951-11df-b41a-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{c24d1f27-2951-11df-b41a-002511218009}\Shell\AutoRun\command - "" = F:\go.exe
O33 - MountPoints2\{ff749994-125e-11e0-b780-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{ff749994-125e-11e0-b780-002511218009}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.05 17:34:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.05 17:33:39 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.04.05 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.05 17:14:56 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Andi\Desktop\Erunt-setup.exe
[2011.04.05 17:14:56 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2011.04.05 17:14:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Andi\Desktop\TFC.exe
[2011.04.05 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{EB92A6D7-E2A6-4623-9591-F6F583050CB8}
[2011.04.04 22:41:37 | 000,000,000 | ---D | C] -- C:\Programme\ewido
[2011.04.04 22:04:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\QuickScan
[2011.04.04 16:59:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{178FCE02-457D-47DF-88EA-8E8FBFA7B9DE}
[2011.04.03 16:59:23 | 000,000,000 | ---D | C] -- C:\Programme\NoVirusThanks
[2011.04.03 16:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NoVirusThanks
[2011.04.02 18:57:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AnnettOptimale
[2011.04.02 09:00:00 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{71B92B79-4DEF-4D82-BE3C-29BB1222916E}
[2011.04.01 20:54:42 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{A358AB0F-44EC-42CB-BD2C-1ED1F728C9B3}
[2011.04.01 08:53:57 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{333A9AD0-09C5-42B9-867B-207CAE5F9D71}
[2011.03.12 21:00:40 | 000,000,000 | ---D | C] -- C:\Users\Andi\Documents\Aktenkoffer
[2011.03.12 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\PC Suite
[2011.03.12 19:39:37 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\Nokia
[2011.03.12 19:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011.03.12 19:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011.03.12 19:39:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2011.03.12 19:39:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.03.12 19:38:48 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2011.03.12 19:38:44 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.03.12 19:38:30 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.03.12 19:37:33 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011.03.12 19:37:30 | 000,000,000 | ---D | C] -- C:\Programme\Nokia
[2011.03.12 19:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.05 17:33:39 | 000,000,907 | ---- | M] () -- C:\Users\Andi\Desktop\NTREGOPT.lnk
[2011.04.05 17:33:39 | 000,000,888 | ---- | M] () -- C:\Users\Andi\Desktop\ERUNT.lnk
[2011.04.05 17:15:13 | 000,301,568 | ---- | M] () -- C:\Users\Andi\Desktop\g2m3e4r.exe
[2011.04.05 17:15:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Andi\Desktop\Erunt-setup.exe
[2011.04.05 17:15:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\TFC.exe
[2011.04.05 17:14:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andi\Desktop\OTL.exe
[2011.04.05 17:11:06 | 000,014,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.05 17:11:06 | 000,014,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.05 17:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.05 17:05:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.04.05 17:05:43 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.04 22:00:44 | 000,664,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.04 22:00:44 | 000,624,874 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.04 22:00:44 | 000,135,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.04 22:00:44 | 000,110,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.03 16:59:23 | 000,001,246 | ---- | M] () -- C:\Users\Andi\Desktop\Square Privacy Cleaner Free.lnk
[2011.04.01 23:29:49 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.03.27 18:15:54 | 000,111,812 | ---- | M] () -- C:\Users\Andi\Desktop\Ima-6tes.pdf
[2011.03.19 22:09:50 | 000,140,248 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.19 22:09:42 | 000,266,400 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.03.19 22:07:39 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.03.19 21:09:02 | 007,383,040 | ---- | M] () -- C:\Users\Andi\Documents\14.Somewhere over the Rainbow (Israel Kamakawiwo'Ole).mp3
[2011.03.19 20:39:09 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Andi\Desktop\Anleitung.html
[2011.03.12 20:48:25 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.03.12 19:58:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011.03.12 19:39:10 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.05 17:33:39 | 000,000,907 | ---- | C] () -- C:\Users\Andi\Desktop\NTREGOPT.lnk
[2011.04.05 17:33:39 | 000,000,888 | ---- | C] () -- C:\Users\Andi\Desktop\ERUNT.lnk
[2011.04.05 17:14:56 | 000,301,568 | ---- | C] () -- C:\Users\Andi\Desktop\g2m3e4r.exe
[2011.04.03 16:59:23 | 000,001,246 | ---- | C] () -- C:\Users\Andi\Desktop\Square Privacy Cleaner Free.lnk
[2011.03.27 18:15:54 | 000,111,812 | ---- | C] () -- C:\Users\Andi\Desktop\Ima-6tes.pdf
[2011.03.19 21:06:25 | 007,383,040 | ---- | C] () -- C:\Users\Andi\Documents\14.Somewhere over the Rainbow (Israel Kamakawiwo'Ole).mp3
[2011.03.17 17:41:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Andi\Desktop\Anleitung.html
[2011.03.12 20:48:25 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.03.12 19:58:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2011.03.12 19:39:10 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011.01.18 23:18:21 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.21 11:59:21 | 000,000,017 | ---- | C] () -- C:\Users\Andi\AppData\Local\resmon.resmoncfg
[2010.12.12 17:40:48 | 000,017,408 | ---- | C] () -- C:\Users\Andi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 17:05:12 | 000,002,629 | ---- | C] () -- C:\Windows\AHH.INI
[2010.06.19 16:20:30 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.06.05 23:10:30 | 000,000,296 | ---- | C] () -- C:\Windows\game.ini
[2010.06.03 17:40:34 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.05.25 21:45:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.22 07:39:00 | 000,552,960 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2010.05.22 07:39:00 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.05.22 07:38:41 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.05.22 07:38:41 | 000,000,154 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.05.21 19:09:16 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.02.17 12:24:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.14 12:37:21 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.14 12:37:21 | 000,138,056 | ---- | C] () -- C:\Users\Andi\AppData\Roaming\PnkBstrK.sys
[2010.02.14 12:36:55 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.02.14 12:36:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.14 06:23:03 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.14 00:34:28 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.02.13 23:54:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.10.07 08:24:22 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.09.01 22:55:54 | 000,195,855 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 10:47:43 | 000,664,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,135,064 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 001,755,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,874 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,512 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.11.24 09:23:44 | 000,416,704 | ---- | C] () -- C:\Windows\System32\EPD.dll
[2008.11.05 12:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008.11.05 12:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[1998.02.09 04:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\bw32000c.dll
[1998.02.09 04:00:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\bw320007.dll
[1998.02.09 03:00:00 | 001,073,152 | ---- | C] () -- C:\Windows\System32\owl53v.dll
 
========== LOP Check ==========
 
[2010.02.15 00:12:57 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ASCOMP Software
[2010.02.21 16:36:30 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Ashampoo
[2011.01.29 00:06:16 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Autodesk
[2011.02.01 18:26:02 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Azureus
[2010.06.21 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\bizarre creations
[2010.03.06 20:59:37 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\DAEMON Tools Lite
[2010.02.25 20:14:15 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\gtk-2.0
[2011.01.30 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ICQ
[2010.03.07 01:06:05 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ICQ-Tools.de
[2010.06.14 23:26:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\ImgBurn
[2011.03.31 00:23:56 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\IrfanView
[2010.05.29 18:46:36 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Leadertech
[2011.01.30 11:11:56 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Miranda
[2011.01.30 13:24:48 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Miranda Fusion
[2011.03.12 20:19:48 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Nokia
[2010.03.07 01:04:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\OCS
[2010.09.09 14:36:47 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Opera
[2011.03.12 19:58:46 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\PC Suite
[2010.11.18 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Power Audio Extractor
[2011.04.04 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\QuickScan
[2010.02.25 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\RawTherapeeAlpha
[2011.01.20 00:49:05 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\streamWriter
[2010.05.26 21:34:19 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Sytexis Software
[2010.12.25 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TeamViewer
[2010.03.22 21:03:27 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\TS3Client
[2010.08.27 12:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Uniblue
[2010.12.08 17:55:55 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Vodafone
[2010.10.18 22:10:28 | 000,000,000 | ---D | M] -- C:\Users\Andi\AppData\Roaming\Windows Live Writer
[2011.03.22 18:56:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.08.19 20:57:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.24 17:05:12 | 000,000,000 | ---D | M] -- C:\AHH
[2010.05.17 22:34:25 | 000,000,000 | ---D | M] -- C:\Autodesk
[2010.07.09 20:22:31 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.01.31 21:31:23 | 000,000,000 | ---D | M] -- C:\curl
[2010.05.08 13:02:32 | 000,000,000 | ---D | M] -- C:\divx
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.14 00:22:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.02.14 00:34:25 | 000,000,000 | ---D | M] -- C:\download
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.05 17:33:39 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.03 06:51:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.14 00:22:09 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.14 00:22:09 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.04 23:23:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.26 20:59:43 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.05 17:34:09 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-05 15:09:54
 
< End of report >
         
--- --- ---GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-05 18:05:53
Windows 6.1.7600 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38
Running: g2m3e4r.exe; Driver: C:\Users\Andi\AppData\Local\Temp\pgldqpog.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83251589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83276092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spux.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92604000, 0x2C21AE, 0xE8000020]
.text USBPORT.SYS!DllUnload 91434CA0 5 Bytes JMP 86FDF1D8 
.text ao3gqu9y.SYS 914B8000 12 Bytes [44, 38, 62, 83, EE, 36, 62, ...] {INC ESP; CMP [EDX-0x7d], AH; OUT DX, AL ; BOUND EAX, SS:[EBX-0x7c9de860]}
.text ao3gqu9y.SYS 914B800D 9 Bytes [17, 62, 83, 48, 3B, 62, 83, ...] {POP SS; BOUND EAX, [EBX-0x7c9dc4b8]; ADD [EAX], AL}
.text ao3gqu9y.SYS 914B8017 41 Bytes [00, DE, A7, F0, 83, E6, A5, ...]
.text ao3gqu9y.SYS 914B8041 128 Bytes [66, 27, 83, 60, 65, 27, 83, ...]
.text ao3gqu9y.SYS 914B80C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ... 
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0xA8203400, 0x82482, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A3420] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA82A3420]
.protectÿÿÿÿhardlockunknown last code section [0xA82A3200, 0x5105, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0xA82A3200, 0x5105, 0xE0000020]
PAGE peauth.sys A82DEE20 70 Bytes JMP 88DDE88F 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Windows Live\Family Safety\fsssvc.exe[1940] ADVAPI32.dll!RegOpenKeyExA 7732BC0D 5 Bytes JMP 00EE3E87 C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Windows Live Family Safety Service/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
Device \FileSystem\Ntfs \Ntfs 85D3F1F8
Device \FileSystem\fastfat \FatCdrom 8891E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{8EE16B67-72DD-48B0-B477-139AEDE338A2} 86F6E1F8
Device \Driver\volmgr \Device\VolMgrControl 85D3A1F8
Device \Driver\usbohci \Device\USBPDO-0 86FFA1F8
Device \Driver\usbohci \Device\USBPDO-1 86FFA1F8
Device \Driver\usbehci \Device\USBPDO-2 86FDD1F8
Device \Driver\usbohci \Device\USBPDO-3 86FFA1F8
Device \Driver\usbohci \Device\USBPDO-4 86FFA1F8
Device \Driver\usbehci \Device\USBPDO-5 86FDD1F8
Device \Driver\usbohci \Device\USBPDO-6 86FFA1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85D3A1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\USBSTOR \Device\00000071 86EDF1F8
Device \Driver\PCI_PNP1397 \Device\00000058 spux.sys
Device \Driver\USBSTOR \Device\00000072 86EDF1F8
Device \Driver\volmgr \Device\HarddiskVolume2 85D3A1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\cdrom \Device\CdRom0 86EA51F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85D3C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort0 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort1 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort2 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort3 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort4 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort5 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort6 85D3C1F8
Device \Driver\atapi \Device\Ide\IdePort7 85D3C1F8
Device \Driver\msahci \Device\Ide\PciIde2Channel0 85D3D1F8
Device \Driver\msahci \Device\Ide\PciIde2Channel1 85D3D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 85D3C1F8
Device \Driver\volmgr \Device\HarddiskVolume3 85D3A1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\NetBT \Device\NetBT_Tcpip_{89F77704-9C59-490F-805D-F05748BBAA87} 86F6E1F8
Device \Driver\cdrom \Device\CdRom1 86EA51F8
Device \Driver\sptd \Device\3877505398 spux.sys
Device \Driver\volmgr \Device\HarddiskVolume4 85D3A1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\volmgr \Device\HarddiskVolume5 85D3A1F8
 
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 
Device \Driver\NetBT \Device\NetBt_Wins_Export 86F6E1F8
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 86FFA1F8
Device \Driver\usbohci \Device\USBFDO-1 86FFA1F8
Device \Driver\usbehci \Device\USBFDO-2 86FDD1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{62B5A6E3-86D3-484E-B417-303A24253C5B} 86F6E1F8
Device \Driver\usbohci \Device\USBFDO-3 86FFA1F8
Device \Driver\usbohci \Device\USBFDO-4 86FFA1F8
Device \Driver\usbehci \Device\USBFDO-5 86FDD1F8
Device \Driver\usbohci \Device\USBFDO-6 86FFA1F8
Device \Driver\ao3gqu9y \Device\Scsi\ao3gqu9y1 86FAB1F8
Device \Driver\ao3gqu9y \Device\Scsi\ao3gqu9y1Port8Path0Target0Lun0 86FAB1F8
Device \FileSystem\fastfat \Fat 8891E500
 
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675f5441 
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675f5441@6cd68a91eb79 0x71 0xAD 0x52 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x19 0xCE 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0x9E 0x61 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0xDA 0x50 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675f5441 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675f5441@6cd68a91eb79 0x71 0xAD 0x52 0x71 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD7 0x19 0xCE 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x38 0x9E 0x61 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA8 0xDA 0x50 0x0E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545C91B5-C865-3750-E877-BCC29ABA1C31} 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545C91B5-C865-3750-E877-BCC29ABA1C31}@habjghbodfhmgedn 0x6A 0x61 0x64 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{545C91B5-C865-3750-E877-BCC29ABA1C31}@iahnebkonckcnccicl 0x6A 0x61 0x64 0x66 ...
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 05.04.2011, 18:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Warum machst du dazu einen neuen Strang auf?

http://www.trojaner-board.de/97149-t...pam-mails.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.04.2011, 18:53   #5
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Fande es unpassend es einfach darunter zu schreiben, weil ja des mit dem ersten Log von Hj nicht so ganz gewünscht war, aber das Problem besteht ja nach wie vor halt noch. Leider!


Alt 06.04.2011, 08:00   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
--> Trojaner? Yahoo versendet Spam-Mails

Alt 06.04.2011, 08:20   #7
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3906
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.04.2011 17:15:08
mbam-log-2011-04-02 (17-15-08).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 368876
Laufzeit: 2 hour(s), 43 minute(s), 20 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 06.04.2011, 10:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3906
02.04.2011 17:15:08



Mit diesem MBAM aus der Steinzeit wird das nichts

Bitte Malwarebytes updaten auf Version 1.50.11, klick solange auf den Updatebutton im Programm, bis keine Updates mehr gefunden werden.
Mach dann einen neuen Vollscan.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.04.2011, 16:33   #9
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6287

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.04.2011 17:31:49
mbam-log-2011-04-06 (17-31-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 342568
Laufzeit: 57 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Leider sagt das "Neue" auch nix Neues!

Alt 06.04.2011, 17:52   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Zitat:
[2011.04.04 22:41:37 | 000,000,000 | ---D | C] -- C:\Programme\ewido
Wann genau hast du das System mit ewido gescannt? Was wurde gefunden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.04.2011, 21:52   #11
tetris1986
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Kann micht nicht wirklich an das Programm erinnern, aber dort in dem Ordner sind nur 2 Dateien. . . eine "s.dat" und eine "t.dat" mehr nicht. . .wenn ich versuch das Program zu Downloaden sind sowieso alle Seiten Down bei mir
Aber bis jetzt hat mir kein Scan was zeigen können

Alt 06.04.2011, 22:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner? Yahoo versendet Spam-Mails - Standard

Trojaner? Yahoo versendet Spam-Mails



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.04.05 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{EB92A6D7-E2A6-4623-9591-F6F583050CB8}
[2011.04.04 22:41:37 | 000,000,000 | ---D | C] -- C:\Programme\ewido
[2011.04.04 22:04:25 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Roaming\QuickScan
[2011.04.04 16:59:27 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{178FCE02-457D-47DF-88EA-8E8FBFA7B9DE}
[2011.04.02 09:00:00 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{71B92B79-4DEF-4D82-BE3C-29BB1222916E}
[2011.04.01 20:54:42 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{A358AB0F-44EC-42CB-BD2C-1ED1F728C9B3}
[2011.04.01 08:53:57 | 000,000,000 | ---D | C] -- C:\Users\Andi\AppData\Local\{333A9AD0-09C5-42B9-867B-207CAE5F9D71}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.17 22:34:25 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.08.17 14:48:16 | 000,000,040 | ---- | M] () - K:\autorun.inf -- [ exFAT ]
O33 - MountPoints2\{2ac95a14-381a-11df-b0f0-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{2ac95a14-381a-11df-b0f0-002511218009}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007.10.23 09:45:40 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{95f4117b-02d6-11e0-9812-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{95f4117b-02d6-11e0-9812-002511218009}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{95f41181-02d6-11e0-9812-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{95f41181-02d6-11e0-9812-002511218009}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c24d1f27-2951-11df-b41a-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{c24d1f27-2951-11df-b41a-002511218009}\Shell\AutoRun\command - "" = F:\go.exe
O33 - MountPoints2\{ff749994-125e-11e0-b780-002511218009}\Shell - "" = AutoRun
O33 - MountPoints2\{ff749994-125e-11e0-b780-002511218009}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner? Yahoo versendet Spam-Mails
adobe, akamai, antivir, antivir guard, autorun, avg, avira, bho, bonjour, desktop, driverscanner, error, excel, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, logfile, mein log, monitor, mozilla, object, opera, pdf, problem, realtek, registry, rundll, scan, security, sekunden, server, software, spam-mail, spam-mails, sweetim, system, teamspeak, trojaner, trojaner?, windows



Ähnliche Themen: Trojaner? Yahoo versendet Spam-Mails


  1. Yahoo mail versendet mails zu meinen kontakten
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (37)
  2. Yahoo Account versendet Spam Mails unter .com Adresse
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (7)
  3. Yahoo Konto versendet Spam Mails
    Log-Analyse und Auswertung - 07.09.2014 (3)
  4. Mein Yahoo-Account versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (13)
  5. Yahoo Konto versendet Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 25.06.2014 (15)
  6. Yahoo Account versendet Spam. Trojaner-Verdacht. Windows 7 64bit
    Log-Analyse und Auswertung - 24.06.2014 (15)
  7. Yahoo versendet E-Mails trotz Passwortänderung
    Log-Analyse und Auswertung - 24.06.2014 (11)
  8. Yahoo Mailkonto versendet immer wieder Spam Mails, trotz Passwortwechsel
    Log-Analyse und Auswertung - 21.06.2014 (7)
  9. yahoo account meines Vaters versendet laut den Bekannten öfter Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 18.06.2014 (5)
  10. Yahoo versendet Spam Mails mit meinem Mail-Konto
    Log-Analyse und Auswertung - 09.06.2014 (15)
  11. Yahoo-Account versendet automatisch Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (7)
  12. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  13. Virus? Yahoo versendet Mails
    Plagegeister aller Art und deren Bekämpfung - 21.10.2012 (11)
  14. Trojaner? Yahoo-Mail versendet automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  15. Trojaner verschickt Spam-Mails aus meinem yahoo-Account
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (3)
  16. Yahoo-Mail Account versendet Spam Mails
    Log-Analyse und Auswertung - 25.05.2012 (10)
  17. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)

Zum Thema Trojaner? Yahoo versendet Spam-Mails - Ich habe heute bemerkt das mein Yahoo Account das 2-te mal schon SpamMails an alle meine Adressbucheinträge versendet. Ich habe Malwarebytes und Avira drüber laufen lassen aber es wird nix - Trojaner? Yahoo versendet Spam-Mails...
Archiv
Du betrachtest: Trojaner? Yahoo versendet Spam-Mails auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.