|
Log-Analyse und Auswertung: Opera/Firefox leitet falsch weiterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.07.2011, 17:10 | #1 |
| Opera/Firefox leitet falsch weiter Hallo leute, in letzter zeit hab ich es sehr häufig das opera, wie auch firefox auf so komische seiten weiterleiten, die ich gar nicht haben möchte, habe dazu hier schonmal nen thread gelesen aber konnte noch nichts rausfinden beim virendurchlauf von avira wurde nix angezeigt aber das ist auf jeden fall neu und stört ganz schön ich hatte mir mal otl geladen und so 2 files erstellen lassen, hier sind diese mal (mein name hab ich mal durch *** ersetzt, nicht wundern) OTL.txt OTL logfile created on: 16.07.2011 17:51:36 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\****\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,42% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 197,84 Gb Free Space | 42,49% Space Free | Partition Type: NTFS Drive D: | 285,77 Gb Total Space | 48,63 Gb Free Space | 17,02% Space Free | Partition Type: NTFS Drive E: | 12,32 Gb Total Space | 1,69 Gb Free Space | 13,68% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 429,89 Gb Free Space | 46,15% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (TuneUp.Defrag) -- C:\Windows\SysNative\TuneUpDefragService.exe (TuneUp Software GmbH) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software GmbH) SRV - (RtlService) -- C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (RealtekUSB) -- C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=749335a0000000000000001f1f1fd1ba&tlver=1.4.19.19&affID=17159 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=749335a0000000000000001f1f1fd1ba&tlver=1.4.19.19&affID=17159 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=749335a0000000000000001f1f1fd1ba&tlver=1.4.19.19&instlRef=sst&affID=17159&q=" FF - prefs.js..network.proxy.type: 2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.23 22:08:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.15 13:42:38 | 000,000,000 | ---D | M] [2010.07.05 23:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.07.06 21:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x4hse1q3.default\extensions [2011.06.19 20:44:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x4hse1q3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.26 16:51:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x4hse1q3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.06.19 20:44:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x4hse1q3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.05.11 19:13:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\x4hse1q3.default\extensions\ffxtlbr@babylon.com [2011.07.06 10:08:30 | 000,001,069 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\x4hse1q3.default\searchplugins\icqplugin.xml [2011.07.06 10:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.07.31 22:33:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 17:39:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.23 22:08:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.11 19:13:54 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.05.23 22:08:19 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.23 22:08:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.23 22:08:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.23 22:08:19 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Audio HD Driver = C:\Users\****\AppData\Roaming\LbVnofILLDb.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.16 17:47:30 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.07.15 21:42:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{A15E209D-D65C-48FC-84C3-25B3F6AEC0B6} [2011.07.14 22:59:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.07.14 10:42:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{DDB7A1A4-CD6D-431C-9471-4496BD5924DD} [2011.07.13 17:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.07.13 14:43:13 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.07.13 14:43:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.07.13 14:43:13 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.07.13 14:43:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.07.13 14:43:13 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.07.13 14:43:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.07.13 14:43:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.07.13 14:43:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.07.13 14:43:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.07.13 14:43:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.07.13 14:43:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.07.13 14:43:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.07.13 14:40:58 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.07.13 14:40:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.07.13 14:40:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.07.13 14:40:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 14:40:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 14:40:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 14:40:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.07.13 14:40:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 14:40:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 14:40:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 14:40:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.07.13 14:40:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.07.10 16:43:16 | 000,000,000 | ---D | C] -- C:\Windows\system64 [2011.07.09 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2011.07.09 18:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES [2011.07.08 21:12:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{6F5C6B52-0991-472F-AAC3-A1EDAAF44BEA} [2011.07.03 18:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra Entertainment [2011.07.03 18:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra Entertainment [2011.07.02 19:40:39 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Singularity [2011.07.02 19:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Singularity(TM) [2011.06.29 21:16:36 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.06.29 21:16:36 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.06.29 21:16:35 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.06.29 21:16:35 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.06.29 21:16:35 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.06.29 21:16:35 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.06.29 21:16:35 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.06.29 21:16:35 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.06.29 21:16:35 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.06.29 21:16:35 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.06.29 21:16:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll [2011.06.29 21:16:35 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.06.29 21:16:35 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.06.29 21:16:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.06.29 21:02:06 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.06.29 21:02:06 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.06.24 21:44:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Day 1 Studios [2011.06.24 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\SKIDROW [2011.06.24 21:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games [2011.06.24 21:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games [2011.06.24 11:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.06.24 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{32FBCEE2-1D5E-4953-859C-B13BB80ACCCC} [2011.06.23 22:16:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7C3FC76E-F4AB-483D-83CD-19EED1E70449} [2011.06.23 10:14:36 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{9AAB103A-7C6C-4B0E-9075-D7602D1287F1} [2011.06.22 11:52:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B1E4F642-D628-42AA-B563-EA4DE738F8F4} [2011.06.20 21:58:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{C9F626D7-A23B-4CA3-826D-CF8DC876CA05} [2011.06.19 21:28:42 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bink and Smacker [2011.06.19 21:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RADVideo [2011.06.19 21:04:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Nem's Tools [2011.06.19 21:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nem's Tools [2011.06.19 21:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools [2010.08.29 21:04:53 | 011,701,480 | ---- | C] (Arobas Music ) -- C:\Users\****\AppData\Roaming\setup.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.16 17:47:51 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2011.07.16 17:00:00 | 000,000,514 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.07.16 16:48:31 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.16 16:48:31 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.16 16:47:37 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.16 16:47:37 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.16 16:47:37 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.16 16:47:37 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.16 16:47:37 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.16 16:43:28 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2011.07.16 16:43:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.13 18:17:53 | 002,216,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 15:19:37 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2011.04.26 21:18:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.28 23:33:49 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe [2010.12.15 22:04:28 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.11.12 21:25:51 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.10.22 19:03:28 | 000,094,104 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.08.29 21:04:56 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\chrtmp [2010.08.24 23:09:06 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2010.08.22 21:26:09 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI [2010.08.10 21:45:19 | 000,000,185 | ---- | C] () -- C:\Windows\dievölkergold.ini [2010.07.05 23:30:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.06.02 12:23:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.04.22 23:48:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.04.21 07:18:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.19 13:32:01 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll [2010.04.19 13:32:01 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll [2010.04.19 13:21:22 | 000,007,168 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.14 16:48:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.04.14 15:27:19 | 000,000,094 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2010.04.13 21:34:38 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.13 21:22:21 | 000,007,671 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg [2010.04.13 16:30:09 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.03.08 00:31:42 | 000,004,096 | -H-- | C] () -- C:\Users\****\AppData\Local\keyfile3.drm [2010.03.02 01:44:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe ========== LOP Check ========== [2010.11.21 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock2 [2010.06.02 12:23:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited [2010.12.12 01:00:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro [2011.06.24 21:44:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Day 1 Studios [2011.03.09 13:42:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.06.25 17:43:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2010.04.17 23:45:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IN-MEDIAKG [2010.06.05 21:01:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\IrfanView [2010.04.17 23:45:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mresreg [2010.04.13 20:33:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2010.03.14 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite [2010.12.26 22:14:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\phonostar GmbH [2011.07.15 23:38:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\phonostar-Player [2011.05.11 20:21:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Rainmeter [2010.04.21 11:41:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SparweltGutschein [2010.12.25 23:57:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2010.03.13 20:04:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TuneUp Software [2011.04.26 23:13:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Tunngle [2010.12.26 00:59:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft [2010.05.31 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\XnView [2011.07.16 17:00:00 | 000,000,514 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2011.06.10 12:46:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > und der andere Extra.txt OTL Extras logfile created on: 16.07.2011 17:51:36 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\****\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,42% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 197,84 Gb Free Space | 42,49% Space Free | Partition Type: NTFS Drive D: | 285,77 Gb Total Space | 48,63 Gb Free Space | 17,02% Space Free | Partition Type: NTFS Drive E: | 12,32 Gb Total Space | 1,69 Gb Free Space | 13,68% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 429,89 Gb Free Space | 46,15% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .scr [@ = scrfile] -- "%1" /S "%3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software) .scr [@ = scrfile] -- "%1" /S "%3" ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S "%3" File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S "%3" txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}" = iTunes "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GCFScape_is1" = GCFScape 1.8.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R) "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III "{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{24ECFEDB-6CE0-48D0-8C34-EE4C5BC275BF}" = Die Völker Gold Edition "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 22 "{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R) "{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm "{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2 "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK USB Wireless LAN Driver and Utility "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}" = Gabbasoft Cube Demo "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Afterburner" = MSI Afterburner 1.4.1 "AVI Joiner_is1" = AVI Joiner "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AviSynth" = AviSynth 2.5 "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30 "F.E.A.R. 2: Project Origin" = F.E.A.R. 2: Project Origin "F.E.A.R. 3_is1" = F.E.A.R. 3 "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.2.15 "GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm "Guitar Pro 5_is1" = Guitar Pro 5.2 "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM) "InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "JDownloader" = JDownloader "Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2 "Messenger Plus!" = Messenger Plus! 5 "Messenger Plus! Live" = Messenger Plus! Live "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19) "ObjectDock" = ObjectDock "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "RADVideo" = RAD Video Tools "Rainmeter" = Rainmeter (remove only) "Reise zum Zentrum des Mondes" = Reise zum Zentrum des Mondes "RocketDock_is1" = RocketDock 1.3.5 "Steam App 104600" = Portal 2 - The Final Hours "Steam App 220" = Half-Life 2 "Steam App 380" = Half-Life 2: Episode One "Steam App 400" = Portal "Steam App 420" = Half-Life 2: Episode Two "Steam App 620" = Portal 2 "Steam App 629" = Portal 2 Authoring Tools - Beta "Steam App 70310" = VVVVVV Demo "SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009) "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ich hoffe es gibt jmd der mir dazu helfen kann MfG |
16.07.2011, 17:49 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Opera/Firefox leitet falsch weiter Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
16.07.2011, 19:43 | #3 |
| Opera/Firefox leitet falsch weiter Malwarebytes' Anti-Malware 1.51.1.1800
__________________www.malwarebytes.org Datenbank Version: 7163 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 16.07.2011 20:40:53 mbam-log-2011-07-16 (20-40-45).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173305 Laufzeit: 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Audio HD Driver (Backdoor.SpyNet) -> Value: Audio HD Driver -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) seltsam der audio driver wirds denke ich ja wohl kaum sein das ich da so komische probleme habe, aber vielleicht kann jmd von euch damit was anfagen^^ MfG |
16.07.2011, 20:43 | #4 |
| Opera/Firefox leitet falsch weiter Sry das war ja nurn quick scan, nochmal ein großer Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7163 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 16.07.2011 21:39:34 mbam-log-2011-07-16 (21-39-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 393105 Laufzeit: 50 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Audio HD Driver (Backdoor.SpyNet) -> Value: Audio HD Driver -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\electronic arts\battlefield bad company 2\rld-bbc2.exe (RiskWare.Tool.HCK) -> No action taken. c:\Users\****\Desktop\Ablage\anwendungen\adobe photoshop cs3\Crack\Keygen.exe (RiskWare.Tool.CK) -> No action taken. c:\Users\****\Desktop\Spiele\Games\battlefield.bad.company.2-reloaded\rld-bbc2\Crack\rld-bbc2.exe (RiskWare.Tool.HCK) -> No action taken. Battlefield 2 hab ich von nem Kumpel bekommen, vor nem Monat aber das Problem habe ich erst 2-3 Tage lang, so als Info. MfG |
17.07.2011, 17:38 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Opera/Firefox leitet falsch weiterZitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.07.2011, 19:03 | #6 |
| Opera/Firefox leitet falsch weiter Das cracks nicht gut sind ist mir bewusst, ist sonst irgendwas in registry o.ä. nicht in ordnung das es dazu führt das sich ständig falsche seiten öffnen, mit jedem brwoser? |
17.07.2011, 19:22 | #7 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Opera/Firefox leitet falsch weiterZitat:
Meine Aussage war klar, mach eine Neuinstallation
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Opera/Firefox leitet falsch weiter |
.dll, 0x00000001, adblock, alternate, backdoor.spynet, bho, c:\windows\system32\rundll32.exe, call of duty, cdburnerxp, converter, error, explorer, flash player, format, install.exe, jdownloader, nvidia, photoshop, plug-in, programme, registry, riskware.tool.ck, riskware.tool.hck, sched.exe, search the web, shell32.dll, shortcut, sierra, software, staropen, start menu, super, webcheck, windows |