| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.07.2011, 13:41
| #1 |
| |  Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Hallo, ich hoffe ich bin hier richtig und mache auch alles richtig. Mein Problem ist folgendes: Seit 2 oder 3 Tagen öffnet Firefox, wenn er benutzt wird, in unregelmäßigen Abständen Tabs mit Werbung. Ist Firefox nicht geöffnet, öffnet sich der Internet Explorer mit eben dieser Werbung. Ich habe bereits einen Thread dazu hier gefunden, hier der Link: http://www.trojaner-board.de/100703-...bseite-um.html Aus diesem Thread habe ich auch rausgelesen das man mit OTL und GMER Logfiles machen soll, die hänge ich hier an. Die OTL.txt war zu groß, habe sie deshalb als .zip Datei angehangen. Falls noch Fragen sind beantworte ich sie, ich hoffe ich bekomme schnell Hilfe und habe nix falsch gemacht.  |
|
24.07.2011, 08:01
| #2 | |||
| /// Helfer-Team    | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. im Firefox: Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen. Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken. 2. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
3. Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken: System-Dateien und -Ordner unter XP und Vista sichtbar machen Am Ende unserer Arbeit, kannst wieder rückgängig machen! 4. → Lade Dir HJTscanlist.zip herunter → entpacke die Datei auf deinem Desktop → Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren → per Doppelklick starten → Wähle dein Betriebsystem aus - bei Win7 wähle Vista → Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen → Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren → Bitte kopiere den Inhalt hier in Deinen Thread. ** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten 5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 6. erneut einen Scan mit OTL:
Zitat:
Zitat:
kira
__________________ |
|
24.07.2011, 12:20
| #3 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Hallo kira, erstmal danke das du dir meine Probleme annimmst
__________________Punkt 1. Proxyserver ist auf "Kein Proxy" gestellt. 2. Malwarebytes Log hab ich nur eins von vorgestern, einen Quickscan, wo es auch einen Trojaner gefunden hat, was ich oben vergessen hab zu erwähnen und als es mir einfiel war die Editierzeit vorbei und Doppelpost ist ja verboten. Und einen Vollscan von gestern. Hier das erste Log von vorgestern mit Virus: (ich hoffe ich bekomm den Tag hin) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7234
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
22.07.2011 23:25:26
mbam-log-2011-07-22 (23-25-26).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170203
Laufzeit: 5 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7234
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
23.07.2011 18:24:30
mbam-log-2011-07-23 (18-24-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 320435
Laufzeit: 1 Stunde(n), 17 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Punkt 4. Log von HJTScanlist: Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.1.7601]
C:
C:\pagefile.sys ---------
C:\hiberfil.sys ---------
24.07.2011 04:04 C:\Program Files --------- 32768
24.07.2011 04:03 C:\System Volume Information --------- 32768
24.07.2011 04:01 C:\Windows --------- 32768
24.07.2011 03:51 C:\ProgramData --------- 8192
10.03.2011 16:43 C:\Boot --------- 4096
26.01.2011 19:19 C:\.rnd --------- 1024
05.01.2011 01:11 C:\test.log --------- 54204
20.11.2010 14:40 C:\bootmgr --------- 383786
18.11.2010 03:51 C:\ATI --------- 0
17.11.2010 21:56 C:\$Recycle.Bin --------- 0
17.11.2010 21:55 C:\Users --------- 4096
17.11.2010 21:53 C:\w7ldr --------- 171136
17.11.2010 21:52 C:\Recovery --------- 0
17.11.2010 21:45 C:\BOOTSECT.BAK --------- 8192
17.11.2010 21:45 C:\Boot.ini.saved --------- 469
17.11.2010 17:34 C:\IO.SYS --------- 0
17.11.2010 17:34 C:\MSDOS.SYS --------- 0
17.11.2010 17:29 C:\Boot.BAK --------- 325
14.07.2009 04:37 C:\PerfLogs --------- 0
10.06.2009 23:42 C:\autoexec.bat --------- 24
10.06.2009 23:42 C:\config.sys --------- 10
14.04.2008 00:01 C:\ntldr --------- 251712
13.04.2008 22:13 C:\NTDETECT.COM --------- 47564
23.08.2001 14:00 C:\bootfont.bin --------- 4952
----------------------------------------
C:\Windows
24.07.2011 12:46 C:\Windows\setupact.log --------- 21269
24.07.2011 12:45 C:\Windows\bootstat.dat --------- 67584
24.07.2011 12:49 C:\Windows\WindowsUpdate.log --------- 1491832
24.07.2011 03:58 C:\Windows\PFRO.log --------- 103144
24.07.2011 02:50 C:\Windows\ODBCINST.INI --------- 23
14.07.2011 18:36 C:\Windows\DirectX.log --------- 490352
20.04.2011 17:59 C:\Windows\IE9_main.log --------- 4591
12.04.2011 16:58 C:\Windows\AVMInstall.Log --------- 16437
12.04.2011 16:58 C:\Windows\avmacc.log --------- 8827
12.04.2011 16:58 C:\Windows\avmadd32.log --------- 2254
12.04.2011 16:58 C:\Windows\avmsetup.log --------- 6424
12.04.2011 16:58 C:\Windows\avmfwlanci.log --------- 19841
25.02.2011 07:30 C:\Windows\explorer.exe --------- 2616320
04.02.2011 02:26 C:\Windows\setuperr.log --------- 0
21.01.2011 22:13 C:\Windows\TADSUINS.EXE --------- 65536
12.12.2010 05:02 C:\Windows\iun6002.exe --------- 737280
20.11.2010 14:21 C:\Windows\twain_32.dll --------- 51200
20.11.2010 14:16 C:\Windows\bfsvc.exe --------- 65024
17.11.2010 21:48 C:\Windows\ativpsrm.bin --------- 0
28.10.2010 11:46 C:\Windows\RtlExUpd.dll --------- 1251944
14.07.2009 06:54 C:\Windows\win.ini --------- 403
14.07.2009 06:41 C:\Windows\WindowsShell.Manifest --------- 749
14.07.2009 03:14 C:\Windows\write.exe --------- 9216
14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728
14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232
14.07.2009 03:14 C:\Windows\regedit.exe --------- 398336
14.07.2009 03:14 C:\Windows\notepad.exe --------- 179712
14.07.2009 03:14 C:\Windows\hh.exe --------- 15360
14.07.2009 03:14 C:\Windows\HelpPane.exe --------- 497152
14.07.2009 03:14 C:\Windows\fveupdate.exe --------- 13824
14.07.2009 00:58 C:\Windows\mib.bin --------- 43131
17.06.2009 08:53 C:\Windows\atiogl.xml --------- 18333
10.06.2009 23:46 C:\Windows\system.ini --------- 219
10.06.2009 23:42 C:\Windows\_default.pif --------- 707
10.06.2009 23:42 C:\Windows\winhelp.exe --------- 256192
10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680
10.06.2009 23:41 C:\Windows\twain.dll --------- 94784
10.06.2009 23:34 C:\Windows\WMSysPr9.prx --------- 316640
10.06.2009 23:19 C:\Windows\msdfmap.ini --------- 1405
10.06.2009 23:14 C:\Windows\Ultimate.xml --------- 51867
10.06.2009 23:14 C:\Windows\Starter.xml --------- 48201
05.09.2008 03:01 C:\Windows\instwcli.dex --------- 480560
05.09.2008 03:01 C:\Windows\instwcli.inf --------- 12976
----------------------------------------
C:\Windows\System
13.07.2009 23:41 C:\Windows\System\OLESVR.DLL --------- 24064
13.07.2009 23:41 C:\Windows\System\WFWNET.DRV --------- 12704
13.07.2009 23:41 C:\Windows\System\COMMDLG.DLL --------- 32816
13.07.2009 23:41 C:\Windows\System\TIMER.DRV --------- 4048
13.07.2009 23:41 C:\Windows\System\MMSYSTEM.DLL --------- 68992
13.07.2009 23:41 C:\Windows\System\mmtask.tsk --------- 1152
13.07.2009 23:41 C:\Windows\System\mouse.drv --------- 2032
13.07.2009 23:41 C:\Windows\System\vga.drv --------- 2176
13.07.2009 23:41 C:\Windows\System\sound.drv --------- 1744
13.07.2009 23:41 C:\Windows\System\keyboard.drv --------- 2000
13.07.2009 23:41 C:\Windows\System\SHELL.DLL --------- 5120
13.07.2009 23:41 C:\Windows\System\system.drv --------- 3360
10.06.2009 23:42 C:\Windows\System\ver.dll --------- 9008
10.06.2009 23:42 C:\Windows\System\olecli.dll --------- 82944
10.06.2009 23:42 C:\Windows\System\lzexpand.dll --------- 9936
10.06.2009 23:25 C:\Windows\System\stdole.tlb --------- 5532
10.06.2009 23:21 C:\Windows\System\msvideo.dll --------- 126912
10.06.2009 23:21 C:\Windows\System\mciwave.drv --------- 28160
10.06.2009 23:21 C:\Windows\System\mciseq.drv --------- 25264
10.06.2009 23:21 C:\Windows\System\mciavi.drv --------- 73376
10.06.2009 23:21 C:\Windows\System\avifile.dll --------- 109456
10.06.2009 23:21 C:\Windows\System\avicap.dll --------- 69584
09.11.2007 06:10 C:\Windows\System\rtl8187B.sys --------- 288768
----------------------------------------
C:\Windows\System32
24.07.2011 12:51 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14016
24.07.2011 12:51 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14016
24.07.2011 12:46 C:\Windows\system32\config --------- 24576
24.07.2011 04:03 C:\Windows\system32\catroot2 --------- 20480
24.07.2011 03:59 C:\Windows\system32\FNTCACHE.DAT --------- 3742456
24.07.2011 03:39 C:\Windows\system32\heroglyph-protocol.txt --------- 3184
23.07.2011 01:12 C:\Windows\system32\drivers --------- 65536
23.07.2011 01:12 C:\Windows\system32\catroot --------- 4096
23.07.2011 01:12 C:\Windows\system32\DriverStore --------- 4096
22.07.2011 01:37 C:\Windows\system32\DRVSTORE --------- 0
14.07.2011 03:01 C:\Windows\system32\MRT.exe --------- 49089992
12.07.2011 17:47 C:\Windows\system32\wrap_oal.dll --------- 444952
12.07.2011 17:47 C:\Windows\system32\OpenAL32.dll --------- 109080
05.07.2011 14:23 C:\Windows\system32\perfh009.dat --------- 616682
05.07.2011 14:23 C:\Windows\system32\perfc009.dat --------- 107062
05.07.2011 14:23 C:\Windows\system32\perfh007.dat --------- 655842
05.07.2011 14:23 C:\Windows\system32\perfc007.dat --------- 130722
05.07.2011 14:23 C:\Windows\system32\PerfStringBackup.INI --------- 1498506
29.06.2011 01:17 C:\Windows\system32\Tasks --------- 4096
28.06.2011 16:03 C:\Windows\system32\initdebug.nfo --------- 45
18.06.2011 13:04 C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 404640
11.06.2011 21:04 C:\Windows\system32\jupdate-1.6.0_26-b03.log --------- 3886
11.06.2011 04:29 C:\Windows\system32\win32k.sys --------- 2334208
03.06.2011 08:01 C:\Windows\system32\winsrv.dll --------- 169984
03.06.2011 07:59 C:\Windows\system32\KernelBase.dll --------- 290816
03.06.2011 07:56 C:\Windows\system32\conhost.exe --------- 271872
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll --------- 4096
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll --------- 4096
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll --------- 4608
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll --------- 4096
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll --------- 4096
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll --------- 4096
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll --------- 3584
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll --------- 5120
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll --------- 3072
03.06.2011 07:47 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll --------- 3072
03.06.2011 05:48 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll --------- 3584
03.06.2011 05:48 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll --------- 3072
03.06.2011 05:48 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll --------- 4608
03.06.2011 05:48 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll --------- 6144
24.05.2011 23:44 C:\Windows\system32\OVDecode.dll --------- 59904
24.05.2011 23:44 C:\Windows\system32\OpenCL.dll --------- 51712
24.05.2011 23:43 C:\Windows\system32\amdocl.dll --------- 12798976
24.05.2011 19:14 C:\Windows\system32\MpSigStub.exe --------- 222080
24.05.2011 12:44 C:\Windows\system32\umpnpmgr.dll --------- 293376
14.05.2011 08:26 C:\Windows\system32\kernel32.dll --------- 868352
04.05.2011 06:34 C:\Windows\system32\tquery.dll --------- 1549312
04.05.2011 06:32 C:\Windows\system32\mssvp.dll --------- 666624
04.05.2011 06:32 C:\Windows\system32\mssrch.dll --------- 1401344
04.05.2011 06:32 C:\Windows\system32\mssphtb.dll --------- 197120
04.05.2011 06:32 C:\Windows\system32\mssph.dll --------- 337408
04.05.2011 06:32 C:\Windows\system32\msscntrs.dll --------- 59392
04.05.2011 06:28 C:\Windows\system32\SearchProtocolHost.exe --------- 164352
04.05.2011 06:28 C:\Windows\system32\SearchIndexer.exe --------- 427520
04.05.2011 06:28 C:\Windows\system32\SearchFilterHost.exe --------- 86528
04.05.2011 04:52 C:\Windows\system32\javaws.exe --------- 157472
04.05.2011 04:52 C:\Windows\system32\javaw.exe --------- 145184
04.05.2011 04:52 C:\Windows\system32\java.exe --------- 145184
04.05.2011 04:52 C:\Windows\system32\deployJava1.dll --------- 472808
03.05.2011 06:30 C:\Windows\system32\inetcomm.dll --------- 741376
27.04.2011 18:55 C:\Windows\system32\de-DE --------- 393216
25.04.2011 19:27 C:\Windows\system32\NDF --------- 0
23.04.2011 01:36 C:\Windows\system32\mshtml.dll --------- 12269056
23.04.2011 01:35 C:\Windows\system32\jscript9.dll --------- 1797632
23.04.2011 01:32 C:\Windows\system32\ieframe.dll --------- 9703936
23.04.2011 01:30 C:\Windows\system32\urlmon.dll --------- 1102336
23.04.2011 01:26 C:\Windows\system32\jscript.dll --------- 716800
23.04.2011 01:26 C:\Windows\system32\iertutil.dll --------- 1785344
23.04.2011 01:26 C:\Windows\system32\mshtmled.dll --------- 72704
23.04.2011 01:25 C:\Windows\system32\mshtml.tlb --------- 2382848
23.04.2011 01:24 C:\Windows\system32\ieui.dll --------- 176640
20.04.2011 18:00 C:\Windows\system32\migration --------- 0
20.04.2011 18:00 C:\Windows\system32\wbem --------- 65536
20.04.2011 18:00 C:\Windows\system32\en-US --------- 49152
20.04.2011 17:58 C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752
20.04.2011 17:58 C:\Windows\system32\msls31.dll --------- 161792
20.04.2011 17:58 C:\Windows\system32\wininet.dll --------- 1126912
20.04.2011 17:58 C:\Windows\system32\jsproxy.dll --------- 65024
20.04.2011 17:58 C:\Windows\system32\msrating.dll --------- 162304
20.04.2011 17:58 C:\Windows\system32\msfeedssync.exe --------- 10752
20.04.2011 17:58 C:\Windows\system32\msfeedsbs.dll --------- 41472
20.04.2011 17:58 C:\Windows\system32\IEAdvpack.dll --------- 110592
20.04.2011 17:58 C:\Windows\system32\ieakeng.dll --------- 130560
20.04.2011 17:58 C:\Windows\system32\SetIEInstalledDate.exe --------- 76800
20.04.2011 17:58 C:\Windows\system32\iesysprep.dll --------- 86528
20.04.2011 17:58 C:\Windows\system32\mshtmler.dll --------- 48640
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
24.07.2011 12:46 C:\Windows\Tasks\SA.DAT --------- 6
17.05.2011 12:56 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32640
----------------------------------------
C:\Windows\Temp
24.07.2011 12:46 C:\Windows\Temp\lpksetup-20110724-124617-0.log --------- 3500
24.07.2011 04:06 C:\Windows\Temp\fwtsqmfile01.sqm --------- 608
24.07.2011 03:59 C:\Windows\Temp\lpksetup-20110724-035932-0.log --------- 3500
23.07.2011 13:40 C:\Windows\Temp\fwtsqmfile00.sqm --------- 608
23.07.2011 12:49 C:\Windows\Temp\lpksetup-20110723-124916-0.log --------- 3500
22.07.2011 23:39 C:\Windows\Temp\History --------- 0
22.07.2011 23:39 C:\Windows\Temp\Cookies --------- 0
16.06.2011 02:53 C:\Windows\Temp\KB2478663_10.0.30319 --------- 0
16.06.2011 02:50 C:\Windows\Temp\KB2518870_10.0.30319 --------- 0
05.06.2011 21:00 C:\Windows\Temp\Temporary Internet Files --------- 0
15.04.2011 02:18 C:\Windows\Temp\KB2446708_10.0.30319 --------- 0
14.02.2011 01:50 C:\Windows\Temp\vmware-SYSTEM --------- 0
----------------------------------------
C:\Users\Matthias\AppData\Local\Temp
24.07.2011 12:51 C:\Users\Matthias\AppData\Local\Temp\jusched.log --------- 1424
24.07.2011 12:46 C:\Users\Matthias\AppData\Local\Temp\WPDNSE --------- 0
24.07.2011 04:01 C:\Users\Matthias\AppData\Local\Temp\07240401000006c46td34rh6gq --------- 0
24.07.2011 04:01 C:\Users\Matthias\AppData\Local\Temp\07240401000006c40z2z13il1d --------- 0
24.07.2011 04:01 C:\Users\Matthias\AppData\Local\Temp\07240401000006c46h5h5o4m8a --------- 0
24.07.2011 04:01 C:\Users\Matthias\AppData\Local\Temp\07240401000006c4fy68eqvw3j --------- 0
24.07.2011 04:00 C:\Users\Matthias\AppData\Local\Temp\07240400000006c4kb8nqwaofw --------- 0
24.07.2011 03:55 C:\Users\Matthias\AppData\Local\Temp\MessengerCache --------- 0
17.11.2010 21:56 C:\Users\Matthias\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0
----------------------------------------
C:\Program Files
24.07.2011 04:03 C:\Program Files\Windows Live --------- 4096
24.07.2011 03:51 C:\Program Files\Electronic Arts --------- 4096
24.07.2011 03:37 C:\Program Files\Common Files --------- 4096
24.07.2011 03:13 C:\Program Files\InstallShield Installation Information --------- 8192
23.07.2011 01:07 C:\Program Files\Microsoft.NET --------- 0
22.07.2011 23:18 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
22.07.2011 01:32 C:\Program Files\Internet Explorer --------- 4096
21.07.2011 04:00 C:\Program Files\JDownloader --------- 4096
16.07.2011 23:58 C:\Program Files\Winamp --------- 4096
16.07.2011 23:57 C:\Program Files\Winamp Detect --------- 0
14.07.2011 19:32 C:\Program Files\AMD APP --------- 0
12.07.2011 17:47 C:\Program Files\OpenAL --------- 0
29.06.2011 23:09 C:\Program Files\ICQ7.5 --------- 16384
29.06.2011 01:17 C:\Program Files\Ask.com --------- 4096
26.06.2011 17:30 C:\Program Files\Adobe --------- 0
21.06.2011 18:20 C:\Program Files\Mozilla Firefox --------- 40960
16.06.2011 02:57 C:\Program Files\Microsoft Silverlight --------- 4096
11.06.2011 21:04 C:\Program Files\Java --------- 4096
14.05.2011 17:13 C:\Program Files\SopCast --------- 4096
07.05.2011 20:37 C:\Program Files\Unleashed --------- 0
01.05.2011 12:46 C:\Program Files\WinRAR --------- 8192
26.04.2011 00:50 C:\Program Files\OO Software --------- 0
12.04.2011 16:58 C:\Program Files\avmwlanstick --------- 4096
16.03.2011 22:43 C:\Program Files\Yuna Software --------- 0
10.03.2011 16:38 C:\Program Files\Windows Mail --------- 4096
10.03.2011 16:38 C:\Program Files\Windows Sidebar --------- 4096
10.03.2011 16:38 C:\Program Files\DVD Maker --------- 4096
10.03.2011 16:38 C:\Program Files\Windows Portable Devices --------- 0
10.03.2011 16:38 C:\Program Files\Windows Media Player --------- 4096
10.03.2011 16:38 C:\Program Files\Windows Journal --------- 4096
10.03.2011 16:38 C:\Program Files\Windows Photo Viewer --------- 4096
10.03.2011 16:38 C:\Program Files\Windows Defender --------- 4096
05.02.2011 16:37 C:\Program Files\Elaborate Bytes --------- 0
05.02.2011 01:10 C:\Program Files\EA GAMES --------- 0
01.02.2011 15:34 C:\Program Files\MSXML 4.0 --------- 0
29.01.2011 21:54 C:\Program Files\Auslogics --------- 0
19.01.2011 03:41 C:\Program Files\WMV9_VCM --------- 4096
16.01.2011 17:21 C:\Program Files\CyberLink --------- 0
14.01.2011 18:55 C:\Program Files\Microsoft WSE --------- 0
12.01.2011 18:56 C:\Program Files\Trend Micro --------- 0
12.01.2011 16:23 C:\Program Files\Microsoft Games --------- 4096
09.01.2011 04:12 C:\Program Files\Call of Duty Modern Warfare 2 --------- 4096
21.12.2010 18:54 C:\Program Files\Epson Software --------- 0
21.12.2010 18:53 C:\Program Files\EPSON --------- 0
12.12.2010 05:03 C:\Program Files\Codec Pack - All In 1 --------- 4096
03.12.2010 01:50 C:\Program Files\Realtek --------- 0
18.11.2010 15:04 C:\Program Files\Pando Networks --------- 0
18.11.2010 03:52 C:\Program Files\ATI Technologies --------- 0
18.11.2010 03:52 C:\Program Files\ATI --------- 0
18.11.2010 02:04 C:\Program Files\System Control Manager --------- 4096
18.11.2010 01:57 C:\Program Files\Temp --------- 0
17.11.2010 21:52 C:\Program Files\Windows NT --------- 4096
17.11.2010 21:52 C:\Program Files\Gemeinsame Dateien --------- 0
17.11.2010 21:10 C:\Program Files\OpenOffice.org 3 --------- 4096
17.11.2010 21:08 C:\Program Files\CDBurnerXP --------- 8192
17.11.2010 20:50 C:\Program Files\Real --------- 0
17.11.2010 20:44 C:\Program Files\VideoLAN --------- 0
17.11.2010 20:44 C:\Program Files\IrfanView --------- 4096
17.11.2010 20:32 C:\Program Files\DivX --------- 4096
17.11.2010 19:33 C:\Program Files\Avira --------- 0
17.11.2010 19:12 C:\Program Files\Microsoft --------- 0
14.07.2009 06:53 C:\Program Files\Uninstall Information --------- 0
14.07.2009 06:52 C:\Program Files\MSBuild --------- 0
14.07.2009 06:52 C:\Program Files\Reference Assemblies --------- 0
14.07.2009 06:41 C:\Program Files\desktop.ini --------- 174
----------------------------------------
C:\ProgramData\..
Matthias
Public
All Users
Default User
Default
desktop.ini
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
ECHO ist ausgeschaltet (OFF).
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 11.804 K
smss.exe 280 Services 0 828 K
csrss.exe 548 Services 0 3.384 K
wininit.exe 624 Services 0 3.420 K
csrss.exe 636 Console 1 5.284 K
services.exe 684 Services 0 10.124 K
lsass.exe 692 Services 0 8.416 K
lsm.exe 700 Services 0 3.148 K
winlogon.exe 784 Console 1 4.656 K
svchost.exe 860 Services 0 7.052 K
svchost.exe 948 Services 0 5.940 K
atiesrxx.exe 996 Services 0 3.068 K
svchost.exe 1068 Services 0 17.240 K
svchost.exe 1124 Services 0 55.588 K
svchost.exe 1148 Services 0 25.064 K
audiodg.exe 1240 Services 0 14.892 K
svchost.exe 1296 Services 0 11.088 K
svchost.exe 1384 Services 0 10.308 K
atieclxx.exe 1440 Console 1 4.208 K
spoolsv.exe 1560 Services 0 10.584 K
sched.exe 1604 Services 0 1.568 K
svchost.exe 1624 Services 0 12.276 K
armsvc.exe 1776 Services 0 2.940 K
avguard.exe 1800 Services 0 88.148 K
WLanNetService.exe 1828 Services 0 5.332 K
E_S40ST7.EXE 1884 Services 0 2.760 K
E_S40RP7.EXE 1928 Services 0 2.292 K
MSIService.exe 1964 Services 0 3.772 K
avshadow.exe 2016 Services 0 3.356 K
conhost.exe 2036 Services 0 2.156 K
WmiPrvSE.exe 2112 Services 0 5.196 K
avwebgrd.exe 2408 Services 0 8.780 K
svchost.exe 2468 Services 0 3.712 K
TrustedInstaller.exe 2760 Services 0 6.488 K
svchost.exe 2828 Services 0 4.872 K
dwm.exe 3100 Console 1 26.068 K
explorer.exe 3192 Console 1 60.672 K
taskhost.exe 3208 Console 1 4.620 K
avgnt.exe 3356 Console 1 3.760 K
RtHDVCpl.exe 3396 Console 1 8.108 K
MGSysCtrl.exe 3420 Console 1 7.936 K
WLanGUI.exe 3500 Console 1 4.896 K
jusched.exe 3508 Console 1 3.464 K
Updater.exe 3528 Console 1 4.860 K
MOM.exe 3560 Console 1 3.880 K
unsecapp.exe 3588 Console 1 3.900 K
CCC.exe 3840 Console 1 5.236 K
svchost.exe 3976 Services 0 17.600 K
wmpnetwk.exe 2236 Services 0 4.592 K
svchost.exe 2788 Services 0 10.960 K
firefox.exe 1200 Console 1 117.000 K
mbamservice.exe 2000 Services 0 5.124 K
svchost.exe 2044 Services 0 6.944 K
cmd.exe 2980 Console 1 3.192 K
conhost.exe 2940 Console 1 4.428 K
dllhost.exe 2100 Console 1 3.924 K
tasklist.exe 3952 Console 1 4.256 K
WmiPrvSE.exe 2876 Services 0 4.868 K
***** Ende des Scans 24.07.2011 um 12:54:51,93 ***
Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 22.11.2010 6,00MB 10.1.102.64
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 17.06.2011 6,00MB 10.3.181.26
Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 25.06.2011 165,3MB 10.1.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 02.01.2011 11.5.9.615
ATI Catalyst Install Manager ATI Technologies, Inc. 13.07.2011 16,6MB 3.0.829.0
Auslogics BoostSpeed Auslogics Software Pty Ltd 28.01.2011 39,1MB 5.0
Avira AntiVir Personal - Free Antivirus Avira GmbH 29.06.2011 70,7MB 10.2.0.696
Avira SearchFree Toolbar plus WebGuard Ask.com 28.06.2011 3,64MB 1.12.2.0
AVM FRITZ!WLAN AVM Berlin 11.04.2011
Call of Duty Modern Warfare 2 08.01.2011
CCleaner Piriform 23.07.2011 3.08
CDBurnerXP CDBurnerXP 16.11.2010 11,9MB 4.3.7.2423
Codec Pack - All In 1 6.0.3.0 11.12.2010
CyberLink YouCam CyberLink Corp. 15.01.2011 254MB 4.0.0820
DivX-Setup DivX, Inc. 16.11.2010 2.1.2.2
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 20.12.2010 2.1.0.0
EPSON S21 Series Printer Uninstall SEIKO EPSON Corporation 20.12.2010
Epson Stylus S21_T21_T27 Handbuch 20.12.2010
HiJackThis Trend Micro 11.01.2011 0,36MB 1.0.0
ICQ7.5 ICQ 03.05.2011 7.5
IrfanView (remove only) Irfan Skiljan 01.02.2011 1,50MB 4.28
Java(TM) 6 Update 26 Oracle 16.11.2010 95,0MB 6.0.260
JDownloader AppWork UG (haftungsbeschränkt) 03.01.2011
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 21.07.2011 13,4MB 1.51.1.1800
Messenger Plus! 5 Yuna Software 15.03.2011 5.01.0.706
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.02.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.02.2011 2,94MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 15.06.2011 100,2MB 4.0.60531.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.07.2011 2,38MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.04.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 25.01.2011 4,31MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.01.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.11.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 19.04.2011 11,0MB 10.0.30319
Microsoft Windows Media Video 9 VCM 18.01.2011
Microsoft WSE 3.0 Runtime Microsoft Corp. 13.01.2011 0,92MB 3.0.5305.0
Mozilla Firefox 5.0 (x86 de) Mozilla 20.06.2011 32,5MB 5.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 31.01.2011 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 31.01.2011 1,33MB 4.20.9876.0
Need for Speed™ Most Wanted 04.02.2011
O&O DiskRecovery O&O Software GmbH 25.04.2011 15,4MB 7.0.6476
OpenAL 11.07.2011
OpenOffice.org 3.2 OpenOffice.org 16.11.2010 363MB 3.2.9502
Pando Media Booster Pando Networks Inc. 17.11.2010 5,47MB 2.3.4.8
Portal 2 06.05.2011
RealPlayer RealNetworks 01.02.2011
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 17.11.2010 6.0.1.6235
SopCast 3.3.2 www.sopcast.com 13.05.2011 3.3.2
System Control Manager Micro-Star International Co., Ltd. 17.11.2010 2.209.0629.004.07
VirtualCloneDrive Elaborate Bytes 04.02.2011
VLC media player 1.1.9 VideoLAN 19.04.2011 1.1.9
Winamp Nullsoft, Inc 15.07.2011 5.621
Winamp Erkennungs-Plug-in Nullsoft, Inc 15.07.2011 12,00KB 1.0.0.1
Windows Live Essentials Microsoft Corporation 16.11.2010 14.0.8117.0416
WinRAR 4.00 (32-Bit) win.rar GmbH 29.04.2011 4.00.0
Code:
ATTFilter OTL logfile created on: 24.07.2011 13:00:56 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,33% Memory free 6,00 Gb Paging File | 4,92 Gb Available in Paging File | 82,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 182,30 Gb Total Space | 124,39 Gb Free Space | 68,23% Space Free | Partition Type: NTFS Drive D: | 273,46 Gb Total Space | 164,25 Gb Free Space | 60,06% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.28 15:00:37 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.25 12:30:46 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011.06.21 18:20:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.03 07:56:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.29 19:20:58 | 002,064,384 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.09.05 03:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (SafeList) ========== MOD - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RealtekUSB) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.28 15:00:37 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.03.28 16:13:34 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.03.28 16:13:34 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.01.05 00:55:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.20 11:49:06 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) DRV - [2009.07.14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.09.05 03:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.04.25 13:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.24 03:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CE 78 F5 CF C3 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "207.62.217.252" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.17 20:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.22 01:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 02:51:45 | 000,000,000 | ---D | M] [2010.11.17 19:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2011.07.16 12:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions [2011.06.22 22:13:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.30 18:41:36 | 000,001,183 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\x992qtdr.default\searchplugins\4shared.xml [2011.06.11 21:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.17 19:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.02 14:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.24 16:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.11 21:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI [2011.06.21 18:20:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.01 12:48:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.01 12:48:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.01 12:48:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.01 12:48:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.01 12:48:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.01 12:48:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.25 18:10:31 | 000,000,827 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell - "" = AutoRun O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell - "" = AutoRun O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell\AutoRun\command - "" = 1 O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.24 12:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.07.24 12:56:12 | 003,216,552 | ---- | C] (Piriform Ltd) -- C:\Users\Matthias\Desktop\ccsetup308.exe [2011.07.24 12:53:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\hjtscanlist [2011.07.23 12:55:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.22 01:33:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.07.22 01:14:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\LevelR_Multi-Setup [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.07.14 19:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011.07.13 13:01:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011.07.13 13:01:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011.07.13 13:01:06 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.07.13 13:01:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 13:01:03 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.12 18:15:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2011.07.12 17:47:31 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2011.07.12 17:47:31 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2011.07.12 17:47:29 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.12 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011.06.29 12:02:15 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.06.29 12:02:15 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.29 12:02:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.29 12:02:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.29 12:02:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.29 12:02:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.29 01:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2011.06.28 16:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.26 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.24 12:56:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.24 12:56:13 | 003,216,552 | ---- | M] (Piriform Ltd) -- C:\Users\Matthias\Desktop\ccsetup308.exe [2011.07.24 12:51:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.24 12:51:04 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.24 12:45:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.24 12:45:46 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys [2011.07.24 03:59:04 | 003,742,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.24 02:50:42 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI [2011.07.23 14:37:37 | 000,017,725 | ---- | M] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:33 | 000,302,592 | ---- | M] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS [2011.07.15 02:44:29 | 000,006,144 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 17:47:29 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.05 14:23:22 | 000,655,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.05 14:23:22 | 000,616,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.05 14:23:22 | 000,130,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.05 14:23:22 | 000,107,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.28 16:03:04 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.24 12:56:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.23 14:37:37 | 000,017,725 | ---- | C] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:32 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001467.LCS [2011.06.28 16:03:03 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2011.06.26 17:30:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.03 15:57:31 | 000,017,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\WebpageIcons.db [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.28 16:04:45 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.28 16:04:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.03.10 16:26:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.03.10 16:24:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.06 04:07:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.01.31 19:11:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.01.31 19:11:12 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.26 20:44:53 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.01.21 22:13:39 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE [2010.12.21 18:53:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.12.21 18:53:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.12.21 18:53:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.12.21 18:53:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.12.21 18:53:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.12.21 18:53:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.12.21 18:53:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.12.21 18:53:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.12.21 18:53:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.12.21 18:53:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.12.21 18:53:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.12.21 18:53:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.12.21 18:53:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.12.21 18:53:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.12.21 18:53:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.12.08 14:54:01 | 000,375,185 | ---- | C] () -- C:\Windows\System32\fmtp.bin [2010.11.22 21:19:07 | 000,006,144 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 22:17:23 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2010.11.17 21:48:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 10:47:43 | 000,655,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,722 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,742,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,682 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe [2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.07.31 20:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.07.24 02:41:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Auslogics [2011.01.07 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe Limited [2011.02.21 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FireShot [2011.07.24 03:30:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2010.11.17 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010.11.28 03:53:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Need for Speed World [2010.12.05 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2011.07.17 13:42:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProtectDISC [2011.01.07 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\temp [2011.05.17 12:56:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:07BF512B < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.07.2011 13:00:56 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,33% Memory free
6,00 Gb Paging File | 4,92 Gb Available in Paging File | 82,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 182,30 Gb Total Space | 124,39 Gb Free Space | 68,23% Space Free | Partition Type: NTFS
Drive D: | 273,46 Gb Total Space | 164,25 Gb Free Space | 60,06% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EBA3B9-1DDD-4F5B-1E55-7999839059F3}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A102755-A455-B160-1EC1-46C9D05D41FB}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E3A4C4-6110-592E-6079-792C488037C3}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23048992-6A9E-EFC2-0E6B-FB36AE6CB432}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27B99944-C1E7-AAAD-FB1E-961F1D2C60EB}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{377A5CCF-2B1C-9339-4F3E-C3F4D9E522FC}" = CCC Help Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41BE1B2C-E523-3CF3-4575-66E6EEEEB096}" = CCC Help Russian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6056E2B9-D87C-3F7C-09AB-10237E8A17DF}" = ccc-utility
"{6227B8D5-2300-2822-742C-F16C751736B6}" = CCC Help Spanish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F7E7C9C-C036-AC6C-C683-2D42C2475C2F}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F223B5E-759D-11E0-A8F2-005056C00008}" = MSVCRT Redists
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89B3012D-FAED-2955-6885-317160B071DA}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3EBC6E-4DAD-8160-0E9C-42EF4FC85BBE}" = CCC Help Chinese Standard
"{8C46EB35-3DDA-4D2B-9104-5F305E4C9008}" = CCC Help Finnish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BE7E972-EF3A-F812-8D84-2E33F28F97D8}" = CCC Help Japanese
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92D74EE-683F-E46D-4A55-29389408437E}" = CCC Help Norwegian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B7F966D9-0433-3C5E-54F8-74517DC19BAA}" = CCC Help Korean
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C66C5ABB-3671-0FD7-29F5-17030A00B1FF}" = CCC Help Chinese Traditional
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D922789F-C0EB-6D4B-7447-8EB9BA16B931}" = CCC Help Czech
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE00E2A4-C5E3-0148-2BF3-C20FE04B7A5C}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E82BB34D-68C5-7E0D-F630-618BE2324BB3}" = CCC Help Italian
"{E9132E61-295C-4377-AF36-CDBE771B7F2D}" = O&O DiskRecovery
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BC5F17-1E81-1E90-7DAC-A5FCFC301324}" = CCC Help Thai
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB8AD901-3508-AE0C-151C-F6C5335E7EB0}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2(CREATED BY XEONKING©)
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX-Setup
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"OpenAL" = OpenAL
"Portal 2_is1" = Portal 2
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 06.05.2011 06:58:44 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 08:28:07 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 06.05.2011 08:28:08 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:41 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
< End of report >
Geändert von Alesana91 (24.07.2011 um 12:55 Uhr) Grund: Extras.txt vergessen und hinzugefügt |
|
25.07.2011, 07:21
| #4 | ||
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung unter 1. Hast Du aus Unwissenheit zugestimmt nehme ich an?: Zitat:
Info Hinweise zum Einsatz von Freeware-Version Avira AntiVir Personal: Hier klicken zum Weiterlesen: -> http://www.chip.de/news/AntiVir-Serv..._45444953.html Also kann deinstalliert werden! 2. Messenger Plus! Live: Zur Kategorie des Unsicheren gehört! Hast Du während der Installation der von Programm "zusätzlich" angebotenen Software abgewählt? Nämlich da neben der eigentlichen Software auch Adware -Programm wird (mit)installiert Wenn du unbedingt möchtest (nicht empfohlen, da es absolut nicht nötig ist und dein MSN davon nicht betroffen), kannst du nochmal installieren, aber alles genau durchlesen, und Partnerprogrammen, Sponsoren etc möglichst abwählen![/b][/size][/quote] Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen! Zitat:
3. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
25.07.2011, 12:40
| #5 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Zu 1. Ja, ich dachte halt, da es von Avira kam, das es sicher ist. Hinterher ist man immer schlauer. Ist nun entfernt. 2. Auch dies hab ich, bereits gestern, entfernt. Da ich MSN nicht mehr nutze. Für ICQ werde ich dann wohl lieber auf Miranda umsteigen. 3. Hier die Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 25.07.2011 13:33:15 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,63% Memory free 6,00 Gb Paging File | 4,93 Gb Available in Paging File | 82,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 182,30 Gb Total Space | 124,75 Gb Free Space | 68,43% Space Free | Partition Type: NTFS Drive D: | 273,46 Gb Total Space | 170,09 Gb Free Space | 62,20% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.21 18:20:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.03 07:56:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.29 19:20:58 | 002,064,384 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.09.05 03:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (SafeList) ========== MOD - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RealtekUSB) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.03.28 16:13:34 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.03.28 16:13:34 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.01.05 00:55:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.20 11:49:06 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) DRV - [2009.07.14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.09.05 03:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.04.25 13:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.24 03:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CE 78 F5 CF C3 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "207.62.217.252" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.17 20:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.22 01:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 02:51:45 | 000,000,000 | ---D | M] [2010.11.17 19:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2011.07.16 12:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions [2011.06.22 22:13:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.30 18:41:36 | 000,001,183 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\x992qtdr.default\searchplugins\4shared.xml [2011.06.11 21:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.17 19:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.02 14:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.24 16:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.11 21:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI [2011.06.21 18:20:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.01 12:48:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.01 12:48:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.01 12:48:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.01 12:48:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.01 12:48:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.01 12:48:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.03.25 18:10:31 | 000,000,827 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell\AutoRun\command - "" = F:\pushinst.exe O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell - "" = AutoRun O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell - "" = AutoRun O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell\AutoRun\command - "" = 1 O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.24 12:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.07.24 12:53:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\hjtscanlist [2011.07.23 12:55:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.22 01:33:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.07.22 01:14:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\LevelR_Multi-Setup [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.07.14 19:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011.07.13 13:01:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011.07.13 13:01:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011.07.13 13:01:06 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.07.13 13:01:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 13:01:03 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.12 18:15:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2011.07.12 17:47:31 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2011.07.12 17:47:31 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2011.07.12 17:47:29 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.12 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011.06.29 12:02:15 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.06.29 12:02:15 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.29 12:02:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.29 12:02:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.29 12:02:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.29 12:02:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.28 16:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.26 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.25 13:32:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.25 13:32:56 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.25 13:27:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.25 13:27:37 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys [2011.07.24 12:56:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.24 03:59:04 | 003,742,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.24 02:50:42 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI [2011.07.23 14:37:37 | 000,017,725 | ---- | M] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:33 | 000,302,592 | ---- | M] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS [2011.07.15 02:44:29 | 000,006,144 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 17:47:29 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.05 14:23:22 | 000,655,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.05 14:23:22 | 000,616,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.05 14:23:22 | 000,130,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.05 14:23:22 | 000,107,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.28 16:03:04 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.24 12:56:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.23 14:37:37 | 000,017,725 | ---- | C] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:32 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001467.LCS [2011.06.28 16:03:03 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2011.06.26 17:30:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.03 15:57:31 | 000,017,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\WebpageIcons.db [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.28 16:04:45 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.28 16:04:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.03.10 16:26:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.03.10 16:24:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.06 04:07:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.01.31 19:11:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.01.31 19:11:12 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.26 20:44:53 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.01.21 22:13:39 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE [2010.12.21 18:53:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.12.21 18:53:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.12.21 18:53:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.12.21 18:53:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.12.21 18:53:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.12.21 18:53:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.12.21 18:53:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.12.21 18:53:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.12.21 18:53:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.12.21 18:53:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.12.21 18:53:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.12.21 18:53:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.12.21 18:53:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.12.21 18:53:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.12.21 18:53:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.12.08 14:54:01 | 000,375,185 | ---- | C] () -- C:\Windows\System32\fmtp.bin [2010.11.22 21:19:07 | 000,006,144 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 22:17:23 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2010.11.17 21:48:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 10:47:43 | 000,655,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,722 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,742,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,682 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe [2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.07.31 20:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.07.24 02:41:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Auslogics [2011.01.07 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe Limited [2011.02.21 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FireShot [2011.07.24 14:40:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2010.11.17 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010.11.28 03:53:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Need for Speed World [2010.12.05 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2011.07.17 13:42:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProtectDISC [2011.01.07 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\temp [2011.05.17 12:56:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:07BF512B < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.07.2011 13:33:15 - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,63% Memory free
6,00 Gb Paging File | 4,93 Gb Available in Paging File | 82,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 182,30 Gb Total Space | 124,75 Gb Free Space | 68,43% Space Free | Partition Type: NTFS
Drive D: | 273,46 Gb Total Space | 170,09 Gb Free Space | 62,20% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EBA3B9-1DDD-4F5B-1E55-7999839059F3}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A102755-A455-B160-1EC1-46C9D05D41FB}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E3A4C4-6110-592E-6079-792C488037C3}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23048992-6A9E-EFC2-0E6B-FB36AE6CB432}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27B99944-C1E7-AAAD-FB1E-961F1D2C60EB}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{377A5CCF-2B1C-9339-4F3E-C3F4D9E522FC}" = CCC Help Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41BE1B2C-E523-3CF3-4575-66E6EEEEB096}" = CCC Help Russian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6056E2B9-D87C-3F7C-09AB-10237E8A17DF}" = ccc-utility
"{6227B8D5-2300-2822-742C-F16C751736B6}" = CCC Help Spanish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F7E7C9C-C036-AC6C-C683-2D42C2475C2F}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F223B5E-759D-11E0-A8F2-005056C00008}" = MSVCRT Redists
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89B3012D-FAED-2955-6885-317160B071DA}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3EBC6E-4DAD-8160-0E9C-42EF4FC85BBE}" = CCC Help Chinese Standard
"{8C46EB35-3DDA-4D2B-9104-5F305E4C9008}" = CCC Help Finnish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BE7E972-EF3A-F812-8D84-2E33F28F97D8}" = CCC Help Japanese
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92D74EE-683F-E46D-4A55-29389408437E}" = CCC Help Norwegian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B7F966D9-0433-3C5E-54F8-74517DC19BAA}" = CCC Help Korean
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C66C5ABB-3671-0FD7-29F5-17030A00B1FF}" = CCC Help Chinese Traditional
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D922789F-C0EB-6D4B-7447-8EB9BA16B931}" = CCC Help Czech
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE00E2A4-C5E3-0148-2BF3-C20FE04B7A5C}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E82BB34D-68C5-7E0D-F630-618BE2324BB3}" = CCC Help Italian
"{E9132E61-295C-4377-AF36-CDBE771B7F2D}" = O&O DiskRecovery
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BC5F17-1E81-1E90-7DAC-A5FCFC301324}" = CCC Help Thai
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB8AD901-3508-AE0C-151C-F6C5335E7EB0}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2(CREATED BY XEONKING©)
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX-Setup
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"OpenAL" = OpenAL
"Portal 2_is1" = Portal 2
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:28:40 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:28:40 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 06.05.2011 06:58:44 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 08:28:07 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 06.05.2011 08:28:08 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:41 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
< End of report >
|
|
26.07.2011, 06:20
| #6 |
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung 1. Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
FF - prefs.js..network.proxy.http: "207.62.217.252"
FF - prefs.js..network.proxy.http_port: 3128
[2011.01.02 14:52:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.24 16:51:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.11 21:04:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.01 12:48:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.01 12:48:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell - "" = AutoRun
O33 - MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell - "" = AutoRun
O33 - MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:07BF512B
:Commands
[purity]
[emptytemp]
2. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung |
|
26.07.2011, 12:35
| #7 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung So, hier erstmal das Fix Dokument: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "207.62.217.252" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ad5228-f287-11df-9a9e-001fcf402cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ad5228-f287-11df-9a9e-001fcf402cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ad5228-f287-11df-9a9e-001fcf402cb9}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52e193e5-1856-11e0-aedb-001fcf402cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52e193e5-1856-11e0-aedb-001fcf402cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52e193e5-1856-11e0-aedb-001fcf402cb9}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1612951-763e-11e0-96ef-81d18000a73c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1612951-763e-11e0-96ef-81d18000a73c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1612951-763e-11e0-96ef-81d18000a73c}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a421eb2f-3125-11e0-9742-aa70a61a625c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a421eb2f-3125-11e0-9742-aa70a61a625c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a421eb2f-3125-11e0-9742-aa70a61a625c}\ not found.
File 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae4e4014-1d8e-11e0-ab22-001fcf402cb9}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae4e40a2-1d8e-11e0-ab22-001fcf402cb9}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Matthias
->Temp folder emptied: 55106952 bytes
->Temporary Internet Files folder emptied: 7654685 bytes
->Java cache emptied: 1904985 bytes
->FireFox cache emptied: 47647738 bytes
->Flash cache emptied: 470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23298 bytes
RecycleBin emptied: 150680 bytes
Total Files Cleaned = 109,00 mb
OTL by OldTimer - Version 3.2.26.1 log created on 07262011_130100
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 26.07.2011 13:08:28 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,14% Memory free 6,00 Gb Paging File | 4,97 Gb Available in Paging File | 82,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 182,30 Gb Total Space | 124,61 Gb Free Space | 68,35% Space Free | Partition Type: NTFS Drive D: | 273,46 Gb Total Space | 170,09 Gb Free Space | 62,20% Space Free | Partition Type: NTFS Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.21 18:20:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.03 07:56:57 | 000,271,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.29 19:20:58 | 002,064,384 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.09.05 03:01:00 | 001,794,048 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanGUI.exe PRC - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WlanNetService.exe PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (SafeList) ========== MOD - [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (RealtekUSB) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.28 15:00:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.27 15:00:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.05.13 17:34:56 | 000,160,256 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.09.05 03:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.03.28 16:13:34 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.03.28 16:13:34 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.01.05 00:55:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.20 11:49:06 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.12 13:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) DRV - [2009.07.14 00:02:53 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.29 16:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.09.05 03:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007.04.25 13:50:02 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.24 03:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 CE 78 F5 CF C3 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matthias\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.11.17 20:50:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.22 01:32:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 02:51:45 | 000,000,000 | ---D | M] [2010.11.17 19:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2011.07.16 12:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions [2011.06.22 22:13:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\x992qtdr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.30 18:41:36 | 000,001,183 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\x992qtdr.default\searchplugins\4shared.xml [2011.07.26 13:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.11.17 19:24:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X992QTDR.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI [2011.06.21 18:20:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.01 12:48:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.01 12:48:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.01 12:48:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.01 12:48:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.03.25 18:10:31 | 000,000,827 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data] O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.26 13:01:00 | 000,000,000 | ---D | C] -- C:\_OTL [2011.07.24 12:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.07.24 12:53:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\hjtscanlist [2011.07.23 12:55:17 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.22 01:33:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.07.22 01:14:31 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Desktop\LevelR_Multi-Setup [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2011.07.16 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2011.07.14 19:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2011.07.13 13:01:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011.07.13 13:01:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011.07.13 13:01:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011.07.13 13:01:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011.07.13 13:01:06 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011.07.13 13:01:06 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.13 13:01:03 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.12 18:15:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2011.07.12 17:47:31 | 019,087,360 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2011.07.12 17:47:31 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2011.07.12 17:47:29 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.12 17:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL [2011.06.29 12:02:15 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.06.29 12:02:15 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.29 12:02:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.29 12:02:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.29 12:02:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.29 12:02:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.28 16:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.06.26 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe ========== Files - Modified Within 30 Days ========== [2011.07.26 13:07:33 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 13:07:33 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.26 13:02:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.26 13:02:19 | 2415,419,392 | -HS- | M] () -- C:\hiberfil.sys [2011.07.24 12:56:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.24 03:59:04 | 003,742,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.24 02:50:42 | 000,000,023 | ---- | M] () -- C:\Windows\ODBCINST.INI [2011.07.23 14:37:37 | 000,017,725 | ---- | M] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:33 | 000,302,592 | ---- | M] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.23 12:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Desktop\OTL.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001467.LCS [2011.07.15 02:44:29 | 000,006,144 | ---- | M] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.12 17:47:29 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.07.12 17:47:29 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.05 14:23:22 | 000,655,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.05 14:23:22 | 000,616,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.05 14:23:22 | 000,130,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.05 14:23:22 | 000,107,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.28 16:03:04 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2011.06.28 15:00:38 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.28 15:00:38 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2011.07.24 12:56:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.23 14:37:37 | 000,017,725 | ---- | C] () -- C:\Users\Matthias\Desktop\OTL.zip [2011.07.23 13:39:32 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\2gfx91q3.exe [2011.07.17 13:42:15 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001467.LCS [2011.06.28 16:03:03 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2011.06.26 17:30:42 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.03 15:57:31 | 000,017,408 | ---- | C] () -- C:\Users\Matthias\AppData\Local\WebpageIcons.db [2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.03.28 16:04:45 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.28 16:04:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.03.10 16:26:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.03.10 16:24:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.03.06 04:07:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.01.31 19:11:12 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011.01.31 19:11:12 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011.01.26 20:44:53 | 000,000,023 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.01.21 22:13:39 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE [2010.12.21 18:53:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.12.21 18:53:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.12.21 18:53:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.12.21 18:53:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.12.21 18:53:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.12.21 18:53:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.12.21 18:53:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.12.21 18:53:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.12.21 18:53:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.12.21 18:53:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.12.21 18:53:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.12.21 18:53:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.12.21 18:53:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.12.21 18:53:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.12.21 18:53:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.12.21 18:53:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.12.21 18:53:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.12.08 14:54:01 | 000,375,185 | ---- | C] () -- C:\Windows\System32\fmtp.bin [2010.11.22 21:19:07 | 000,006,144 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.17 22:17:23 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2010.11.17 21:48:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 10:47:43 | 000,655,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,722 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,742,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,682 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll [2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\Windows\System32\DivXsm.exe [2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll [2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll [2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll [2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll [2002.07.31 20:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2011.07.24 02:41:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Auslogics [2011.01.07 17:47:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Canneverbe Limited [2011.02.21 15:24:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FireShot [2011.07.26 02:05:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ [2010.11.17 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView [2010.11.28 03:53:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Need for Speed World [2010.12.05 22:16:57 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\OpenOffice.org [2011.07.17 13:42:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProtectDISC [2011.01.07 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\temp [2011.05.17 12:56:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.07.2011 13:08:28 - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Matthias\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 69,14% Memory free
6,00 Gb Paging File | 4,97 Gb Available in Paging File | 82,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 182,30 Gb Total Space | 124,61 Gb Free Space | 68,35% Space Free | Partition Type: NTFS
Drive D: | 273,46 Gb Total Space | 170,09 Gb Free Space | 62,20% Space Free | Partition Type: NTFS
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{026BAC3A-EE38-F6D5-17E4-A853C21A0433}" = Catalyst Control Center Graphics Previews Vista
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07EBA3B9-1DDD-4F5B-1E55-7999839059F3}" = CCC Help German
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A102755-A455-B160-1EC1-46C9D05D41FB}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E3A4C4-6110-592E-6079-792C488037C3}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23048992-6A9E-EFC2-0E6B-FB36AE6CB432}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27B99944-C1E7-AAAD-FB1E-961F1D2C60EB}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{377A5CCF-2B1C-9339-4F3E-C3F4D9E522FC}" = CCC Help Greek
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41BE1B2C-E523-3CF3-4575-66E6EEEEB096}" = CCC Help Russian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6056E2B9-D87C-3F7C-09AB-10237E8A17DF}" = ccc-utility
"{6227B8D5-2300-2822-742C-F16C751736B6}" = CCC Help Spanish
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6F7E7C9C-C036-AC6C-C683-2D42C2475C2F}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F223B5E-759D-11E0-A8F2-005056C00008}" = MSVCRT Redists
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89B3012D-FAED-2955-6885-317160B071DA}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3EBC6E-4DAD-8160-0E9C-42EF4FC85BBE}" = CCC Help Chinese Standard
"{8C46EB35-3DDA-4D2B-9104-5F305E4C9008}" = CCC Help Finnish
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BE7E972-EF3A-F812-8D84-2E33F28F97D8}" = CCC Help Japanese
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92D74EE-683F-E46D-4A55-29389408437E}" = CCC Help Norwegian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B7F966D9-0433-3C5E-54F8-74517DC19BAA}" = CCC Help Korean
"{B8FA4B2B-67A0-18D0-77DD-F08405016F37}" = ATI Catalyst Install Manager
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5A56170-0EEC-A6A2-7E06-14CEE439279A}" = ccc-core-static
"{C66C5ABB-3671-0FD7-29F5-17030A00B1FF}" = CCC Help Chinese Traditional
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1626BCB-9C3B-0E8F-853F-573180C42607}" = CCC Help English
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D922789F-C0EB-6D4B-7447-8EB9BA16B931}" = CCC Help Czech
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE00E2A4-C5E3-0148-2BF3-C20FE04B7A5C}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E82BB34D-68C5-7E0D-F630-618BE2324BB3}" = CCC Help Italian
"{E9132E61-295C-4377-AF36-CDBE771B7F2D}" = O&O DiskRecovery
"{ED387D9B-9B10-D971-6A8B-74F8094D4EA2}" = Catalyst Control Center Localization All
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BC5F17-1E81-1E90-7DAC-A5FCFC301324}" = CCC Help Thai
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB8AD901-3508-AE0C-151C-F6C5335E7EB0}" = CCC Help Turkish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2(CREATED BY XEONKING©)
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Setup.divx.com" = DivX-Setup
"EPSON S21 Series" = EPSON S21 Series Printer Uninstall
"Epson Stylus S21_T21_T27 Benutzerhandbuch" = Epson Stylus S21_T21_T27 Handbuch
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"OpenAL" = OpenAL
"Portal 2_is1" = Portal 2
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.3.2
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 08:38:11 | Computer Name = Matthias-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:24:13 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:28:40 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 23.07.2011 21:28:40 | Computer Name = Matthias-PC | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 06.05.2011 06:58:44 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 06:59:26 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.05.2011 08:28:07 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 06.05.2011 08:28:08 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 07.05.2011 06:48:26 | Computer Name = Matthias-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 07.05.2011 06:48:41 | Computer Name = Matthias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "RealtekUSB" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 07.05.2011 06:49:06 | Computer Name = Matthias-PC | Source = WMPNetworkSvc | ID = 866306
Description =
< End of report >
|
|
26.07.2011, 15:49
| #8 |
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung 1.
2. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ► Wie ist den aktuellen Zustand des Rechners?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
26.07.2011, 22:15
| #9 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung 1. Log von Super AntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/26/2011 at 05:37 PM
Application Version : 4.55.1000
Core Rules Database Version : 7460
Trace Rules Database Version: 5272
Scan type : Complete Scan
Total Scan Time : 00:41:22
Memory items scanned : 871
Memory threats detected : 0
Registry items scanned : 8744
Registry threats detected : 1
File items scanned : 28840
File threats detected : 12
Adware.Tracking Cookie
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@adfarm1.adition[1].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@ad.yieldmanager[2].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@tradedoubler[2].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@ad4.adfarm1.adition[1].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@ad2.adfarm1.adition[2].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[2].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@doubleclick[2].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@ad3.adfarm1.adition[1].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@content.yieldmanager[3].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@serving-sys[1].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@invitemedia[1].txt
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\matthias@adx.chip[2].txt
Rogue.PC-Cleaner
HKU\S-1-5-21-2156219674-339543255-3734980594-1000\Software\Invictus
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d84b6a402b7055418abe864d35d92cfe
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-26 06:23:17
# local_time=2011-07-26 08:23:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 16847630 16847630 0 0
# compatibility_mode=1797 16775165 100 94 449767 48228665 2983 0
# compatibility_mode=5893 16776573 100 94 18023 63326635 0 0
# compatibility_mode=8192 67108863 100 0 101 101 0 0
# scanned=102996
# found=1
# cleaned=1
# scan_time=9153
D:\Spiele Iso's\Die Sims 3 --Razor\rzr-sim3.iso möglicherweise Variante von Win32/Hupigon.CJKIBCX Trojaner (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d84b6a402b7055418abe864d35d92cfe
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-26 08:51:39
# local_time=2011-07-26 10:51:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 16860898 16860898 0 0
# compatibility_mode=1797 16775165 100 94 463035 48241933 16251 0
# compatibility_mode=5893 16776573 100 94 31291 63339903 0 0
# compatibility_mode=8192 67108863 100 0 13369 13369 0 0
# scanned=97220
# found=0
# cleaned=0
# scan_time=4808
Und wegen den Funden von AntiSpyware hab ich mal geschaut und endeckt das der Ordner "Cookies" unter dem Pfad aus dem Log NICHT existiert. |
|
27.07.2011, 07:56
| #10 | |
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit WerbungZitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
27.07.2011, 10:20
| #11 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Ja man kann ja die Systemdateien ein-. bzw. ausblenden. Und das geschieht bei mir, ohne das ich etwas tue, von allein. Sind sie zB. eingeblendet, blenden sie sich aus oder halt umgekehrt. |
|
02.08.2011, 06:59
| #12 |
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung hast Du auf "Übernehmen"-> dann auf "Ok" geklickt?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.08.2011, 20:02
| #13 |
| | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung Ja hab ich, aber das Problem scheint gelöst. Es kommt weder Werbung, noch schalten sich die versteckten Dateien um. Das System läuft wieder normal. |
|
04.08.2011, 05:15
| #14 | |
| /// Helfer-Team | Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes: Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein! 4. Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, eventuell auch die PIN für das Online-Banking) ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! ) Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Firefox bzw. Internet Explorer öffnet Tabs/Fenster mit Werbung |
| .zip datei, bereits, explorer, falsch, folge, folgendes, fragen, gmer, interne, internet, internet explorer, link, logfiles, problem, richtig, thread, trojan.fakealert, unregelmäßige, werbung, win32/hupigon.cjkibcx, worte, öffnet |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen. 
Linear-Darstellung
