| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.09.2011, 03:05
| #16 |
| /// Helfer-Team    |  Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser 1. TDSSKiller von Kaspersky
2. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.09.2011, 12:41
| #17 |
 | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Hallo Kira,
__________________Schritt 1: ausgeführt, wie immer hier die Log. Code:
ATTFilter 2011/09/04 13:32:33.0377 3412 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/04 13:32:33.0517 3412 ================================================================================
2011/09/04 13:32:33.0517 3412 SystemInfo:
2011/09/04 13:32:33.0517 3412
2011/09/04 13:32:33.0517 3412 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/04 13:32:33.0517 3412 Product type: Workstation
2011/09/04 13:32:33.0517 3412 ComputerName: THORBEN-PC
2011/09/04 13:32:33.0517 3412 UserName: Thorben
2011/09/04 13:32:33.0517 3412 Windows directory: C:\Windows
2011/09/04 13:32:33.0517 3412 System windows directory: C:\Windows
2011/09/04 13:32:33.0517 3412 Running under WOW64
2011/09/04 13:32:33.0517 3412 Processor architecture: Intel x64
2011/09/04 13:32:33.0517 3412 Number of processors: 4
2011/09/04 13:32:33.0517 3412 Page size: 0x1000
2011/09/04 13:32:33.0517 3412 Boot type: Normal boot
2011/09/04 13:32:33.0517 3412 ================================================================================
2011/09/04 13:32:34.0999 3412 Initialize success
2011/09/04 13:32:39.0289 3368 ================================================================================
2011/09/04 13:32:39.0289 3368 Scan started
2011/09/04 13:32:39.0289 3368 Mode: Manual;
2011/09/04 13:32:39.0289 3368 ================================================================================
2011/09/04 13:32:40.0412 3368 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/04 13:32:40.0428 3368 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/04 13:32:40.0459 3368 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/04 13:32:40.0506 3368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/04 13:32:40.0537 3368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/04 13:32:40.0553 3368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/04 13:32:40.0615 3368 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/04 13:32:40.0631 3368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/04 13:32:40.0662 3368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/04 13:32:40.0677 3368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/04 13:32:40.0724 3368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/04 13:32:40.0880 3368 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/04 13:32:41.0036 3368 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/04 13:32:41.0067 3368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/04 13:32:41.0083 3368 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/04 13:32:41.0099 3368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/04 13:32:41.0130 3368 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/04 13:32:41.0177 3368 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/04 13:32:41.0208 3368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/04 13:32:41.0223 3368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/04 13:32:41.0239 3368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/04 13:32:41.0255 3368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/04 13:32:41.0301 3368 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/09/04 13:32:41.0333 3368 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/04 13:32:41.0364 3368 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/04 13:32:41.0395 3368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/04 13:32:41.0411 3368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/04 13:32:41.0442 3368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/04 13:32:41.0504 3368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/04 13:32:41.0520 3368 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/04 13:32:41.0551 3368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/04 13:32:41.0551 3368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/04 13:32:41.0567 3368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/04 13:32:41.0582 3368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/04 13:32:41.0598 3368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/04 13:32:41.0613 3368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/04 13:32:41.0629 3368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/04 13:32:41.0676 3368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/04 13:32:41.0691 3368 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/04 13:32:41.0723 3368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/04 13:32:41.0754 3368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/04 13:32:41.0769 3368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/04 13:32:41.0801 3368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/04 13:32:41.0832 3368 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/04 13:32:41.0847 3368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/04 13:32:41.0863 3368 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/04 13:32:41.0894 3368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/04 13:32:41.0910 3368 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/09/04 13:32:41.0941 3368 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/04 13:32:41.0988 3368 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
2011/09/04 13:32:42.0003 3368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/04 13:32:42.0035 3368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/04 13:32:42.0097 3368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/04 13:32:42.0128 3368 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/04 13:32:42.0144 3368 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/09/04 13:32:42.0269 3368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/04 13:32:42.0347 3368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/04 13:32:42.0362 3368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/04 13:32:42.0393 3368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/04 13:32:42.0409 3368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/04 13:32:42.0440 3368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/04 13:32:42.0471 3368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/04 13:32:42.0487 3368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/04 13:32:42.0503 3368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/04 13:32:42.0534 3368 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/04 13:32:42.0549 3368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/04 13:32:42.0581 3368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/04 13:32:42.0627 3368 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/04 13:32:42.0659 3368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/04 13:32:42.0674 3368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/04 13:32:42.0737 3368 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/04 13:32:42.0768 3368 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/04 13:32:42.0768 3368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/04 13:32:42.0783 3368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/04 13:32:42.0799 3368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/04 13:32:42.0830 3368 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/04 13:32:42.0861 3368 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/04 13:32:42.0908 3368 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/04 13:32:42.0939 3368 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/04 13:32:42.0971 3368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/04 13:32:42.0986 3368 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/04 13:32:43.0033 3368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/04 13:32:43.0111 3368 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/04 13:32:43.0142 3368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/04 13:32:43.0158 3368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/04 13:32:43.0173 3368 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/04 13:32:43.0189 3368 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/04 13:32:43.0189 3368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/04 13:32:43.0236 3368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/04 13:32:43.0251 3368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/04 13:32:43.0267 3368 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/04 13:32:43.0298 3368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/04 13:32:43.0314 3368 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/04 13:32:43.0329 3368 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/04 13:32:43.0345 3368 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/04 13:32:43.0361 3368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/04 13:32:43.0423 3368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/04 13:32:43.0470 3368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/04 13:32:43.0485 3368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/04 13:32:43.0501 3368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/04 13:32:43.0532 3368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/04 13:32:43.0548 3368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/04 13:32:43.0563 3368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/04 13:32:43.0595 3368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/04 13:32:43.0626 3368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/04 13:32:43.0641 3368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/04 13:32:43.0673 3368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/04 13:32:43.0704 3368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/04 13:32:43.0704 3368 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/04 13:32:43.0751 3368 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/04 13:32:43.0766 3368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/04 13:32:43.0797 3368 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/04 13:32:43.0813 3368 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/04 13:32:43.0844 3368 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/04 13:32:43.0860 3368 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/04 13:32:43.0875 3368 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/04 13:32:43.0891 3368 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/04 13:32:43.0922 3368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/04 13:32:43.0953 3368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/04 13:32:43.0969 3368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/04 13:32:44.0000 3368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/04 13:32:44.0016 3368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/04 13:32:44.0016 3368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/04 13:32:44.0078 3368 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/04 13:32:44.0109 3368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/04 13:32:44.0109 3368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/04 13:32:44.0125 3368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/04 13:32:44.0156 3368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/04 13:32:44.0187 3368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/04 13:32:44.0234 3368 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/04 13:32:44.0265 3368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/04 13:32:44.0297 3368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/04 13:32:44.0312 3368 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/04 13:32:44.0343 3368 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/04 13:32:44.0359 3368 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/04 13:32:44.0390 3368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/04 13:32:44.0406 3368 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/04 13:32:44.0437 3368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/04 13:32:44.0484 3368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/04 13:32:44.0577 3368 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
2011/09/04 13:32:44.0593 3368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/04 13:32:44.0640 3368 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/04 13:32:44.0671 3368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/04 13:32:44.0687 3368 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/04 13:32:44.0702 3368 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/04 13:32:44.0733 3368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/04 13:32:44.0765 3368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/04 13:32:44.0827 3368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/04 13:32:44.0843 3368 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/04 13:32:44.0858 3368 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/04 13:32:44.0889 3368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/04 13:32:44.0905 3368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/04 13:32:44.0921 3368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/04 13:32:44.0936 3368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/04 13:32:45.0030 3368 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/04 13:32:45.0045 3368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/04 13:32:45.0061 3368 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/04 13:32:45.0108 3368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/04 13:32:45.0139 3368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/04 13:32:45.0155 3368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/04 13:32:45.0186 3368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/04 13:32:45.0217 3368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/04 13:32:45.0233 3368 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/04 13:32:45.0264 3368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/04 13:32:45.0279 3368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/04 13:32:45.0311 3368 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/04 13:32:45.0326 3368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/04 13:32:45.0342 3368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/04 13:32:45.0373 3368 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/09/04 13:32:45.0389 3368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/04 13:32:45.0404 3368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/04 13:32:45.0435 3368 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/04 13:32:45.0467 3368 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/04 13:32:45.0513 3368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/04 13:32:45.0560 3368 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/04 13:32:45.0591 3368 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/04 13:32:45.0685 3368 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files (x86)\SuperAntiSpyware\SASDIFSV64.SYS
2011/09/04 13:32:45.0716 3368 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files (x86)\SuperAntiSpyware\SASKUTIL64.SYS
2011/09/04 13:32:45.0747 3368 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/04 13:32:45.0794 3368 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/04 13:32:45.0810 3368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/04 13:32:45.0857 3368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/04 13:32:45.0872 3368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/04 13:32:45.0903 3368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/04 13:32:45.0935 3368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/04 13:32:45.0950 3368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/04 13:32:45.0966 3368 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/04 13:32:45.0981 3368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/04 13:32:46.0028 3368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/04 13:32:46.0059 3368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/04 13:32:46.0091 3368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/04 13:32:46.0122 3368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/04 13:32:46.0184 3368 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/09/04 13:32:46.0215 3368 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/09/04 13:32:46.0231 3368 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/04 13:32:46.0247 3368 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/04 13:32:46.0293 3368 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/09/04 13:32:46.0309 3368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/04 13:32:46.0340 3368 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/04 13:32:46.0371 3368 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/04 13:32:46.0403 3368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/04 13:32:46.0449 3368 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/09/04 13:32:46.0481 3368 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/04 13:32:46.0527 3368 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/04 13:32:46.0543 3368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/04 13:32:46.0574 3368 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/04 13:32:46.0605 3368 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/04 13:32:46.0621 3368 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/04 13:32:46.0668 3368 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/04 13:32:46.0746 3368 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
2011/09/04 13:32:46.0777 3368 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/04 13:32:46.0793 3368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/04 13:32:46.0808 3368 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/04 13:32:46.0839 3368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/04 13:32:46.0855 3368 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/04 13:32:46.0886 3368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/04 13:32:46.0917 3368 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/09/04 13:32:46.0949 3368 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/04 13:32:46.0964 3368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/04 13:32:46.0995 3368 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/04 13:32:47.0011 3368 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/09/04 13:32:47.0042 3368 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/04 13:32:47.0058 3368 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/04 13:32:47.0058 3368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/04 13:32:47.0073 3368 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/04 13:32:47.0105 3368 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/04 13:32:47.0136 3368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/04 13:32:47.0151 3368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/04 13:32:47.0167 3368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/04 13:32:47.0198 3368 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/04 13:32:47.0214 3368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/04 13:32:47.0245 3368 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/04 13:32:47.0245 3368 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/04 13:32:47.0276 3368 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/04 13:32:47.0292 3368 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/04 13:32:47.0323 3368 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/04 13:32:47.0339 3368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/04 13:32:47.0370 3368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/04 13:32:47.0401 3368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/04 13:32:47.0417 3368 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 13:32:47.0417 3368 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/04 13:32:47.0448 3368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/04 13:32:47.0479 3368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/04 13:32:47.0526 3368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/04 13:32:47.0541 3368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/04 13:32:47.0619 3368 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/04 13:32:47.0682 3368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/04 13:32:47.0713 3368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/04 13:32:47.0744 3368 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/04 13:32:47.0775 3368 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/04 13:32:47.0791 3368 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/09/04 13:32:47.0807 3368 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/04 13:32:47.0822 3368 Boot (0x1200) (bc7e6992f369af7c9d5a24a3b1120d69) \Device\Harddisk0\DR0\Partition0
2011/09/04 13:32:47.0838 3368 Boot (0x1200) (35eb4775d277df826956e3199a746e47) \Device\Harddisk0\DR0\Partition1
2011/09/04 13:32:47.0869 3368 Boot (0x1200) (87858cd96dc1b03a2c148eb81b8d5e1c) \Device\Harddisk0\DR0\Partition2
2011/09/04 13:32:47.0869 3368 ================================================================================
2011/09/04 13:32:47.0869 3368 Scan finished
2011/09/04 13:32:47.0869 3368 ================================================================================
2011/09/04 13:32:47.0885 2164 Detected object count: 1
2011/09/04 13:32:47.0885 2164 Actual detected object count: 1
2011/09/04 13:32:59.0475 2164 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/04 13:32:59.0475 2164 \Device\Harddisk0\DR0 - ok
2011/09/04 13:32:59.0475 2164 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/04 13:33:03.0828 3592 Deinitialize success
Schritt 2: OTL-Textdatei Code:
ATTFilter OTL logfile created on: 04.09.2011 13:35:22 - Run 4 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,06% Memory free 8,00 Gb Paging File | 6,67 Gb Available in Paging File | 83,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 59,98 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 123,17 Gb Free Space | 84,08% Space Free | Partition Type: NTFS Drive E: | 221,62 Gb Total Space | 177,76 Gb Free Space | 80,21% Space Free | Partition Type: NTFS Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Programme\wintask.exe PRC - [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe PRC - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.07.28 14:44:22 | 001,851,224 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe PRC - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2006.07.23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\PS2USBKbdDrv.exe PRC - [2006.01.07 16:01:28 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseDrv.exe ========== Modules (No Company Name) ========== MOD - [2011.08.02 11:15:30 | 000,213,504 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger MOD - [2011.08.01 13:20:08 | 008,617,472 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll MOD - [2011.06.30 16:20:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2006.07.23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\PS2USBKbdDrv.exe MOD - [2006.03.14 09:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\keydll.dll MOD - [2006.01.07 16:01:28 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseDrv.exe MOD - [2005.05.04 20:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseHook.dll MOD - [2004.04.25 10:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\DLLMKKBD.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.09 14:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.09.02 15:20:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SuperAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.21 15:08:11 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.12.09 14:44:18 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.28 16:50:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 16:50:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.20 13:48:15 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SuperAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV) DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SuperAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL) DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 67 E0 DC 1B B8 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2011.02.27 13:36:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.03 18:11:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 16:20:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Thorben\AppData\Roaming\NetAssistant\ [2010.12.07 15:49:21 | 000,000,000 | ---D | M] [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions [2011.08.20 11:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions [2011.08.20 11:45:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.02 22:15:25 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-1.xml [2011.08.08 22:41:38 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-3.xml [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.30 16:20:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.13 19:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.03 18:11:07 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.13 19:26:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.18 21:53:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.18 21:53:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.08 00:08:21 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.08.18 21:53:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml Hosts file not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [wintask] C:\Program Files\wintask.exe () O4 - HKLM..\Run: [WireLessKeyboard] File not found O4 - HKLM..\Run: [WireLessMouse] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.04 13:32:11 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Thorben\Desktop\TDSSKiller.exe [2011.09.02 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.02 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\SUPERAntiSpyware.com [2011.09.02 15:12:03 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.09.02 15:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.09.02 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.09.02 15:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware [2011.09.02 15:11:00 | 012,820,144 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Thorben\Desktop\SUPERAntiSpyware.exe [2011.08.31 16:33:19 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.29 18:27:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 16:45:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.29 13:19:54 | 052,390,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011.08.29 12:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.08.29 02:42:35 | 000,000,000 | RHSD | C] -- C:\Users\Thorben\M-1-74-6482-7942-8945 [2011.08.25 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Games for Windows - LIVE Demos [2011.08.25 23:01:11 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Spartan [2011.08.25 21:21:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.08.09 18:09:06 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Desktop\Unbekannter Interpret [2011.08.08 00:08:59 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\Ilivid Player [2011.08.08 00:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess ========== Files - Modified Within 30 Days ========== [2011.09.04 13:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.04 13:33:35 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.09.04 13:33:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.04 13:33:07 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.04 13:31:50 | 001,390,139 | ---- | M] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.09.04 01:09:57 | 277,916,955 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.02 15:12:03 | 000,002,015 | ---- | M] () -- C:\Users\Thorben\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.09.02 15:11:10 | 012,820,144 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Thorben\Desktop\SUPERAntiSpyware.exe [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 18:22:53 | 000,000,188 | ---- | M] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | M] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | M] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.28 16:33:49 | 000,182,272 | ---- | M] () -- C:\Program Files\wintask.exe [2011.08.22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Thorben\Desktop\TDSSKiller.exe [2011.08.18 09:26:36 | 000,034,508 | -HS- | M] () -- C:\Users\Thorben\Desktop\Folder.jpg [2011.08.18 09:26:36 | 000,008,281 | -HS- | M] () -- C:\Users\Thorben\Desktop\AlbumArtSmall.jpg [2011.08.14 23:40:51 | 000,001,697 | ---- | M] () -- C:\WarRock.ini [2011.08.13 19:07:42 | 000,001,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011.08.13 19:07:42 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011.08.13 19:06:33 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk ========== Files Created - No Company Name ========== [2011.09.04 13:31:50 | 001,390,139 | ---- | C] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.09.04 01:07:01 | 277,916,955 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.02 15:12:03 | 000,002,015 | ---- | C] () -- C:\Users\Thorben\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.31 18:37:18 | 000,182,272 | ---- | C] () -- C:\Program Files\wintask.exe [2011.08.29 18:22:52 | 000,000,188 | ---- | C] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | C] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | C] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | C] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.25 21:21:33 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.08.13 19:06:33 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk [2011.08.13 18:33:40 | 000,001,697 | ---- | C] () -- C:\WarRock.ini [2011.05.21 21:04:56 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.21 21:04:54 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.06 16:14:04 | 000,000,290 | ---- | C] () -- C:\Windows\game.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.10 20:59:56 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini [2010.11.20 17:59:19 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.11.20 14:04:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.04.01 09:49:20 | 000,193,536 | ---- | C] () -- C:\Program Files (x86)\Project64.exe [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011.09.02 22:24:05 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\.minecraft [2010.11.20 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Atari [2011.03.28 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\BlueShot [2011.05.19 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Canneverbe Limited [2010.11.20 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\DAEMON Tools Lite [2010.12.07 15:52:29 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\FinalTorrent [2011.05.17 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\GetRightToGo [2011.08.26 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\ICQ [2010.11.27 18:54:48 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\LolClient [2011.05.17 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NCH Swift Sound [2010.12.07 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NetAssistant [2011.06.30 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\OpenOffice.org [2011.06.15 21:01:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Opera [2011.05.17 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Recordpad [2011.02.10 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Tobit [2010.11.21 15:08:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\TuneUp Software [2011.08.01 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Ubisoft [2010.12.07 15:50:19 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Uniblue [2011.08.21 12:37:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras-Textdatei Code:
ATTFilter OTL Extras logfile created on: 04.09.2011 13:35:22 - Run 4
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,84 Gb Available Physical Memory | 71,06% Memory free
8,00 Gb Paging File | 6,67 Gb Available in Paging File | 83,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 59,98 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 123,17 Gb Free Space | 84,08% Space Free | Partition Type: NTFS
Drive E: | 221,62 Gb Total Space | 177,76 Gb Free Space | 80,21% Space Free | Partition Type: NTFS
Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B9C8424A-8D34-C7F9-0393-251A87C65125}" = ATI AVIVO64 Codecs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DD430FCC-8C63-9F99-8CAF-B0791B0756BD}" = HydraVision
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueShot 1.2.0_is1" = BlueShot 1.2.0
"dlanconf" = devolo dLAN-Konfigurationsassistent
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"ICQToolbar" = ICQ Toolbar
"InstallShield_{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Minefield (3.7a5pre)" = Minefield (3.7a5pre)
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Opera 11.51.1087" = Opera 11.51
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.4
"WarRock" = WarRock
"WavePad" = WavePad Audiobearbeitungs-Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = NetAssistant for Firefox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.08.2011 07:42:41 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 29.08.2011 06:08:54 | Computer Name = Thorben-PC | Source = SDWinSec.exe | ID = 0
Description =
Error - 29.08.2011 11:06:11 | Computer Name = Thorben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>.
Fehler: 12030 (0x2efe).
Error - 29.08.2011 11:06:11 | Computer Name = Thorben-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>.
Fehler: Diese Netzwerkverbindung ist nicht vorhanden. .
Error - 29.08.2011 13:01:25 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: age2_x1.exe, Version: 0.7.22.627,
Zeitstempel: 0x3958fc04 Name des fehlerhaften Moduls: age2_x1.exe, Version: 0.7.22.627,
Zeitstempel: 0x3958fc04 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002280f9 ID des fehlerhaften
Prozesses: 0x630 Startzeit der fehlerhaften Anwendung: 0x01cc666d1439b965 Pfad der
fehlerhaften Anwendung: E:\Spiele\Microsoft Games\Age of Empires II\age2_x1.exe
Pfad
des fehlerhaften Moduls: E:\Spiele\Microsoft Games\Age of Empires II\age2_x1.exe
Berichtskennung:
87330f49-d260-11e0-b160-6c626d75ef04
Error - 29.08.2011 18:25:44 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.08.2011 08:02:56 | Computer Name = Thorben-PC | Source = System Restore | ID = 8210
Description =
Error - 30.08.2011 08:08:31 | Computer Name = Thorben-PC | Source = System Restore | ID = 8210
Description =
Error - 30.08.2011 08:20:55 | Computer Name = Thorben-PC | Source = System Restore | ID = 8210
Description =
Error - 01.09.2011 07:14:46 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 2925397.exe, Version: 0.0.0.0, Zeitstempel:
0x4e524b51 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00080e4e ID des fehlerhaften Prozesses:
0x648 Startzeit der fehlerhaften Anwendung: 0x01cc68985af9e908 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\2925397.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 9905aaf3-d48b-11e0-80b1-6c626d75ef04
[ System Events ]
Error - 03.09.2011 19:10:31 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 03.09.2011 19:10:50 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 03.09.2011 19:11:43 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 03.09.2011 19:11:43 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 04.09.2011 07:27:57 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 04.09.2011 07:27:59 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 04.09.2011 07:28:39 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 04.09.2011 07:33:46 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 04.09.2011 07:33:46 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 04.09.2011 07:34:02 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
|
|
04.09.2011, 20:34
| #18 |
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser 1.
__________________Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ |
|
11.09.2011, 17:56
| #19 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Hallo Kira, ich habe mir zeit gelassen,weil ich dachte dass alles beseitigt war, aber war es nicht also habe ich combofix ausgeführt. die logs poste ich im nächsten beitrag, weil ich diese erst noch finden muss. dafür habe ich aber die bluescreen-meldung dabei. Bluescreen-Meldung nach Neustart Code:
ATTFilter Problemsignatur:
Problemereignisname: BlueScreen
Betriebsystemversion: 6.1.7600.2.0.0.256.1
Gebietsschema-ID: 1031
Zusatzinformationen zum Problem:
BCCode: a
BCP1: 00000000000000DC
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF80002C678C5
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1
Dateien, die bei der Beschreibung des Problems hilfreich sind:
C:\Windows\Minidump\091111-23088-01.dmp
C:\Users\****\AppData\Local\Temp\WER-87594-0.sysdata.xml
Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407
Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt
grüße |
|
12.09.2011, 06:32
| #20 |
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser ➊ Log zu finden: C:\Qoobox oder C:\ComboFix.txt ➋ Bluescreen - bis jetzt ist es wieder vorgekommen oder nicht mehr? ansonsten das System weiterhin langsam? ➌ hast Du noch Malwarebytes? wenn nicht: Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
➍ OTL entfernt? wenn ja : Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (12.09.2011 um 06:52 Uhr) |
|
12.09.2011, 17:37
| #21 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Hallo Kira, Schritt 1: geöffnet, aber keine txt-Datei zu finden!!!! Schritt 2: ja andauernd. habe heute fast 2 std. am stück nur bluescreens gehabt. Schritt 3: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7699
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12.09.2011 18:26:11
mbam-log-2011-09-12 (18-26-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 445311
Laufzeit: 44 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 56
Infizierte Speicherprozesse:
c:\Users\Thorben\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3716 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Thorben\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\0238686.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\0240289.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\0772958.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\1096194.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\1113610.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\1283801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\1FDF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\2156579.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\2413983.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\2550632.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\2852451.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\3334246.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\341B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\3494467.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\3941242.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\3F70.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\4707632.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5050219.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5064256.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5215048.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\53E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5419.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5576941.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5644259.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5746348.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5787500.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5985187.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\5E65.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\6307.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\6393.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\6437441.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\6780645.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\69F9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\712.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\7476134.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\7918861.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\8756317.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\8808859.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\9190731.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\9410557.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\9417031.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\9551751.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\9661163.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\A209.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\B02C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\C2C2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\D549.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\F0F3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\setup1925127360.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\setup3992126896.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\setup4022682304.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\setup4228462288.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\AppData\Local\Temp\setup476796672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Thorben\m-1-74-6482-7942-8945\winsvc.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Windows\Temp\wyyfeg\setup.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
|
|
12.09.2011, 17:42
| #22 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser OTL.txt Code:
ATTFilter OTL logfile created on: 12.09.2011 18:37:40 - Run 2 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,97% Memory free 8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 57,08 Gb Free Space | 58,51% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 129,63 Gb Free Space | 88,50% Space Free | Partition Type: NTFS Drive E: | 221,62 Gb Total Space | 177,75 Gb Free Space | 80,20% Space Free | Partition Type: NTFS Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.08 19:55:20 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe PRC - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.07.28 14:44:22 | 001,851,224 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe PRC - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2010.11.15 17:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2006.07.23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\PS2USBKbdDrv.exe PRC - [2006.01.07 16:01:28 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseDrv.exe ========== Modules (No Company Name) ========== MOD - [2011.08.02 11:15:30 | 000,213,504 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger MOD - [2011.08.01 13:20:08 | 008,617,472 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll MOD - [2006.07.23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\PS2USBKbdDrv.exe MOD - [2006.03.14 09:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\keydll.dll MOD - [2006.01.07 16:01:28 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseDrv.exe MOD - [2005.05.04 20:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\MouseHook.dll MOD - [2004.04.25 10:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Multimedia Combo Set Driver\DLLMKKBD.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.12.09 14:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.09.12 18:05:56 | 000,034,304 | ---- | M] () [Auto | Stopped] -- C:\Windows\TEMP\gusgkg\setup.exe -- (AMService) SRV - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.28 14:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.11.21 15:08:11 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.12.09 14:44:18 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.28 16:50:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 16:50:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.20 13:48:15 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 67 E0 DC 1B B8 CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2011.02.27 13:36:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 18:15:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 16:20:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Thorben\AppData\Roaming\NetAssistant\ [2010.12.07 15:49:21 | 000,000,000 | ---D | M] [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions [2011.09.11 19:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions [2011.08.20 11:45:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.02 22:15:25 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-1.xml [2011.08.08 22:41:38 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-3.xml [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.30 16:20:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.13 19:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.08.18 21:54:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.13 19:26:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.18 21:53:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.11 19:10:54 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.08.18 21:53:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.08 00:08:21 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.08.18 21:53:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml Hosts file not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WireLessKeyboard] File not found O4 - HKLM..\Run: [WireLessMouse] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.11 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.09.11 18:25:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.09.11 18:25:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.09.11 18:25:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.09.11 18:25:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.09.11 18:25:38 | 000,000,000 | --SD | C] -- C:\ComboFix [2011.09.11 18:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.09.11 18:24:36 | 004,202,512 | R--- | C] (Swearware) -- C:\Users\Thorben\Desktop\ComboFix.exe [2011.09.10 15:05:03 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx [2011.09.10 15:05:03 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx [2011.09.10 15:05:03 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2011.09.10 15:05:03 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll [2011.09.10 15:05:03 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx [2011.09.10 15:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic [2011.09.10 15:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011.09.10 15:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic [2011.09.08 17:33:33 | 000,000,000 | RHSD | C] -- C:\Users\Thorben\M-1-52-5782-8752-5245 [2011.09.02 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.02 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\SUPERAntiSpyware.com [2011.09.02 15:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.09.02 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.09.02 15:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware [2011.08.31 16:33:19 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.29 18:27:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 16:45:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.29 13:19:54 | 052,390,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011.08.29 12:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.08.29 02:42:35 | 000,000,000 | RHSD | C] -- C:\Users\Thorben\M-1-74-6482-7942-8945 [2011.08.25 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Games for Windows - LIVE Demos [2011.08.25 23:01:11 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Spartan [2011.08.25 21:21:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE ========== Files - Modified Within 30 Days ========== [2011.09.12 18:37:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 18:37:17 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.12 18:31:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.12 18:31:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.09.12 18:31:14 | 280,546,651 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.11 18:24:40 | 004,202,512 | R--- | M] (Swearware) -- C:\Users\Thorben\Desktop\ComboFix.exe [2011.09.10 13:58:53 | 008,003,780 | ---- | M] () -- C:\Users\Thorben\Desktop\Generation Kill - Red White and Blood.mp3 [2011.09.09 22:31:19 | 003,868,663 | ---- | M] () -- C:\Users\Thorben\Desktop\Whitesnake - Here i go again.mp3 [2011.09.04 13:31:50 | 001,390,139 | ---- | M] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 18:22:53 | 000,000,188 | ---- | M] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | M] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | M] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.18 09:26:36 | 000,034,508 | -HS- | M] () -- C:\Users\Thorben\Desktop\Folder.jpg [2011.08.18 09:26:36 | 000,008,281 | -HS- | M] () -- C:\Users\Thorben\Desktop\AlbumArtSmall.jpg [2011.08.14 23:40:51 | 000,001,697 | ---- | M] () -- C:\WarRock.ini [2011.08.13 19:07:42 | 000,001,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk [2011.08.13 19:07:42 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk [2011.08.13 19:06:33 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk ========== Files Created - No Company Name ========== [2011.09.12 18:31:14 | 280,546,651 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.11 19:10:36 | 000,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.09.11 19:10:36 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.09.11 19:10:36 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.09.11 18:25:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.09.11 18:25:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.09.11 18:25:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.09.11 18:25:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.09.11 18:25:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.09.10 15:05:03 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe [2011.09.10 13:58:53 | 008,003,780 | ---- | C] () -- C:\Users\Thorben\Desktop\Generation Kill - Red White and Blood.mp3 [2011.09.09 22:31:19 | 003,868,663 | ---- | C] () -- C:\Users\Thorben\Desktop\Whitesnake - Here i go again.mp3 [2011.09.04 13:31:50 | 001,390,139 | ---- | C] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.08.29 18:22:52 | 000,000,188 | ---- | C] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | C] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | C] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | C] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.25 21:21:33 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.08.13 19:06:33 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk [2011.05.21 21:04:56 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.21 21:04:54 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.06 16:14:04 | 000,000,290 | ---- | C] () -- C:\Windows\game.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.10 20:59:56 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini [2010.11.20 17:59:19 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.11.20 14:04:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.04.01 09:49:20 | 000,193,536 | ---- | C] () -- C:\Program Files (x86)\Project64.exe [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011.09.08 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\.minecraft [2010.11.20 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Atari [2011.03.28 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\BlueShot [2011.05.19 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Canneverbe Limited [2010.11.20 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\DAEMON Tools Lite [2010.12.07 15:52:29 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\FinalTorrent [2011.05.17 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\GetRightToGo [2011.08.26 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\ICQ [2010.11.27 18:54:48 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\LolClient [2011.05.17 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NCH Swift Sound [2010.12.07 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NetAssistant [2011.06.30 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\OpenOffice.org [2011.06.15 21:01:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Opera [2011.05.17 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Recordpad [2011.02.10 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Tobit [2010.11.21 15:08:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\TuneUp Software [2011.08.01 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Ubisoft [2010.12.07 15:50:19 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Uniblue [2011.08.21 12:37:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 12.09.2011 18:37:40 - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,97% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 57,08 Gb Free Space | 58,51% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 129,63 Gb Free Space | 88,50% Space Free | Partition Type: NTFS
Drive E: | 221,62 Gb Total Space | 177,75 Gb Free Space | 80,20% Space Free | Partition Type: NTFS
Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B9C8424A-8D34-C7F9-0393-251A87C65125}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DD430FCC-8C63-9F99-8CAF-B0791B0756BD}" = HydraVision
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"APB Reloaded" = APB Reloaded
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueShot 1.2.0_is1" = BlueShot 1.2.0
"dlanconf" = devolo dLAN-Konfigurationsassistent
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"InstallShield_{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Minefield (3.7a5pre)" = Minefield (3.7a5pre)
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Opera 11.50.1074" = Opera 11.50
"Opera 11.51.1087" = Opera 11.51
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.4
"WarRock" = WarRock
"WavePad" = WavePad Audiobearbeitungs-Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = NetAssistant for Firefox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2011 16:45:37 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 39c Startzeit:
01cc6a79278485ae Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
ab32334b-d66d-11e0-9bff-6c626d75ef04
Error - 03.09.2011 16:46:49 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1074 Startzeit:
01cc6a7a820516d6 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
d6bfd32c-d66d-11e0-9bff-6c626d75ef04
Error - 05.09.2011 12:29:36 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 10.09.2011 03:37:40 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 21c Startzeit:
01cc6f8c73f485fc Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
c16024e8-db7f-11e0-947d-6c626d75ef04
Error - 10.09.2011 05:31:38 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.09.2011 07:44:54 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 7072831.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x1310 Startzeit der fehlerhaften Anwendung: 0x01cc6faf0d8989bc Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\7072831.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 4c65f628-dba2-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:53:18 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 8470716.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x128c Startzeit der fehlerhaften Anwendung: 0x01cc6fb898761767 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\8470716.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: da918e5e-dbab-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:54:42 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0164911.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x12b4 Startzeit der fehlerhaften Anwendung: 0x01cc6fb8cd1d8fa6 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\0164911.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0cebd9ac-dbac-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:59:57 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 9904948.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x11b4 Startzeit der fehlerhaften Anwendung: 0x01cc6fb989e44cc4 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\9904948.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c8526562-dbac-11e0-947d-6c626d75ef04
Error - 11.09.2011 14:47:14 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 11e4 Startzeit: 01cc70b2ce87eb43 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 73151db2-dca6-11e0-a957-6c626d75ef04
[ System Events ]
Error - 12.09.2011 12:05:59 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "AMService" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 12.09.2011 12:28:29 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 12.09.2011 12:28:59 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMService erreicht.
Error - 12.09.2011 12:29:22 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 12.09.2011 12:31:27 | Computer Name = THORBEN-PC | Source = BugCheck | ID = 1001
Description =
Error - 12.09.2011 12:31:45 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 12.09.2011 12:32:15 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMService erreicht.
Error - 12.09.2011 12:32:15 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 12.09.2011 12:32:27 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 12.09.2011 12:33:38 | Computer Name = Thorben-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
|
|
13.09.2011, 07:01
| #23 | |||
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im BrowserZitat:
Zitat:
Code:
ATTFilter TuneUp Utilities
- TuneUp Software <- die Instandhaltung von technischen Systemen automatisch erledigen lassen? TuneUp: Wundermittel oder Placebo Reloaded Tipps:-> System mit Windows-eigenen Mitteln bereinigen Ausserdem gibt`s Autostart und Dienste, wo man selbst bestimmen kann, was starten soll und was nicht! Man weiss nie was das Tool zustande bringt, "optimiert", ausser man selbst es tut Falls ...bevor Du das Tool deinstallierst, alle Änderungen musst rückgängig machen 2. Deinstalliere - "fragwürdige" Programm!: Zitat:
Rat allgemein: Ich rate Dir dringend davon ab solche Tools einzusetzen, die so tief in die Registry eingreifen und "völlig automatisch" versuchen Windows zu optimieren,, da eine winzige Änderung in der Registry (z.B "falsch gelöschte" Einträge) kann fatale Folgen haben! Dann wundert man sich, dass Windows irgendwann lahmt oder Abstürze bringt! - Ich kann mir nicht vorstellen, dass irgendein Programm zwischen nützlichen und unnützen unterscheiden kann und "völlig automatisch" entscheiden kann, was Windows wirklich benötigt und was nicht! Fraglich auch, ob alle zuvor angelegten Sicherungsdateien bei Problemen einfach wiederherstellen kann, wie es der Hersteller versprochen hat! 3. ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
4. Fixen mit OTL
Code:
ATTFilter :OTL
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
[2011.08.08 22:41:38 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-3.xml
[2011.09.11 19:10:54 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [WireLessKeyboard] File not found
O4 - HKLM..\Run: [WireLessMouse] File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
[2011.09.10 15:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011.09.10 15:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2010.12.07 15:50:19 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Uniblue
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:B623B5B8
:Commands
[purity]
[emptytemp]
[resethosts]
5. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (13.09.2011 um 07:11 Uhr) |
|
14.09.2011, 14:25
| #24 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Hallo Kira, Schritt 1 +2: beide gelöscht Schritt 3: MBAM-vollständiger Scan Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Datenbank Version: 7699
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.09.2011 15:10:13
mbam-log-2011-09-14 (15-10-13).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 447921
Laufzeit: 50 Minute(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\System32\config\systemprofile\AppData\Roaming\KB546100.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter All processes killed
========== OTL ==========
No active process named TeaTimer.exe was found!
Process SDWinSec.exe killed successfully!
Service SBSDWSCService stopped successfully!
Service SBSDWSCService deleted successfully!
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "hxxp://www.searchqu.com/406" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WireLessKeyboard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WireLessMouse deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic\ not found.
Folder C:\Program Files (x86)\Registry Mechanic\ not found.
C:\Users\Thorben\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Thorben\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Thorben\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Thorben\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Thorben\AppData\Roaming\Uniblue folder moved successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 21738780 bytes
->Temporary Internet Files folder emptied: 44241574 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36329290 bytes
->Opera cache emptied: 20397185 bytes
->Flash cache emptied: 470 bytes
User: Public
User: Thorben
->Temp folder emptied: 2563915 bytes
->Temporary Internet Files folder emptied: 5619688 bytes
->Java cache emptied: 6244 bytes
->FireFox cache emptied: 37846128 bytes
->Opera cache emptied: 13620578 bytes
->Flash cache emptied: 475 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240130 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50233 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 174,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.6 log created on 09142011_151136
Files\Folders moved on Reboot...
C:\Users\Thorben\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_THORBEN-PC$\1528 not found!
File\Folder C:\Windows\temp\flaB948.tmp not found!
C:\Windows\temp\svchost.exe moved successfully.
Registry entries deleted on Reboot...
OTL-TXT Code:
ATTFilter OTL logfile created on: 14.09.2011 15:21:53 - Run 3 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,55% Memory free 8,00 Gb Paging File | 6,59 Gb Available in Paging File | 82,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 39,88 Gb Free Space | 40,88% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 128,10 Gb Free Space | 87,45% Space Free | Partition Type: NTFS Drive E: | 221,62 Gb Total Space | 171,38 Gb Free Space | 77,33% Space Free | Partition Type: NTFS Drive G: | 3,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.08 19:55:20 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe PRC - [2011.07.28 14:44:22 | 001,851,224 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe PRC - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE ========== Modules (No Company Name) ========== MOD - [2011.08.02 11:15:30 | 000,213,504 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger MOD - [2011.08.01 13:20:08 | 008,617,472 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.08.02 08:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2011.06.28 16:50:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.21 21:04:54 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.05.01 19:56:11 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.09.13 14:43:19 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.06.28 16:50:17 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.28 16:50:17 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.20 13:48:15 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.05.13 17:00:16 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 67 E0 DC 1B B8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2011.02.27 13:36:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 18:15:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 16:20:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Thorben\AppData\Roaming\NetAssistant\ [2010.12.07 15:49:21 | 000,000,000 | ---D | M] [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Extensions [2011.09.11 19:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions [2011.08.20 11:45:04 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Thorben\AppData\Roaming\mozilla\Firefox\Profiles\y25s2bvq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.09.02 22:15:25 | 000,000,950 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\Mozilla\Firefox\Profiles\y25s2bvq.default\searchplugins\icqplugin-1.xml [2011.08.09 15:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.30 16:20:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.13 19:26:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.08.18 21:54:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.07.13 19:26:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.08.18 21:53:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.18 21:53:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.08 00:08:21 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.08.18 21:53:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2011.09.14 15:12:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.13 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Local\CrashRpt [2011.09.13 14:43:19 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.09.13 14:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2011.09.13 14:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011.09.13 14:34:31 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Desktop\MW2-Online [2011.09.13 14:21:05 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Desktop\MW2 [2011.09.11 19:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.09.11 18:25:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.09.11 18:25:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.09.11 18:25:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.09.11 18:25:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.09.11 18:25:38 | 000,000,000 | --SD | C] -- C:\ComboFix [2011.09.11 18:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.09.11 18:24:36 | 004,202,512 | R--- | C] (Swearware) -- C:\Users\Thorben\Desktop\ComboFix.exe [2011.09.08 17:33:33 | 000,000,000 | RHSD | C] -- C:\Users\Thorben\M-1-52-5782-8752-5245 [2011.09.02 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.09.02 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\Thorben\AppData\Roaming\SUPERAntiSpyware.com [2011.09.02 15:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2011.09.02 15:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.09.02 15:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware [2011.08.31 16:33:19 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.29 18:27:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 16:45:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.29 13:19:54 | 052,390,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe [2011.08.29 12:00:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.08.29 02:42:35 | 000,000,000 | RHSD | C] -- C:\Users\Thorben\M-1-74-6482-7942-8945 [2011.08.25 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Games for Windows - LIVE Demos [2011.08.25 23:01:11 | 000,000,000 | ---D | C] -- C:\Users\Thorben\Documents\Spartan [2011.08.25 21:21:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.08.25 21:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE ========== Files - Modified Within 30 Days ========== [2011.09.14 15:21:00 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.14 15:21:00 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.14 15:21:00 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.14 15:21:00 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.14 15:21:00 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.14 15:19:33 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.14 15:19:33 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.14 15:13:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.14 15:13:06 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.09.14 15:12:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011.09.14 14:13:44 | 286,862,739 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.13 14:43:19 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.09.12 19:46:56 | 001,499,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.11 18:24:40 | 004,202,512 | R--- | M] (Swearware) -- C:\Users\Thorben\Desktop\ComboFix.exe [2011.09.04 13:31:50 | 001,390,139 | ---- | M] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.08.29 18:27:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Thorben\Desktop\OTL.exe [2011.08.29 18:22:53 | 000,000,188 | ---- | M] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | M] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | M] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | M] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.18 09:26:36 | 000,034,508 | -HS- | M] () -- C:\Users\Thorben\Desktop\Folder.jpg [2011.08.18 09:26:36 | 000,008,281 | -HS- | M] () -- C:\Users\Thorben\Desktop\AlbumArtSmall.jpg ========== Files Created - No Company Name ========== [2011.09.12 19:46:56 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.12 18:31:14 | 286,862,739 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.11 19:10:36 | 000,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.09.11 19:10:36 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.09.11 19:10:36 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.09.11 18:25:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.09.11 18:25:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.09.11 18:25:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.09.11 18:25:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.09.11 18:25:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.09.04 13:31:50 | 001,390,139 | ---- | C] () -- C:\Users\Thorben\Desktop\tdsskiller.zip [2011.08.29 18:22:52 | 000,000,188 | ---- | C] () -- C:\Users\Thorben\defogger_reenable [2011.08.29 18:19:37 | 000,050,477 | ---- | C] () -- C:\Users\Thorben\Desktop\Defogger.exe [2011.08.29 02:42:49 | 000,000,000 | ---- | C] () -- C:\Users\Thorben\AppData\Roaming\chrtmp [2011.08.28 21:23:14 | 000,197,278 | ---- | C] () -- C:\Users\Thorben\Desktop\RE 11-260940.pdf [2011.08.25 21:21:33 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.05.21 21:04:56 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.21 21:04:54 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.05.06 16:14:04 | 000,000,290 | ---- | C] () -- C:\Windows\game.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.02.10 20:59:56 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files (x86)\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files (x86)\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2011.01.19 12:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files (x86)\setup.ini [2010.11.20 17:59:19 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.11.20 14:04:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.04.01 09:49:20 | 000,193,536 | ---- | C] () -- C:\Program Files (x86)\Project64.exe [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011.09.08 18:13:40 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\.minecraft [2010.11.20 17:59:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Atari [2011.03.28 17:29:34 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\BlueShot [2011.05.19 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Canneverbe Limited [2010.11.20 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\DAEMON Tools Lite [2010.12.07 15:52:29 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\FinalTorrent [2011.05.17 14:55:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\GetRightToGo [2011.08.26 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\ICQ [2010.11.27 18:54:48 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\LolClient [2011.05.17 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NCH Swift Sound [2010.12.07 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\NetAssistant [2011.06.30 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\OpenOffice.org [2011.06.15 21:01:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Opera [2011.05.17 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Recordpad [2011.02.10 21:00:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Tobit [2010.11.21 15:08:09 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\TuneUp Software [2011.09.13 08:35:17 | 000,000,000 | ---D | M] -- C:\Users\Thorben\AppData\Roaming\Ubisoft [2011.08.21 12:37:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extras-TXT Code:
ATTFilter OTL Extras logfile created on: 14.09.2011 15:21:53 - Run 3
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Thorben\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,55% Memory free
8,00 Gb Paging File | 6,59 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 39,88 Gb Free Space | 40,88% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 128,10 Gb Free Space | 87,45% Space Free | Partition Type: NTFS
Drive E: | 221,62 Gb Total Space | 171,38 Gb Free Space | 77,33% Space Free | Partition Type: NTFS
Drive G: | 3,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: THORBEN-PC | User Name: Thorben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B9C8424A-8D34-C7F9-0393-251A87C65125}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{35355EBA-4636-40B2-A995-FEB4CDBD92B3}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DD430FCC-8C63-9F99-8CAF-B0791B0756BD}" = HydraVision
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"APB Reloaded" = APB Reloaded
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueShot 1.2.0_is1" = BlueShot 1.2.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"dlanconf" = devolo dLAN-Konfigurationsassistent
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GFWL_{4D530FA3-9B89-4186-98B7-F51000008100}" = Age of Empires Online
"InstallShield_{B8C11C23-F46C-48C1-8EA8-CEA82115586A}" = Multimedia Combo Set Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Minefield (3.7a5pre)" = Minefield (3.7a5pre)
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Opera 11.50.1074" = Opera 11.50
"Opera 11.51.1087" = Opera 11.51
"PunkBusterSvc" = PunkBuster Services
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 1.1.4
"WarRock" = WarRock
"WavePad" = WavePad Audiobearbeitungs-Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = NetAssistant for Firefox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2011 16:45:37 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 39c Startzeit:
01cc6a79278485ae Endzeit: 17 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
ab32334b-d66d-11e0-9bff-6c626d75ef04
Error - 03.09.2011 16:46:49 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1074 Startzeit:
01cc6a7a820516d6 Endzeit: 13 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
d6bfd32c-d66d-11e0-9bff-6c626d75ef04
Error - 05.09.2011 12:29:36 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error - 10.09.2011 03:37:40 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 11.51.1087.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 21c Startzeit:
01cc6f8c73f485fc Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe
Berichts-ID:
c16024e8-db7f-11e0-947d-6c626d75ef04
Error - 10.09.2011 05:31:38 | Computer Name = Thorben-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.09.2011 07:44:54 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 7072831.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x1310 Startzeit der fehlerhaften Anwendung: 0x01cc6faf0d8989bc Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\7072831.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 4c65f628-dba2-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:53:18 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 8470716.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x128c Startzeit der fehlerhaften Anwendung: 0x01cc6fb898761767 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\8470716.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: da918e5e-dbab-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:54:42 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0164911.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x12b4 Startzeit der fehlerhaften Anwendung: 0x01cc6fb8cd1d8fa6 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\0164911.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0cebd9ac-dbac-11e0-947d-6c626d75ef04
Error - 10.09.2011 08:59:57 | Computer Name = Thorben-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 9904948.exe, Version: 1.0.0.1, Zeitstempel:
0x4e557cdf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16385, Zeitstempel:
0x4a5bdb3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e831 ID des fehlerhaften Prozesses:
0x11b4 Startzeit der fehlerhaften Anwendung: 0x01cc6fb989e44cc4 Pfad der fehlerhaften
Anwendung: C:\Users\Thorben\AppData\Local\Temp\9904948.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: c8526562-dbac-11e0-947d-6c626d75ef04
Error - 11.09.2011 14:47:14 | Computer Name = Thorben-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 11e4 Startzeit: 01cc70b2ce87eb43 Endzeit: 0 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID: 73151db2-dca6-11e0-a957-6c626d75ef04
[ System Events ]
Error - 14.09.2011 08:10:57 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.09.2011 08:11:08 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.09.2011 08:14:18 | Computer Name = THORBEN-PC | Source = BugCheck | ID = 1001
Description =
Error - 14.09.2011 08:14:34 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.09.2011 08:15:31 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AMService erreicht.
Error - 14.09.2011 08:15:31 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 14.09.2011 08:15:40 | Computer Name = Thorben-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.09.2011 08:17:27 | Computer Name = Thorben-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 14.09.2011 09:11:36 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 14.09.2011 09:14:30 | Computer Name = Thorben-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
< End of report >
So, das war's erstmal |
|
15.09.2011, 05:46
| #25 | |
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser was ist damit?: Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
15.09.2011, 19:55
| #26 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Den Ordner habe ich, aber keine TXT-Datei! habe nur folgende Ordner: 1. BackEnv 2. LastRun 3. Quarantine 4. Test 5. TestC |
|
16.09.2011, 20:01
| #27 |
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Quarantine-Inhalt?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
16.09.2011, 23:08
| #28 |
| | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser Hallo Kira, Quarantine Inhalt folgende Ordner: -C(leer) -Backups(leer) -catchme-TXT-Datei(auch keine informationen drin) |
|
17.09.2011, 04:29
| #29 |
| /// Helfer-Team | Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser 1. CombiFix entfernen: Start --> Ausführen -->Kopiere rein Combofix /Uninstall --> OK Entferne auf C:\ Qoobox (falls noch vorhanden) -->Papierkorb leeren oder einfach nur entfernen, C:\ Qoobox (falls noch vorhanden) auch löschen-->Papierkorb leeren 2. Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
[2011.08.08 00:08:21 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[emptytemp]
3. Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes: Systemsteuerung/System und Sicherheit/System/Computerschutz/Systemeigenschaften poppt auf und dann einen Sicherungspunkt erstellen Systemwiederherstellung deaktivieren: Windows 7 - einen manuellen Systemwiederherstellungspunkt erstellen also zuerst deaktivieren-> dann aktivieren - am Ende soll wieder aktiviert sein! ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Pc-Abstürze durch Bluescreens und automatisches Öffnen von Tabs im Browser |
| .dll, 5 minuten, aufruf, bericht, bild, bluescreen, bluescreens, blöd, browser, desktop, detected, error, fehler, file, found, gen, langsam, link, mbam, neustart, not, port, problem, programm, sehr langsam, sekunden, startet |
.
Linear-Darstellung
