| |
| |||||||
Log-Analyse und Auswertung: Falsche weiterleitung durch Google und co.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2011, 00:22
| #1 |
| |  Falsche weiterleitung durch Google und co. Hallo zusammen! Habe seit etwa einer stunde das Problem, dass ich bei google suchanfragen auf andere Webseiten weitergeleitet werde. Meist handelt es sich hierbei um irgendwelche werbungen oder vollgepackte seiten mit flashs/jpgs/gifs usw. Problem tritt auch bei anderen suchmaschienen wie zb bing auf. Die Google seite scheint mit allgemein nicht mehr das original zu sein, die Schrift im suchfeld sieht anderst aus und es erscheinen keine suchvorschläge mehr beim eintippen. Wie ich es eingefangen habe kann ich mir leider selbst nicht erklären. War bei amazon am "shoppen", wollte per google nach einem preisvergleich schauen und schon gings los. Antivir hat auch sofort haufenweise objekte gefunden als ich beim 1.mal weitergeleitet wurde und mein taskmanager war auf einmal voll mit unerklärlichen prozessen, sprich absoluter zahlen und buchstaben wirrwar. Antivir wollte nen neustart machen und hat anschließend einen kompletten system scan gemacht und findet nun leider nichts mehr. Auffällig ist dass im Hintergrund durchgehend die "iexplorer.exe*32" läuft und mein Firefox (welchen ich als standard nutz) nun bei jedem start fragt ob ich ihn wieder als standard browser möchte. Die exe startet sich auch sofort wieder neu sobald firefox geöffnet wird oder eben genannte seiten angesteuert werden. Ich hoffe auf schnelle hilfe da ich den rechner zz dringend für geschäftliche abwicklungen benötige. Danke schonmal im voraus. |
|
15.11.2011, 07:52
| #2 | |||
| /// Helfer-Team    | Falsche weiterleitung durch Google und co. Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 127.0.0.1 iw2.slysoft.com
O1 - Hosts: 127.0.0.1 h3.slysoft.com
O1 - Hosts: 127.0.0.1 update.slysoft.com
O1 - Hosts: 127.0.0.1 slysoft.com
O1 - Hosts: 127.0.0.1 sb2slysoft.com
O1 - Hosts: 127.0.0.1 ns6.gandi.net
O1 - Hosts: 127.0.0.1 ev1slysoft.com
O1 - Hosts: 127.0.0.1 reverse.privatedns.com
O1 - Hosts: 127.0.0.1 update.slysoft.com
O1 - Hosts: 127.0.0.1 ev1slysoft.com
2. Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen: Code:
ATTFilter Malwarebytes
(alle vorhandenen Protokolle!)
MBR mit aswMBR von Avast prüfen Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin). XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern. Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread. 4. deinstalliere wenn nicht absichtlich installiert hast bzw nicht benötigst: Zitat:
erneut einen Systemscan mit OTL
6. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
15.11.2011, 13:39
| #3 | |||||
| | Falsche weiterleitung durch Google und co. Hallo und danke für die schnelle antwort.
__________________Eventuell sollte ich noch dazu erwähnen, dass ich heute mal den Iinternetexplorer selbst gestartet habe und dabei auch sehr oft popup meldungen mit kurriosen inhalten aufspringen welche unbedingt wollen dass ich auf weiter, ok oder ähnliches klicke. Was ich natürlich nicht getan habe ... Zitat:
Grund dafür ist dass mir die Lizensabfrage des programmes über das internet bei jedem start definitiv zu lange gedauert hat und nach erkundigen wurde mir gesagt dass man dies unterbinden kann damit die software schneller startet, was sie auch tut. Sehe persönlich keine gefährdung hierdurch, kann aber auf wunsch die einträge herausnehmen. Zitat:
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8162
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
15.11.2011 13:22:34
mbam-log-2011-11-15 (13-22-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 441750
Laufzeit: 48 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zitat:
Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-15 12:36:06
-----------------------------
12:36:06.578 OS Version: Windows x64 6.1.7600
12:36:06.578 Number of processors: 4 586 0x503
12:36:06.578 ComputerName: BLIZZART-PC UserName: Blizzart
12:36:10.062 Initialize success
12:36:16.500 AVAST engine defs: 11111401
12:36:36.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:36:36.187 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305245MB BusType: 3
12:36:36.187 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:36:36.187 Disk 1 Vendor: SAMSUNG_HD322HJ 1AC01118 Size: 305245MB BusType: 3
12:36:38.203 Disk 0 MBR read successfully
12:36:38.203 Disk 0 MBR scan
12:36:38.218 Disk 0 Windows 7 default MBR code
12:36:38.218 Disk 0 MBR hidden
12:36:38.218 Service scanning
12:36:48.796 Modules scanning
12:36:48.796 Disk 0 trace - called modules:
12:36:48.796 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004bb7334]<<
12:36:48.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b35060]
12:36:48.796 3 CLASSPNP.SYS[fffff880019a743f] -> nt!IofCallDriver -> [0xfffffa8004a6d9b0]
12:36:48.796 5 ACPI.sys[fffff88000fa2781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b2d060]
12:36:48.796 \Driver\atapi[0xfffffa8004513de0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004bb7334
12:36:50.687 AVAST engine scan C:\Windows
12:36:58.562 AVAST engine scan C:\Windows\system32
12:40:02.605 AVAST engine scan C:\Windows\system32\drivers
12:40:33.011 AVAST engine scan C:\Users\Blizzart
12:46:01.058 AVAST engine scan C:\ProgramData
12:47:04.949 Scan finished successfully
12:48:35.980 Disk 0 MBR has been saved successfully to "C:\Users\Blizzart\Desktop\MBR.dat"
12:48:35.980 The log file has been saved successfully to "C:\Users\Blizzart\Desktop\aswMBR.txt"
Zitat:
Dieses habe ich schon seit ewigkeiten (absichtlich) auf dem rechner, da es eine art "freischaltschlüssel" des herstellers selbst ist, damit man beim beenden der software keine firmeneigene werbung mehr erhält. Das Plugin ist nur in meinem IE vorhanden und dort auch deaktiviert. Sehe zz keinen grund diese zu entfernen, es sei denn es wird natürlich erwünscht. Zitat:
Code:
ATTFilter OTL Extras logfile created on: 15.11.2011 13:25:00 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blizzart\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,66% Memory free
19,62 Gb Paging File | 17,80 Gb Available in Paging File | 90,74% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 129,17 Gb Free Space | 43,34% Space Free | Partition Type: NTFS
Drive D: | 298,08 Gb Total Space | 290,13 Gb Free Space | 97,33% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 541,37 Gb Free Space | 58,12% Space Free | Partition Type: NTFS
Computer Name: BLIZZART-PC | User Name: Blizzart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Users\Blizzart\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Blizzart\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Users\Blizzart\M-1-52-5782-8752-5245\winsvc.exe" = C:\Users\Blizzart\M-1-52-5782-8752-5245\winsvc.exe:*:Enabled:Microsoft® Windows Update
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{20CDFA01-ADCC-A6B3-0410-AB1556E799D9}" = AMD Fuel
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39B3C65A-3B11-4B58-97ED-427B732F1A58}" = O&O Defrag Workstation
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B328C018-B179-9A7C-C049-FC079607B10E}" = AMD Fuel
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2ABBD5D-F8B2-7492-8D45-CFD0F3460B8C}" = ccc-utility64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.12
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{04AE6E59-206D-86F4-1BC5-9B9DB33E6D70}" = CCC Help English
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = AMD VISION Engine Control Center
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2E20B367-3D6B-4A0D-B5BA-218769DDDDEC}_is1" = Audiosurf DE
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5032D684-B2EB-46CC-9416-C9C955A53A85}" = Belkin N+ Wireless USB Adapter
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die Sims Mittelalter
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BFC0A1AE-DD6C-E2BA-661C-9C94870C31D9}" = Catalyst Control Center Graphics Previews Common
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5D6F2DD-F8E2-4669-82FE-CC8219B889A6}" = OSCAR Editor
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Free 3D Photo Maker_is1" = Free 3D Photo Maker version 2.0.815
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.11.718
"Free Audio Converter_is1" = Free Audio Converter version 2.0
"Free Audio Dub_is1" = Free Audio Dub version 1.7.8.426
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free Studio_is1" = Free Studio version 5.1.7
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E5D6F2DD-F8E2-4669-82FE-CC8219B889A6}" = X7 Oscar Editor
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MFatigue Uninst" = Metal Fatigue Deinstallieren
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MPE" = MyPhoneExplorer
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"SFBM" = SoundFont-Bank-Manager
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Streamripper" = Streamripper (Remove only)
"Tunatic" = Tunatic
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"XnView_is1" = XnView 1.97.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.10.2011 12:00:15 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MyPhoneExplorer.exe, Version: 1.8.0.1,
Zeitstempel: 0x4d923081 Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15,
Zeitstempel: 0x4a5bda6c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000d0ec2 ID des fehlerhaften
Prozesses: 0x5e8 Startzeit der fehlerhaften Anwendung: 0x01cc8b53117cf887 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\MyPhoneExplorer\MyPhoneExplorer.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\MSVBVM60.DLL Berichtskennung: c4d7810e-f746-11e0-82bf-e5d6a23ad462
Error - 23.10.2011 15:34:28 | Computer Name = Blizzart-PC | Source = MsiInstaller | ID = 10005
Description =
Error - 25.10.2011 08:05:47 | Computer Name = Blizzart-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 25.10.2011 08:09:14 | Computer Name = Blizzart-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 27.10.2011 16:33:57 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c6f8a0 ID des fehlerhaften Prozesses:
0x3b0 Startzeit der fehlerhaften Anwendung: 0x01cc94e7799c500a Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
fe4111da-00da-11e1-8b81-eae438fa2f60
Error - 29.10.2011 13:47:14 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0122e718 ID des fehlerhaften Prozesses:
0xdac Startzeit der fehlerhaften Anwendung: 0x01cc965cfed19533 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
08dbcfec-0256-11e1-b650-92564671d565
Error - 29.10.2011 13:48:50 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001c6ec ID des fehlerhaften Prozesses:
0xccc Startzeit der fehlerhaften Anwendung: 0x01cc9662f5cf648b Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
41e9e71a-0256-11e1-b650-92564671d565
Error - 09.11.2011 18:30:19 | Computer Name = Blizzart-PC | Source = Windows Installer 3.1 | ID = 921877
Description =
Error - 12.11.2011 10:30:32 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c6f8a0 ID des fehlerhaften Prozesses:
0xbd4 Startzeit der fehlerhaften Anwendung: 0x01cca13d7a836c8d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
dfdcf901-0d3a-11e1-8a32-0025224db44b
Error - 13.11.2011 12:09:01 | Computer Name = Blizzart-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
0x4e9d3315 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00c6f8a0 ID des fehlerhaften Prozesses:
0xffc Startzeit der fehlerhaften Anwendung: 0x01cca21e76599e56 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
cc9fd7b1-0e11-11e1-9b58-0025224db44b
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter OTL logfile created on: 15.11.2011 13:25:00 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blizzart\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,66% Memory free 19,62 Gb Paging File | 17,80 Gb Available in Paging File | 90,74% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,08 Gb Total Space | 129,17 Gb Free Space | 43,34% Space Free | Partition Type: NTFS Drive D: | 298,08 Gb Total Space | 290,13 Gb Free Space | 97,33% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 541,37 Gb Free Space | 58,12% Space Free | Partition Type: NTFS Computer Name: BLIZZART-PC | User Name: Blizzart | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Blizzart\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Creative Dolby Digital Live Pack Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 8B 58 72 E2 1C CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\InprocServer32 File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "WOWDB@buffed.de" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.14 15:23:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.14 02:12:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.01 01:12:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.17 22:03:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.08.14 15:23:41 | 000,000,000 | ---D | M] [2011.04.21 16:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blizzart\AppData\Roaming\mozilla\Extensions [2010.07.06 09:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blizzart\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.21 16:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blizzart\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.11.15 12:59:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blizzart\AppData\Roaming\mozilla\Firefox\Profiles\46gnwrou.default\extensions [2011.11.01 21:40:07 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Blizzart\AppData\Roaming\mozilla\Firefox\Profiles\46gnwrou.default\extensions\foxyproxy@eric.h.jung [2011.09.28 16:50:22 | 000,002,354 | ---- | M] () -- C:\Users\Blizzart\AppData\Roaming\Mozilla\Firefox\Profiles\46gnwrou.default\searchplugins\aol-web-search.xml [2011.10.09 16:24:48 | 000,000,373 | ---- | M] () -- C:\Users\Blizzart\AppData\Roaming\Mozilla\Firefox\Profiles\46gnwrou.default\searchplugins\wowdbbuffedde.xml [2011.10.23 20:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.10.23 20:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\BLIZZART\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\46GNWROU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.14 02:12:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.23 20:37:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.10.01 14:17:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 14:17:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.01 14:17:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 14:17:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 14:17:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 14:17:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.02 13:31:53 | 000,001,077 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 iw2.slysoft.com O1 - Hosts: 127.0.0.1 h3.slysoft.com O1 - Hosts: 127.0.0.1 update.slysoft.com O1 - Hosts: 127.0.0.1 slysoft.com O1 - Hosts: 127.0.0.1 sb2slysoft.com O1 - Hosts: 127.0.0.1 ns6.gandi.net O1 - Hosts: 127.0.0.1 ev1slysoft.com O1 - Hosts: 127.0.0.1 reverse.privatedns.com O1 - Hosts: 127.0.0.1 update.slysoft.com O1 - Hosts: 127.0.0.1 ev1slysoft.com O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll䔀效灬牥桓浩搮汬 File not found O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll File not found O4 - HKLM..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Blizzart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Blizzart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Blizzart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Blizzart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ED8872B-8451-4E7C-BE69-B53832D3BF82}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3bc9240b-9e29-11e0-9e9e-ce639d781f79}\Shell - "" = AutoRun O33 - MountPoints2\{3bc9240b-9e29-11e0-9e9e-ce639d781f79}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{9796b54b-9e4c-11df-8a26-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9796b54b-9e4c-11df-8a26-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ctrun\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.15 12:35:28 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Blizzart\Desktop\aswMBR.exe [2011.11.14 23:46:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blizzart\Desktop\OTL.exe [2011.11.14 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Roaming\Avira [2011.11.14 22:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.11.14 22:41:11 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.11.14 22:41:11 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.11.14 22:41:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.11.14 22:41:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.11.14 22:40:16 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Avi [2011.11.14 22:32:56 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Pavark [2011.11.14 21:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C39F9 [2011.11.14 21:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP [2011.11.14 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Roaming\1CBC3 [2011.11.14 02:10:18 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.14 02:05:28 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Local\Solid State Networks [2011.11.13 21:44:44 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Roaming\Micro Line Windows 7 Patch Tool [2011.11.12 23:33:29 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Roaming\pdfforge [2011.11.12 23:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.11.12 23:33:27 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2011.11.12 23:33:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2011.11.12 23:33:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2011.11.12 23:33:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2011.11.12 23:33:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2011.11.12 23:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2011.11.10 16:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.11.10 16:23:33 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Application Data [2011.11.10 16:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2011.11.10 16:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON [2011.11.07 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\2.3.4_Upgrade_Komplett [2011.11.02 13:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2011.11.02 13:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft [2011.11.02 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Documents\AnyDVDHD [2011.11.02 13:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2011.11.01 16:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.11.01 01:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.11.01 01:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.11.01 01:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2011.11.01 01:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.11.01 01:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2011.11.01 01:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.11.01 01:14:08 | 024,629,760 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll [2011.11.01 01:14:08 | 018,630,656 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll [2011.11.01 01:14:08 | 010,207,232 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys [2011.11.01 01:14:08 | 005,431,808 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd64.dll [2011.11.01 01:14:08 | 004,289,024 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdag.dll [2011.11.01 01:14:08 | 004,174,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll [2011.11.01 01:14:08 | 004,023,296 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll [2011.11.01 01:14:08 | 001,828,864 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdmv.dll [2011.11.01 01:14:08 | 001,113,088 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6v.dll [2011.11.01 01:14:08 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll [2011.11.01 01:14:08 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll [2011.11.01 01:14:08 | 000,317,952 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys [2011.11.01 01:14:08 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\Oemdspif.dll [2011.11.01 01:14:08 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2011.11.01 01:14:08 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll [2011.11.01 01:14:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll [2011.11.01 01:14:08 | 000,054,784 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll [2011.11.01 01:14:08 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll [2011.11.01 01:14:08 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll [2011.11.01 01:14:08 | 000,040,960 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll [2011.11.01 01:14:08 | 000,038,912 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll [2011.11.01 01:14:08 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll [2011.11.01 01:14:08 | 000,029,184 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll [2011.11.01 01:14:08 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2011.11.01 01:14:08 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll [2011.11.01 01:14:08 | 000,014,336 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiglpxx.dll [2011.11.01 01:14:07 | 009,877,504 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll [2011.11.01 01:14:07 | 008,391,680 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll [2011.11.01 01:14:07 | 004,960,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atidxx64.dll [2011.11.01 01:14:07 | 004,231,680 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atidxx32.dll [2011.11.01 01:14:07 | 000,867,328 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\aticfx64.dll [2011.11.01 01:14:07 | 000,736,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\aticfx32.dll [2011.11.01 01:14:07 | 000,487,936 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2011.11.01 01:14:07 | 000,479,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll [2011.11.01 01:14:07 | 000,466,944 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll [2011.11.01 01:14:07 | 000,335,872 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll [2011.11.01 01:14:07 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2011.11.01 01:14:07 | 000,159,744 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe [2011.11.01 01:14:07 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll [2011.11.01 01:14:07 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll [2011.11.01 01:14:07 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll [2011.11.01 01:14:07 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll [2011.11.01 01:14:07 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll [2011.11.01 01:14:07 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll [2011.11.01 01:14:07 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll [2011.11.01 01:14:07 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll [2011.11.01 01:14:07 | 000,032,768 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll [2011.11.01 01:14:07 | 000,017,408 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll [2011.11.01 01:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.10.30 01:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2011.10.29 22:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2011.10.29 22:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2011.10.29 22:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2011.10.29 22:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2011.10.29 22:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2011.10.29 22:08:07 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Local\ABBYY [2011.10.29 22:04:48 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2011.10.29 22:04:38 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGGE.DLL [2011.10.29 22:04:35 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGGE.DLL [2011.10.29 22:04:22 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe [2011.10.29 22:04:22 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxcdev.dll [2011.10.29 22:04:21 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll [2011.10.29 22:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2011.10.27 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Local\ESN Sonar [2011.10.27 07:37:09 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Documents\Battlefield 3 [2011.10.27 07:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2011.10.26 00:54:15 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\Documents\FFOutput [2011.10.25 13:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2011.10.25 13:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2011.10.25 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Roaming\Origin [2011.10.25 13:06:00 | 000,000,000 | ---D | C] -- C:\Users\Blizzart\AppData\Local\Origin [2011.10.25 13:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2011.10.25 13:05:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2011.10.25 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2011.10.25 13:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2011.10.23 20:37:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.10.23 20:37:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.10.23 20:37:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.10.23 20:37:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.10.23 20:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.10.18 02:44:59 | 000,000,000 | ---D | C] -- C:\Windows\Tweak-7 [2011.10.18 02:37:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RightClickFiles [2011.10.18 02:24:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.10.18 02:24:11 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.10.18 00:30:54 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.18 00:30:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.18 00:30:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.18 00:30:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.18 00:30:52 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.10.18 00:30:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.10.18 00:30:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.18 00:30:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.18 00:30:51 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.10.18 00:13:24 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.10.18 00:13:24 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.10.18 00:13:24 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.10.18 00:13:24 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.10.18 00:13:24 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.10.18 00:13:23 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.10.18 00:13:23 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.10.18 00:13:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.10.18 00:13:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.10.18 00:13:23 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.10.18 00:13:23 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.10.18 00:13:23 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.10.18 00:13:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.10.18 00:13:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.10.18 00:13:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.10.18 00:13:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.10.18 00:13:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.10.18 00:13:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.10.18 00:13:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.10.18 00:13:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.10.18 00:13:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.10.18 00:13:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.10.18 00:13:10 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.10.18 00:13:09 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.10.18 00:13:09 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.10.18 00:13:08 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.10.18 00:13:08 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.10.18 00:13:08 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.10.18 00:13:08 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.10.18 00:13:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.10.18 00:13:08 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.10.18 00:13:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.10.18 00:13:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.10.18 00:13:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.10.18 00:13:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.10.18 00:13:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.10.18 00:13:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.10.18 00:13:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.10.18 00:13:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.10.18 00:13:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.10.18 00:13:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.10.18 00:13:07 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.10.18 00:13:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.10.18 00:13:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.10.18 00:13:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.10.18 00:13:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.10.18 00:13:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.10.18 00:13:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.10.18 00:12:29 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.18 00:12:29 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.18 00:12:28 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.18 00:12:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.18 00:12:28 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.10.18 00:12:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.10.18 00:12:28 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.18 00:12:28 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.18 00:12:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.18 00:12:28 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.18 00:12:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.18 00:12:28 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.18 00:12:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.10.18 00:12:16 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.05.22 08:03:18 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2010.11.05 21:11:08 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Blizzart\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.15 12:48:35 | 000,000,512 | ---- | M] () -- C:\Users\Blizzart\Desktop\MBR.dat [2011.11.15 12:35:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Blizzart\Desktop\aswMBR.exe [2011.11.15 12:28:14 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.15 12:28:14 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.15 12:25:10 | 001,645,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.15 12:25:10 | 000,715,162 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.15 12:25:10 | 000,657,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.15 12:25:10 | 000,153,954 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.15 12:25:10 | 000,126,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.15 12:20:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.15 12:20:57 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2011.11.15 12:20:55 | 000,691,156 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.11.14 23:46:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blizzart\Desktop\OTL.exe [2011.11.14 23:44:18 | 000,000,020 | ---- | M] () -- C:\Users\Blizzart\defogger_reenable [2011.11.14 19:20:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.14 19:20:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.14 02:10:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.13 22:44:23 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.11.13 02:13:35 | 000,001,408 | ---- | M] () -- C:\Users\Blizzart\Desktop\Wow.exe - Verknüpfung.lnk [2011.11.02 13:55:36 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.11.02 13:36:19 | 000,000,232 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2011.10.29 22:09:57 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss [2011.10.25 16:14:21 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.10.23 20:37:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.10.23 20:37:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.10.23 20:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.10.23 20:37:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.10.23 20:11:27 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2011.10.19 22:14:52 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll [2011.10.19 16:56:16 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.10.19 16:56:16 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.10.19 16:56:16 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.10.18 02:18:40 | 002,832,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.18 00:38:58 | 001,625,830 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.15 12:48:35 | 000,000,512 | ---- | C] () -- C:\Users\Blizzart\Desktop\MBR.dat [2011.11.14 23:44:17 | 000,000,020 | ---- | C] () -- C:\Users\Blizzart\defogger_reenable [2011.11.02 13:55:36 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.02 13:36:19 | 000,000,232 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2011.11.01 01:14:08 | 001,849,344 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2011.11.01 01:14:08 | 001,847,904 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2011.11.01 01:14:08 | 000,237,701 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2011.11.01 01:14:08 | 000,035,707 | ---- | C] () -- C:\Windows\atiogl.xml [2011.11.01 01:14:07 | 000,198,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2011.10.29 22:09:56 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss [2011.10.25 16:14:20 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.24 09:48:48 | 000,000,000 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\chrtmp [2011.06.11 11:11:43 | 000,000,017 | ---- | C] () -- C:\Users\Blizzart\AppData\Local\resmon.resmoncfg [2011.06.07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.05.27 15:54:35 | 000,002,696 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini [2011.05.27 15:54:35 | 000,001,392 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini [2011.05.23 16:41:19 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2011.05.22 08:03:17 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat [2011.05.22 08:03:17 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat [2011.05.14 12:23:15 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.05.04 01:48:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI [2011.03.15 19:31:21 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2010.11.05 21:12:04 | 000,001,041 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\vso_ts_preview.xml [2010.11.05 21:11:08 | 000,099,384 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\inst.exe [2010.11.05 21:11:08 | 000,007,859 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\pcouffin.cat [2010.11.05 21:11:08 | 000,001,167 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\pcouffin.inf [2010.08.01 20:35:22 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE [2010.08.01 20:35:22 | 000,006,067 | ---- | C] () -- C:\Windows\UNWISE.INI [2010.07.27 17:11:59 | 000,002,433 | ---- | C] () -- C:\Users\Blizzart\AppData\Roaming\MPQEditor.ini [2010.07.08 10:30:32 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2010.07.06 10:35:36 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.07.06 10:35:06 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.07.06 10:35:06 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.07.06 09:19:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.07.06 09:14:05 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.07.06 09:12:11 | 001,625,830 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.07.06 08:56:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe [2010.07.06 08:56:13 | 000,005,116 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini [2010.07.06 08:56:13 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\RT2870.bin [2010.05.22 01:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.10.06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe < End of report > |
|
15.11.2011, 13:41
| #4 | |
| | Falsche weiterleitung durch Google und co.Zitat:
Code:
ATTFilter AC3Filter 1.63b Alexander Vigovsky 13.08.2011 1.63b
Adobe AIR Adobe Systems Inc. 19.11.2010 2.5.1.17730
Adobe Anchor Service x64 CS4 21.05.2010
Adobe CMaps x64 CS4 21.05.2010
Adobe CSI CS4 x64 21.05.2010
Adobe Drive CS4 x64 21.05.2010
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 13.11.2011 1,78MB 10.0.12.36
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 13.11.2011 6,00MB 11.1.102.55
Adobe Fonts All x64 21.05.2010
Adobe Linguistics CS4 x64 21.05.2010
Adobe PDF Library Files x64 CS4 21.05.2010
Adobe Photoshop CS4 Adobe Systems Incorporated 16.09.2010 2.004MB 11.0
Adobe Photoshop CS4 (64 Bit) 21.05.2010
Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 09.02.2011 115,7MB 10.0.1
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 09.05.2011 11.5.9.620
Adobe Type Support x64 CS4 21.05.2010
Adobe WinSoft Linguistics Plugin x64 21.05.2010
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 31.10.2011 22,7MB 3.0.847.0
AnyDVD SlySoft 01.11.2011 6.8.8.0
Assassin's Creed Brotherhood Ubisoft 24.08.2011 1.00
Audiosurf DE Standby2 02.04.2011 199,6MB
Avira Free Antivirus Avira 13.11.2011 105,9MB 12.0.0.861
Battlefield 3™ Electronic Arts 24.10.2011 1.0.0.0
Battlefield: Bad Company™ 2 Electronic Arts 05.07.2010 1.773MB 1.0.0.0
Belkin N+ Wireless USB Adapter Belkin International, Inc. 05.07.2010 2.00.11
Borderlands 2K Games 30.03.2011 2.951MB 1.0.295
CCleaner Piriform 12.10.2011 3.11
CDBurnerXP CDBurnerXP 25.08.2011 12,3MB 4.3.8.2631
Command & Conquer™ 4 Tiberian Twilight Electronic Arts 23.06.2011 422MB 1.0.0.0
ConvertXtoDVD 4.0.9.322 04.11.2010 4.0.9.322
Crysis® 2 Electronic Arts 23.06.2011 3.612MB 1.0.0.0
Die Sims Mittelalter Electronic Arts 24.03.2011 1.0.0
DivX-Setup DivX, LLC 13.08.2011 2.6.0.34
Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 28.10.2011 2.2.3.0
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION 28.10.2011 1.00.0000
Epson Event Manager SEIKO EPSON CORPORATION 28.10.2011 38,8MB 2.40.0001
EPSON Scan Seiko Epson Corporation 28.10.2011
EPSON SX125 Series Handbuch 28.10.2011
EPSON SX125 Series Printer Uninstall SEIKO EPSON Corporation 28.10.2011
ESN Sonar ESN Social Software AB 07.11.2011 0.70.4
EVEREST Ultimate Edition v5.02 Lavalys, Inc. 05.07.2010 5.02
Foxit Reader 5.1 Foxit Corporation 29.10.2011 28,9MB 5.1.0.1021
Fraps (remove only) 08.08.2010
Free 3D Photo Maker version 2.0.815 DVDVideoSoft Limited. 18.08.2011 41,1MB
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 02.04.2011 10,7MB
Free Audio CD to MP3 Converter version 1.3.11.718 DVDVideoSoft Limited. 28.07.2011 40,2MB
Free Audio Converter version 2.0 DVDVideoSoft Limited. 06.08.2010 29,8MB
Free Audio Dub version 1.7.8.426 DVDVideoSoft Limited. 22.05.2011 22,5MB
Free DVD Video Burner version 2.4 DVDVideoSoft Limited. 04.11.2010 13,9MB
Free Studio version 5.1.7 DVDVideoSoft Ltd. 22.08.2011 334MB
Free YouTube Download version 3.0.16.923 DVDVideoSoft Ltd. 15.10.2011 39,0MB
Free YouTube to MP3 Converter version 3.10.11.923 DVDVideoSoft Ltd. 10.10.2011 42,4MB
HiJackThis Trend Micro 22.05.2011 0,73MB 1.0.0
ICQ7.6 ICQ 13.10.2011 7.6
Java(TM) 6 Update 29 Oracle 22.10.2011 95,0MB 6.0.290
JDownloader AppWork UG (haftungsbeschränkt) 11.08.2010
League of Legends Riot Games 22.07.2011 1.02.0000
Logitech Harmony Remote Software Logitech 04.07.2011 1.0.110307
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 13.11.2011 13,8MB 1.51.2.1300
Metal Fatigue Deinstallieren 11.09.2011
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.05.2011 38,8MB 4.0.30320
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.05.2011 2,94MB 4.0.30320
Microsoft .NET Framework 4 Extended Microsoft Corporation 04.05.2011 52,0MB 4.0.30320
Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 04.05.2011 10,7MB 4.0.30320
Microsoft Silverlight Microsoft Corporation 17.10.2011 134,3MB 4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 21.05.2010 1,72MB 3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 21.05.2010 0,61MB 1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 21.05.2010 1,45MB 1.0.1215.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 17.10.2011 0,29MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 08.05.2011 0,77MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 08.05.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 05.07.2010 1,71MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 14.08.2010 0,24MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 05.07.2010 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 17.10.2011 0,77MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 08.02.2011 2,87MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 05.07.2010 0,23MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 24.03.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 05.07.2010 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.10.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 08.05.2011 15,1MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 08.05.2011 11,0MB 10.0.30319
Microsoft WSE 3.0 Runtime Microsoft Corp. 24.03.2011 0,92MB 3.0.5305.0
Mozilla Firefox 8.0 (x86 de) Mozilla 13.11.2011 35,7MB 8.0
Mozilla Thunderbird (8.0) Mozilla 11.11.2011 8.0 (de)
MyPhoneExplorer F.J. Wechselberger 16.06.2011 1.8.1
NAVIGON Fresh 3.4.1 NAVIGON 09.11.2011 3.4.1
NVIDIA PhysX v8.10.29 NVIDIA Corporation 30.03.2011 119,4MB 8.10.29
O&O Defrag Workstation O&O Software GmbH 27.04.2011 52,7MB 14.0.205
OpenOffice.org 3.3 OpenOffice.org 14.09.2011 435MB 3.3.9567
Origin Electronic Arts, Inc. 08.11.2011 8.3.7.3619
Paint.NET v3.5.8 dotPDN LLC 21.08.2011 10,4MB 3.58.0
PDFCreator Frank Heindörfer, Philip Chinery 11.11.2011 1.2.3
Photoshop Camera Raw_x64 21.05.2010
PunkBuster Services Even Balance, Inc. 24.10.2011 0.991
Samsung Kies Samsung Electronics Co., Ltd. 18.06.2011 184,5MB 2.0.1.11053_66
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 28.09.2011 42,5MB 1.4.4.0
Security Task Manager 1.8d Neuber Software 28.08.2011 1.8d
SoundFont-Bank-Manager 29.05.2011
Star Wars: The Force Unleashed 2 LucasArts 25.08.2011 1.0
Streamripper (Remove only) 29.01.2011
TeamSpeak 3 Client TeamSpeak Systems GmbH 14.08.2010
TeraCopy 2.12 Code Sector Inc. 10.05.2011
Tunatic 12.07.2010
Ubisoft Game Launcher UBISOFT 24.08.2011 1.0.0.0
Vegas Pro 9.0 (64-bit) Sony 09.08.2010 368MB 9.0.1146
Ventrilo Client Flagship Industries, Inc. 05.07.2010 4,43MB 3.0.5
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 09.09.2010 2,62MB 1.34
VLC media player 1.1.11 VideoLAN 11.09.2011 1.1.11
Winamp Nullsoft, Inc 27.09.2011 5.621
Winamp Erkennungs-Plug-in Nullsoft, Inc 27.09.2011 75,00KB 1.0.0.1
Windows 7 Upgrade Advisor Microsoft Corporation 31.07.2010 9,53MB 2.0.5000.0
Windows Live Anmelde-Assistent Microsoft Corporation 21.05.2010 1,94MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 21.05.2010 14.0.8117.0416
Windows Live Sync Microsoft Corporation 21.05.2010 2,79MB 14.0.8117.416
Windows Live-Uploadtool Microsoft Corporation 21.05.2010 0,22MB 14.0.8014.1029
Windows XP Mode Microsoft Corporation 01.08.2010 1.161MB 1.3.7600.16422
WinRAR 05.07.2010
World of Warcraft Blizzard Entertainment 30.08.2011 4.2.2.14545
X7 Oscar Editor A4TECH 20.05.2011 56,5MB 11.05.0002
XnView 1.97.8 Gougelet Pierre-e 22.10.2010 20,8MB 1.97.8
|
|
15.11.2011, 23:51
| #5 |
| | Falsche weiterleitung durch Google und co. Ich denke mal dass wichtige änderungen stattgefunden haben, welche ich mal mitteilen sollte. Also, ich wollte heute mal noch windows updates ziehen, problem dabei war, dass die downloads 1. ewig gedauert haben und 2. duch unbekannte fehler nicht installiert werden konnten. Hab mich dann stundenlang auf vorkommenden fehlercodes durchs web gelesen und musste feststellen dass in der systemkonfiguration unter "start" kein Betriebssystem mehr vorhanden war (dennoch ist mein windows problemlos gestartet). Habe dann über einen neustart und die repairkonsole die man mit F8 starten kann festgestellt dass diese auch nicht funktioniert. Und wieder ewig lange durch netz gelesen da selbst der bootrec fix und rebuild nicht funktioniert haben. Letzendlich habe ich dann mit "gparted" gebootet, dort meiner windows platte die Boot funktion zugewiesen und neugestartet. Nun ist die Windowsreparatur über F8 gestartet und ich konnte die Start funktion in der systemkonfiguration quasi wieder herstellen. Jetzt kommt hinzu, dass seit dem die genannte "iexlorer.exe*32" nicht mehr im hintergrund läuft und ich seit dem auch keine weiterleitungen mehr habe. Zudem bin ich von Avira umgestiegen auf Microsoft Security Essentials welches mit bei einem scan sofort trojaner ausfindig machen konnte welche weder avira noch malewarebyte gefunden haben. Ebenfalls hat MSE eine datei gefunden die das programm als bisher unbekannt aber verdächtig hält und diese als befund zu microsoft gesendet hat zur weiteren untersuchung. Hier mal die MSE logs falls interesse besteht: Code:
ATTFilter hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.AV&threatid=2147651370
Name: Exploit:Java/Blacole.AV
ID: 2147651370
Schweregrad: Schwerwiegend
Kategorie: Ausnutzen
Pfad: containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db;containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db->json/ThreadParser.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7->json/ThreadParser.class
Erkennungsursprung:: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Benutzer
Benutzer: Blizzart-PC\Blizzart
Prozessname: Unknown
Signaturversion: AV: 1.115.1943.0, AS: 1.115.1943.0, NIS: 10.7.0.0
Modulversion: AM: 1.1.7801.0, NIS: 2.0.7707.0
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Cycbot.G&threatid=2147650392
Name: Backdoor:Win32/Cycbot.G
ID: 2147650392
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: containerfile:_C:\Users\Blizzart\AppData\Roaming\1CBC3\4DB44.exe;file:_C:\Users\Blizzart\AppData\Roaming\1CBC3\4DB44.exe->[Obfuscator.JM]->(UPX)
Erkennungsursprung:: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Benutzer
Benutzer: Blizzart-PC\Blizzart
Prozessname: Unknown
Signaturversion: AV: 1.115.1943.0, AS: 1.115.1943.0, NIS: 10.7.0.0
Modulversion: AM: 1.1.7801.0, NIS: 2.0.7707.0
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.AX&threatid=2147651408
Name: Exploit:Java/Blacole.AX
ID: 2147651408
Schweregrad: Schwerwiegend
Kategorie: Ausnutzen
Pfad: containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db;containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db->json/Parser.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db->json/SP.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db->json/XML.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7->json/Parser.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7->json/SP.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7->json/XML.class
Erkennungsursprung:: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Benutzer
Benutzer: Blizzart-PC\Blizzart
Prozessname: Unknown
Signaturversion: AV: 1.115.1943.0, AS: 1.115.1943.0, NIS: 10.7.0.0
Modulversion: AM: 1.1.7801.0, NIS: 2.0.7707.0
hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Exploit:Java/Blacole.AT&threatid=2147651368
Name: Exploit:Java/Blacole.AT
ID: 2147651368
Schweregrad: Schwerwiegend
Kategorie: Ausnutzen
Pfad: containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db;containerfile:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7b40c0cc-39da80db->json/Option.class;file:_C:\Users\Blizzart\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\304e2419-64e4fef7->json/Option.class
Erkennungsursprung:: Lokaler Computer
Erkennungstyp: Konkret
Erkennungsquelle: Benutzer
Benutzer: Blizzart-PC\Blizzart
Prozessname: Unknown
Signaturversion: AV: 1.115.1943.0, AS: 1.115.1943.0, NIS: 10.7.0.0
Modulversion: AM: 1.1.7801.0, NIS: 2.0.7707.0
Bisher sieht alles ruhig aus ABER jetzt kommt das wovon ihr hier ja leider nicht mehr soviel haltet, aber ich nutze HijackThis schon seit eh und je und auch diesmal ist es im augenblick so ziemlich das einzige was mir schwarz auf weiß zeigen kann dass hier noch was im busch lauert, da noch etliche einträge im verzeichniss @%SystemRoot%\system32\ vorhanden sind die mir persönlich nicht ganz sauber vorkommen (kann mich ja aber auch irren). |
|
16.11.2011, 17:45
| #6 |
| /// Helfer-Team | Falsche weiterleitung durch Google und co. also..Avira deinstalliert und MSE installiert? 1. reinige dein System mit Ccleaner:
2.
3. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 4. erstelle mit TrendMicro™ HijackThis™ ein Logfile und poste es Keine offenen Fenster, solang bis HijackThis läuft!! 5. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Falsche weiterleitung durch Google und co. |
|
| Themen zu Falsche weiterleitung durch Google und co. |
| browser, dringend, falsche, firefox, frage, fragen, google, hallo zusammen, hintergrund, iexplorer.exe, neustart, nicht mehr, nichts, preisvergleich, problem, prozesse, rechner, scan, schnelle hilfe, standard, startet, system, taskmanager, webseiten, weitergeleitet, weiterleitung |
Linear-Darstellung
