| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: IE Explorer öffnet von selbst Werbung !Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.11.2009, 17:59
| #16 |
 |  IE Explorer öffnet von selbst Werbung ! habe Malwarebytes ausgeführt und poste gleich die neuen logfiles von otl Geändert von _oeLuu_ (07.11.2009 um 18:08 Uhr) |
|
07.11.2009, 18:13
| #17 |
| | IE Explorer öffnet von selbst Werbung ! oook hier die neuen LogFiles von OTL
__________________OTL.txt teil 1 Code:
ATTFilter OTL logfile created on: 07.11.2009 18:11:53 - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 18.27 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147.39 Gb Total Space | 143.92 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 220.71 Gb Total Space | 178.74 Gb Free Space | 80.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVAT-37334436
Current User Name: Oliver
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\system32\PnkBstrA.exe ()
PRC - C:\Programme\vghd\VirtuaGirl_Downloader.exe (Totem Entertainment)
PRC - C:\Programme\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\EXPERTool\TBPANEL.exe (Gainward Co.)
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Programme\ROCCAT\Kone Mouse\OSD.exe (ROCCAT)
PRC - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (IDriverT) -- File not found
SRV - (PnkBstrB) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\WINDOWS\system32\PnkBstrA.exe ()
SRV - (gupdate) -- C:\Programme\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (nHancer) -- C:\Programme\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (iPod Service) -- C:\Programme\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ES lite Service) -- C:\Programme\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (Bonjour Service) -- C:\Programme\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (TryAndDecideService) -- C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (KoneFltr) -- C:\WINDOWS\system32\drivers\Kone.sys (ROCCAT Ltd)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (TBPanel) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (PLCNDIS5) -- C:\WINDOWS\system32\plcndis5.sys (Intellon, Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.ch"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.25 00:16:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.09.25 19:09:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.10.28 19:58:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.10.28 19:58:12 | 00,000,000 | ---D | M]
[2009.10.04 22:25:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions
[2009.09.21 16:53:39 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.10.04 22:25:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2009.11.07 14:36:54 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\pu3m1sxs.default\extensions
[2009.09.25 18:42:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\pu3m1sxs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.07 14:36:54 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.14 17:59:31 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.10.28 19:58:12 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.25 19:09:10 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.10.28 19:58:07 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.28 19:58:07 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 22:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\libdivx.dll
[2009.09.25 19:08:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.12 19:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2009.10.28 19:58:11 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
[2009.10.04 22:04:40 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
[2009.05.01 22:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Programme\Mozilla Firefox\plugins\ssldivx.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
|
|
07.11.2009, 18:14
| #18 |
| | IE Explorer öffnet von selbst Werbung ! OTL.exe teil 2
__________________Code:
ATTFilter O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [itype] C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kone] C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] F:\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [GAINWARD] C:\Programme\EXPERTool\TBPanel.exe (Gainward Co.)
O4 - HKCU..\Run: [RGSC] F:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [Steam] c:\programme\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK = C:\Programme\vghd\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.60.61.246 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 15:29:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 30 Days ==========
[2009.11.07 17:56:30 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Malwarebytes
[2009.11.07 17:56:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.11.07 17:56:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.11.07 17:56:25 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.07 17:56:25 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.11.06 22:00:51 | 00,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2009.10.31 14:39:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Runes of Magic
[2009.10.30 16:10:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\FOG Downloader
[2009.10.26 12:05:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Ubisoft
[2009.10.25 22:06:47 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\DAEMON Tools Images
[2009.10.25 21:57:49 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2009.10.25 21:54:12 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DAEMON Tools Pro
[2009.10.25 01:42:14 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trymedia
[2009.10.24 23:33:37 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\DHT
[2009.10.22 12:52:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\IDM
[2009.10.20 21:06:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2009.10.20 18:20:35 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\nHancer
[2009.10.20 18:20:29 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA
[2009.10.18 18:46:35 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2142
[2009.10.18 01:46:15 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\PunkBuster
[2009.10.17 16:55:14 | 00,000,000 | ---D | C] -- C:\Program Files
[2009.10.17 16:17:51 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2
[2009.10.17 16:11:49 | 00,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2009.10.16 23:08:47 | 00,000,000 | ---D | C] -- C:\Programme\vghd
[2009.10.16 23:08:46 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\vghd
[2009.10.16 20:56:16 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Battlefield 2 Demo
[2009.10.16 20:44:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Temp
[2009.10.16 19:44:13 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2009.10.14 23:40:33 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Google
[2009.10.14 23:38:05 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
[2009.10.14 18:05:10 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2009.10.14 18:03:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Google
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\Google
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared
[2009.10.14 18:03:00 | 00,000,000 | ---D | C] -- C:\Programme\DivX
[2009.10.11 20:59:38 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Adobe
[2009.10.11 20:51:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
[2009.10.11 20:17:03 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared
[2009.10.11 20:09:17 | 00,000,000 | ---D | C] -- C:\Programme\PowerISO
[2009.10.09 20:21:06 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Desktop\youtube poop
[2009.10.09 20:06:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2009.10.09 20:06:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2009.10.09 20:06:16 | 00,000,000 | ---D | C] -- C:\Programme\Windows Media Components
[2009.10.09 20:01:10 | 00,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2009.10.09 19:58:04 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\DVDVideoSoft
[2009.10.09 19:58:01 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2009.10.09 19:58:01 | 00,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2009.10.09 19:49:17 | 00,000,000 | ---D | C] -- C:\Programme\AVI Codec Pack
[2009.10.09 19:49:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\quicktime
[2009.10.09 12:17:27 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Application Data
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
|
|
07.11.2009, 18:16
| #19 |
| | IE Explorer öffnet von selbst Werbung ! OTL.exe teil 3 Code:
ATTFilter [2009.11.07 18:05:36 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.07 18:05:01 | 00,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2009.11.07 18:04:40 | 00,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.11.07 18:04:32 | 00,258,887 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009.11.07 18:04:30 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009.11.07 18:04:25 | 00,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.11.07 18:04:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.07 18:04:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.07 18:03:36 | 04,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Oliver\NTUSER.DAT
[2009.11.07 17:56:29 | 00,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.07 17:49:00 | 00,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.11.07 17:26:30 | 00,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Oliver\ntuser.ini
[2009.11.06 22:00:51 | 00,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\HijackThis.lnk
[2009.11.06 21:04:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009.11.05 21:39:52 | 00,138,936 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.11.05 21:39:38 | 00,214,504 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.11.05 21:39:38 | 00,214,504 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.11.04 13:35:34 | 00,000,614 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Runes of Magic.lnk
[2009.11.03 22:20:32 | 00,001,636 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\nHancer.lnk
[2009.11.02 00:47:12 | 00,462,984 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.02 00:47:12 | 00,444,168 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.02 00:47:12 | 00,085,864 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.02 00:47:12 | 00,072,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.02 00:22:13 | 01,077,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.29 18:06:14 | 00,296,518 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Special_Forces_(BF2).jpg
[2009.10.29 18:06:04 | 00,306,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Modern_Combat.jpg
[2009.10.28 13:08:05 | 00,155,379 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\bbb_wallpaper.jpg
[2009.10.27 20:24:36 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.10.27 16:42:27 | 00,001,815 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 SF jetzt online spielen!.lnk
[2009.10.27 16:42:27 | 00,001,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2009.10.27 16:31:23 | 00,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 jetzt online spielen!.lnk
[2009.10.27 16:31:23 | 00,001,687 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2.lnk
[2009.10.26 18:54:50 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.26 18:53:09 | 00,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.26 12:05:05 | 00,000,813 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2009.10.25 22:00:18 | 00,000,547 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Pro.lnk
[2009.10.25 21:54:17 | 00,722,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.25 13:38:36 | 03,932,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter Bear Kill.bmp
[2009.10.25 13:36:40 | 00,001,515 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Paint.lnk
[2009.10.25 01:26:39 | 00,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter - The 2005 Season.lnk
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.22 10:16:22 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009.10.20 18:49:50 | 00,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steam.lnk
[2009.10.19 11:46:44 | 00,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.10.18 19:08:40 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.10.16 23:08:50 | 00,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
[2009.10.16 23:08:47 | 00,152,904 | ---- | M] () -- C:\WINDOWS\System32\vghd.scr
[2009.10.16 01:22:47 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.16 01:22:12 | 00,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009.10.14 17:59:22 | 00,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2009.10.13 12:59:35 | 00,001,478 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vanguard.lnk
[2009.10.12 22:17:14 | 00,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Zombie Panic! Source.lnk
[2009.10.12 22:15:41 | 00,000,693 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\FALLOUT 3.lnk
[2009.10.12 19:57:33 | 00,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Half-Life 2 Deathmatch.lnk
[2009.10.12 17:45:59 | 11,008,9755 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Crysis - Amazonian River (GTX-260).wmv
[2009.10.12 02:05:12 | 01,535,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.11 23:34:17 | 04,800,893 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Safri Duo - Played a.mp3
[2009.10.11 20:59:35 | 00,064,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.10.11 20:23:37 | 00,000,888 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Adobe After Effects CS3.lnk
[2009.10.11 20:09:18 | 00,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerISO.lnk
[2009.10.08 22:55:47 | 00,022,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PnkBstrK.sys
[2009.10.08 22:55:31 | 00,669,184 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009.10.08 22:55:09 | 00,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Crysis.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009.11.07 17:56:29 | 00,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.06 22:00:51 | 00,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\HijackThis.lnk
[2009.10.31 05:28:42 | 00,000,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Runes of Magic.lnk
[2009.10.29 18:06:14 | 00,296,518 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Special_Forces_(BF2).jpg
[2009.10.29 18:06:03 | 00,306,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Battlefield_2_-_Modern_Combat.jpg
[2009.10.28 13:08:04 | 00,155,379 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\bbb_wallpaper.jpg
[2009.10.27 16:42:27 | 00,001,815 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 SF jetzt online spielen!.lnk
[2009.10.27 16:42:27 | 00,001,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2 Special Forces.lnk
[2009.10.27 16:31:23 | 00,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\BF2 jetzt online spielen!.lnk
[2009.10.27 16:31:23 | 00,001,687 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Battlefield 2.lnk
[2009.10.26 12:05:05 | 00,000,813 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tom Clancy's Rainbow Six Vegas.lnk
[2009.10.25 22:00:18 | 00,000,547 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DAEMON Tools Pro.lnk
[2009.10.25 21:54:17 | 00,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.25 13:37:14 | 03,932,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter Bear Kill.bmp
[2009.10.25 01:26:39 | 00,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Deer Hunter - The 2005 Season.lnk
[2009.10.19 11:46:44 | 00,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2009.10.18 19:10:39 | 00,214,504 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009.10.16 23:08:50 | 00,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
[2009.10.16 23:08:50 | 00,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009.10.16 23:08:47 | 00,152,904 | ---- | C] () -- C:\WINDOWS\System32\vghd.scr
[2009.10.16 01:22:12 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.10.14 23:39:44 | 00,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009.10.14 23:39:43 | 00,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009.10.14 23:38:04 | 00,001,014 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009.10.12 22:17:14 | 00,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Zombie Panic! Source.lnk
[2009.10.12 19:57:33 | 00,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Half-Life 2 Deathmatch.lnk
[2009.10.12 17:41:30 | 11,008,9755 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Crysis - Amazonian River (GTX-260).wmv
[2009.10.12 17:31:24 | 04,800,893 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Safri Duo - Played a.mp3
[2009.10.11 21:00:12 | 00,000,888 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Adobe After Effects CS3.lnk
[2009.10.11 20:09:18 | 00,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerISO.lnk
[2009.10.08 22:55:09 | 00,000,951 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Crysis.lnk
[2009.09.30 09:10:59 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.09.30 09:10:59 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.09.23 13:51:35 | 00,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.09.23 12:14:37 | 00,138,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.09.23 12:14:37 | 00,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PnkBstrK.sys
[2009.09.22 18:33:19 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2009.09.21 21:16:52 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.21 21:16:51 | 00,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.21 13:32:56 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2009.09.19 08:42:59 | 00,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.09.18 16:21:05 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2009.09.18 16:12:43 | 00,064,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.09.18 15:50:26 | 05,887,676 | -H-- | C] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.09.18 15:33:16 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\desktop.ini
[2009.08.07 18:51:34 | 00,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.07.03 04:11:18 | 00,007,274 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 13:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008.04.14 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2004.12.19 14:29:40 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.12.19 14:17:10 | 00,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003.02.20 16:53:42 | 00,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.06 19:42:56 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002.10.05 00:04:24 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002.10.05 00:04:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002.10.05 00:04:16 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.05.16 00:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >
|
|
07.11.2009, 18:17
| #20 |
| | IE Explorer öffnet von selbst Werbung ! Extras.txt teil 1 Code:
ATTFilter OTL Extras logfile created on: 07.11.2009 18:11:53 - Run 3
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97.65 Gb Total Space | 18.27 Gb Free Space | 18.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 147.39 Gb Total Space | 143.92 Gb Free Space | 97.65% Space Free | Partition Type: NTFS
Drive F: | 220.71 Gb Total Space | 178.74 Gb Free Space | 80.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PRIVAT-37334436
Current User Name: Oliver
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:Rainbow Six Port
"3074:TCP" = 3074:TCP:*:Enabled:Rainbow Six Port 2
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- File not found
"C:\Programme\devolo\easyshare\easyshare.exe" = C:\Programme\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare -- File not found
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- File not found
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Programme\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis Wars\Bin32\Crysis.exe:*:Enabled:Crysis -- (Crytek GmbH)
"C:\Programme\Electronic Arts\EADM\Core.exe" = C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\Steam\SteamApps\oli_94\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Dokumente und Einstellungen\Oliver\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Dokumente und Einstellungen\Oliver\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp -- File not found
"C:\Dokumente und Einstellungen\Oliver\Desktop\Crack\IDMan.exe" = C:\Dokumente und Einstellungen\Oliver\Desktop\Crack\IDMan.exe:*:Enabled:Internet Download Manager (IDM) -- File not found
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe" = C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Programme\Steam\SteamApps\oli_94\half-life 2 deathmatch\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\oli_94\zombie panic! source\hl2.exe" = C:\Programme\Steam\SteamApps\oli_94\zombie panic! source\hl2.exe:*:Enabled:hl2 -- ()
"F:\Programme\THQ\Frontlines-Fuel of War Demo\Binaries\FFOW-MPDemo.exe" = F:\Programme\THQ\Frontlines-Fuel of War Demo\Binaries\FFOW-MPDemo.exe:*:Enabled:Frontlines Game -- File not found
"F:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = F:\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"F:\Deer Hunter Tournament\DHT.exe" = F:\Deer Hunter Tournament\DHT.exe:*:Enabled:Deer Hunter Tournament -- (Southlogic Studios)
"F:\Deer Hunter Tournament\Updater.exe" = F:\Deer Hunter Tournament\Updater.exe:*:Enabled:Deer Hunter Tournament Current Updater -- (Southlogic Studios)
"F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe" = F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:*:Enabled:Rainbow Six Vegas Updater -- (Ubisoft)
"F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe" = F:\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:*:Enabled:Rainbow Six Vegas -- ()
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871.exe" = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871.exe:*:Enabled:YuLeech -- (Frogster Online Gaming GmbH)
"C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871(2).exe" = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\Downloads\FOGDownloader-RoM_2_1_0_1871(2).exe:*:Enabled:YuLeech -- (Frogster Online Gaming GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0316.1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A05B900-A3E7-11DE-A9B7-005056806466}" = Google Earth
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5731C0A8-B266-451A-8D3F-8066AA21836F}" = Tom Clancy's Rainbow Six Vegas
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A5DDFA1-9CD9-4351-84C5-CED839BE1031}" = Nero 7 Essentials
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D82276C5-AC9E-4F88-976E-E51140DC14D3}" = ICMC SP Mappack
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDA43C6E-C72A-40F4-9923-1208F6FF5604}" = nHancer
"A307D87020E39093FB889B1E539D33F93A41470A" = Windows Driver Package - ROCCAT (HidUsb) HIDClass (05/03/2008 1.00)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AVI Codec Pack" = AVI Codec Pack
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Deer Hunter Tournament_is1" = Deer Hunter Tournament
"Deer Hunter: The 2005 Season" = Deer Hunter: The 2005 Season
"Defraggler" = Defraggler (remove only)
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"EADM" = EA Download Manager
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EXPERTool_is1" = EXPERTool 7.5
"FlashGet" = FlashGet 1.9.6.1073
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Personal Backup_is1" = Personal Backup 4.3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Steam App 17500" = Zombie Panic! Source
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 500" = Left 4 Dead
"Uninstall_is1" = Uninstall 1.0.0.1
"vghd" = VirtuaGirl HD
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.82.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
|
|
07.11.2009, 18:19
| #21 |
| | IE Explorer öffnet von selbst Werbung ! Extras.txt teil 2 Code:
ATTFilter ========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2009 19:05:34 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung deer hunter tournament.exe, Version 1.0.0.1,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00010717.
Error - 25.10.2009 16:50:36 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
Error - 25.10.2009 16:50:45 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
Error - 25.10.2009 16:51:24 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung updater.exe, Version 1.0.0.1, fehlgeschlagenes
Modul updater.exe, Version 1.0.0.1, Fehleradresse 0x000078f1.
Error - 26.10.2009 10:36:09 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung r6vegas_game.exe, Version 0.0.0.0, fehlgeschlagenes
Modul r6vegas_game.exe, Version 0.0.0.0, Fehleradresse 0x00fae448.
Error - 26.10.2009 13:45:57 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fraps.exe, Version 2.9.8.7777, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x02c831d9.
Error - 27.10.2009 18:58:24 | Computer Name = PRIVAT-37334436 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung BF2.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.10.2009 18:59:05 | Computer Name = PRIVAT-37334436 | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 86725365.
Error - 30.10.2009 21:57:41 | Computer Name = PRIVAT-37334436 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul mshtml.dll, Version 8.0.6001.18828, Fehleradresse 0x00100620.
Error - 01.11.2009 19:47:12 | Computer Name = PRIVAT-37334436 | Source = LoadPerf | ID = 3001
Description = Der Wert für die Namenszeichenfolge im Leistungsindikator in der Registrierung
ist
falsch formatiert. Die ungültige Zeichenfolge ist 5596 und der ungültige Indexwert
ist das erste DWORD im Datenbereich, während die letzten gültigen Indexwerte die
zweiten und dritten DWORD im Datenbereich sind.
[ System Events ]
Error - 28.10.2009 17:29:28 | Computer Name = PRIVAT-37334436 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JASE-PC",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AD696ADC-66F9-400D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 02.11.2009 14:39:20 | Computer Name = PRIVAT-37334436 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JASE-PC",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AD696ADC-66F9-400D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
< End of report >
So das wars. Habe alle Anweisungen befolgt und hoffe auf Antwort und dass alle Viren zur Hölle gejagt wurden   Danke für deine Hilfe |
|
07.11.2009, 18:21
| #22 |
| | IE Explorer öffnet von selbst Werbung ! Hey leute...welch ein zufall ich suche nach meinem problem und finde den lösungsweg so zu sagen live^^ lieber helfer wenn es dir nichts ausmacht würde ich gerne auch meine logfiles hier hinein posten. bin auf den gleichen fortschritt wie _oeLuu_ |
|
07.11.2009, 18:30
| #23 |
| | IE Explorer öffnet von selbst Werbung ! so hier meine extras.txt teil1 Code:
ATTFilter OTL Extras logfile created on: 07.11.2009 18:23:40 - Run 2
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Ben\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 62,16% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,99 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive D: | 23,44 Gb Total Space | 20,83 Gb Free Space | 88,87% Space Free | Partition Type: NTFS
Drive E: | 88,34 Gb Total Space | 25,16 Gb Free Space | 28,48% Space Free | Partition Type: NTFS
Drive F: | 100,22 Gb Total Space | 55,57 Gb Free Space | 55,44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 102,47 Gb Total Space | 53,02 Gb Free Space | 51,74% Space Free | Partition Type: NTFS
Drive I: | 198,97 Gb Total Space | 62,43 Gb Free Space | 31,38% Space Free | Partition Type: NTFS
Drive J: | 201,62 Gb Total Space | 51,84 Gb Free Space | 25,71% Space Free | Partition Type: NTFS
Drive K: | 428,45 Gb Total Space | 65,78 Gb Free Space | 15,35% Space Free | Partition Type: NTFS
Computer Name: BEN-PC
Current User Name: Ben
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 9D 4E D2 D0 F7 2A CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{116219C1-1B3E-4B0F-996F-BDA8084950E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{43070BA2-BE28-4862-AAF8-B2B2BB80BF32}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{45ED1780-2A86-468A-9CC5-F9D1EBEAF30C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A71EAB4-4443-4B3A-8370-358927C86BCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F866BAA-DCAC-4540-AFEB-520B120C0EC5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{74F00BD9-0CEE-40FC-A377-7ADC679BEE09}" = lport=2869 | protocol=6 | dir=in | app=system |
"{82B059C6-2FD2-4712-86F8-DFF9355FB28A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8ABFD3B1-A2DC-4CFB-9C07-43F00469F68C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A7919D34-7EC9-4046-88BC-8FCE4C5B143E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A8F8C210-4B36-4A4C-AB45-AD68F786A09D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
|
|
07.11.2009, 18:31
| #24 |
| | IE Explorer öffnet von selbst Werbung ! extras.txt teil2 Code:
ATTFilter ========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A96B4F-12FA-403F-9946-A506137F157B}" = protocol=6 | dir=in | app=f:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{18E645DC-041B-4AE9-9591-FC0AA43B8974}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{18F86576-804A-4F4E-B9B6-C4D8801C1F05}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{19A30454-B6FA-48E9-A2B7-AE3561E6BD3B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{417D7F5A-FFBF-4E27-AAD9-4F43DB293234}" = protocol=17 | dir=in | app=c:\program files (x86)\daemon tools lite\daemon.exe |
"{7512C18D-8128-47E2-A568-1F5A869535DC}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{7F89A6E7-2F1C-473E-82EF-3B30EC9521E4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8903F76C-0C70-46CB-940A-1606BFF74793}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{946EB24B-D7EA-40E4-9713-591F3CD2E22A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9CAEA478-AAF8-4B46-BF0D-9336AF6DC4BE}" = protocol=6 | dir=in | app=c:\program files (x86)\daemon tools lite\daemon.exe |
"{9E191116-5CD4-42B8-BECC-314E2CC59047}" = protocol=17 | dir=in | app=f:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{A461B33D-CBA2-4980-972F-2A9B9DE9B69E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF51B270-049F-48F1-A89B-240B66CBE956}" = protocol=6 | dir=in | app=f:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{B29B42D0-84FB-4AA0-B058-8EA4E7674820}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CCF4AD88-5B7D-4F98-B139-92B8D5F09D51}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{CF96B89E-AFD1-4447-98A9-2151D16FAFB0}" = protocol=17 | dir=in | app=f:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{F0F5DD04-70D5-4E52-A2A7-79B8C7CFEC3C}" = protocol=6 | dir=in | app=f:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{F2E15CA0-0944-460C-8B64-0858DFBEC9CF}" = protocol=17 | dir=in | app=f:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"TCP Query User{30319CC6-5D0D-4D10-BABA-637A436FA847}F:\program files (x86)\free download manager\fdm.exe" = protocol=6 | dir=in | app=f:\program files (x86)\free download manager\fdm.exe |
"TCP Query User{3590E82C-4E6F-453A-8548-CCE391BC364D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{469C9746-1C34-4BAD-A41F-89A74CBFB861}F:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=f:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{952254B4-DD17-4E6B-B428-0A42C791F21C}C:\program files (x86)\steam\steamapps\criticalmaster\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\criticalmaster\insurgency\hl2.exe |
"TCP Query User{BA6975BC-F8DF-4E0B-BD1F-9E3DC88A22E7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{1632AAAB-B68C-4A65-A6EB-2BF951192445}C:\program files (x86)\steam\steamapps\criticalmaster\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\criticalmaster\insurgency\hl2.exe |
"UDP Query User{73EE9AD7-034E-4B94-8F19-922D36D71084}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{CB6E1B8E-32AB-450C-A576-9FEA748EED66}F:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=f:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{D32E320C-A5B5-4C2C-BFC7-73D1FD36031E}F:\program files (x86)\free download manager\fdm.exe" = protocol=17 | dir=in | app=f:\program files (x86)\free download manager\fdm.exe |
"UDP Query User{F2D87873-D471-4775-A93A-2B8F57D359E7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.1
"AVG8Uninstall" = AVG Free 8.5
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Download Manager_is1" = Free Download Manager 3.0
"Google Chrome" = Google Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ObjectDock" = ObjectDock
"Steam App 17700" = Insurgency
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dead pop way" = CiD Help
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2009 07:36:29 | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.11.2009 15:18:30 | Computer Name = Ben-PC | Source = Application Hang | ID = 1002
Description = Programm shift.exe, Version 1.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 118c Anfangszeit: 01ca5f15d4dd6f2a Zeitpunkt der Beendigung:
141
Error - 07.11.2009 04:23:17 | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2009 04:24:30 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2009 04:25:06 | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2009 07:27:07 | Computer Name = Ben-PC | Source = Application Hang | ID = 1002
Description = Programm shift.exe, Version 1.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 8e4 Anfangszeit: 01ca5f9d204bdfc4 Zeitpunkt der Beendigung:
98
Error - 07.11.2009 08:06:59 | Computer Name = Ben-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18828, Zeitstempel
0x4a9600c9, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03824,
Ausnahmecode 0xc0000374, Fehleroffset 0x000ab0bf, Prozess-ID 0x13b8, Anwendungsstartzeit
01ca5fa26b665043.
Error - 07.11.2009 08:19:08 | Computer Name = Ben-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\AVG\AVG8\avglvea.dll". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.11.2009 08:20:18 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.11.2009 12:50:29 | Computer Name = Ben-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 04.11.2009 10:21:19 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 04.11.2009 10:21:19 | Computer Name = Ben-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.11.2009 10:31:09 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 05.11.2009 10:13:03 | Computer Name = Ben-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
001966887980 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 05.11.2009 10:12:49 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 05.11.2009 12:03:28 | Computer Name = Ben-PC | Source = DCOM | ID = 10010
Description =
Error - 06.11.2009 07:32:48 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 07.11.2009 04:22:34 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 07.11.2009 08:18:24 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
Error - 07.11.2009 12:48:37 | Computer Name = Ben-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =
< End of report >
|
|
07.11.2009, 18:33
| #25 |
| | IE Explorer öffnet von selbst Werbung ! hier meine otl.txt teil 1 Code:
ATTFilter OTL logfile created on: 07.11.2009 18:23:40 - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Users\Ben\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18828) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 62,16% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 5,99 Gb Free Space | 12,26% Space Free | Partition Type: NTFS Drive D: | 23,44 Gb Total Space | 20,83 Gb Free Space | 88,87% Space Free | Partition Type: NTFS Drive E: | 88,34 Gb Total Space | 25,16 Gb Free Space | 28,48% Space Free | Partition Type: NTFS Drive F: | 100,22 Gb Total Space | 55,57 Gb Free Space | 55,44% Space Free | Partition Type: NTFS G: Drive not present or media not loaded Drive H: | 102,47 Gb Total Space | 53,02 Gb Free Space | 51,74% Space Free | Partition Type: NTFS Drive I: | 198,97 Gb Total Space | 62,43 Gb Free Space | 31,38% Space Free | Partition Type: NTFS Drive J: | 201,62 Gb Total Space | 51,84 Gb Free Space | 25,71% Space Free | Partition Type: NTFS Drive K: | 428,45 Gb Total Space | 65,78 Gb Free Space | 15,35% Space Free | Partition Type: NTFS Computer Name: BEN-PC Current User Name: Ben Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Ben\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\PROGRA~2\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\PROGRA~2\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) ========== Modules (SafeList) ========== MOD - C:\Users\Ben\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\atl.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vssapi.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\spp.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\authz.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\srclient.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\xmllite.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\vsstrace.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\fxssvc.exe (Microsoft Corporation) SRV:64bit: - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation) SRV - (Hamachi2Svc) -- F:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (gupdate1ca3a1d7794240a) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (avg8emc) -- C:\PROGRA~2\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd) -- C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (Bonjour Service) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\DRIVERS\fvevol.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (RTL85n64) -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys (Realtek) DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys (Microsoft Corporation) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys (Microsoft Corporation) DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys (Windows (R) Codename Longhorn DDK provider) DRV - (CSC) -- C:\Windows\CSC [2009.08.27 18:13:27 | 00,000,000 | ---D | M] DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 91 28 E6 A3 54 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.30 21:57:56 | 00,000,000 | ---D | M] O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (D) - {B32271B8-BD8E-30F8-906A-B6997B373872} - C:\Windows\SysWOW64\xwr35322.dll (Microsoft Corporation) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - f:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Base road long save] C:\ProgramData\Tick Regs Intra.u32 File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation) O4 - HKCU..\Run: [ExitStupid] C:\ProgramData\hide fork fork.bws File not found O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKCU..\Run: [RGSC] F:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - f:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\Windows\system32\ctfmon_ax.exe () O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found 64bit: O35 - comfile [open] -- "%1" %* File not found 64bit: O35 - exefile [open] -- "%1" %* File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found |
|
07.11.2009, 18:34
| #26 |
| | IE Explorer öffnet von selbst Werbung ! otl.txt teil2 Code:
ATTFilter ========== Files/Folders - Created Within 30 Days ========== [2009.11.07 18:06:22 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Malwarebytes [2009.11.07 18:06:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2009.11.07 18:06:18 | 00,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2009.11.07 18:06:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.07 18:06:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009.11.07 18:06:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2009.11.07 18:05:37 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ben\Desktop\mbam-setup.exe [2009.11.07 17:16:21 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe [2009.11.04 15:25:35 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll [2009.11.04 15:25:34 | 09,236,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll [2009.11.04 15:25:34 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb [2009.11.04 15:25:34 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb [2009.11.03 15:43:16 | 00,000,000 | ---D | C] -- C:\Programme\iPod [2009.11.03 15:43:15 | 00,000,000 | ---D | C] -- C:\Programme\iTunes [2009.11.03 15:43:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2009.10.30 22:08:46 | 00,000,000 | ---D | C] -- C:\ProgramData\File dvd base road [2009.10.30 22:08:46 | 00,000,000 | ---D | C] -- C:\ProgramData\File dvd base road [2009.10.30 22:08:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Biaspokememo [2009.10.30 22:08:28 | 00,000,000 | ---D | C] -- C:\ProgramData\Biaspokememo [2009.10.30 22:08:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ask Search Assistant [2009.10.30 19:47:11 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\DivX [2009.10.30 16:45:58 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr71.dll [2009.10.29 12:14:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2009.10.29 12:14:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2009.10.29 12:14:16 | 00,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2009.10.29 12:14:16 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2009.10.29 12:14:15 | 02,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2009.10.29 12:14:15 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2009.10.29 12:14:15 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2009.10.29 12:14:15 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2009.10.29 12:14:13 | 05,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2009.10.29 12:14:13 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2009.10.29 12:14:13 | 00,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2009.10.29 12:14:13 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2009.10.29 12:14:12 | 00,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2009.10.29 12:14:12 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2009.10.29 12:14:11 | 01,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2009.10.29 12:14:11 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2009.10.29 12:14:10 | 05,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2009.10.29 12:14:10 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2009.10.29 12:14:09 | 00,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2009.10.29 12:14:09 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2009.10.29 12:14:09 | 00,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2009.10.29 12:14:09 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2009.10.29 12:14:08 | 01,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2009.10.29 12:14:08 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2009.10.29 12:14:08 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2009.10.29 12:14:08 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2009.10.29 12:14:07 | 04,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2009.10.29 12:14:07 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2009.10.29 12:14:06 | 00,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2009.10.29 12:14:06 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2009.10.29 12:14:06 | 00,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2009.10.29 12:14:06 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2009.10.29 12:14:04 | 01,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2009.10.29 12:14:04 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2009.10.29 12:14:04 | 00,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2009.10.29 12:14:04 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2009.10.29 12:14:03 | 04,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2009.10.29 12:14:03 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2009.10.29 12:14:02 | 00,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2009.10.29 12:14:02 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2009.10.29 12:14:01 | 00,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2009.10.29 12:14:01 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2009.10.29 12:14:01 | 00,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2009.10.29 12:14:01 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2009.10.29 12:13:59 | 04,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2009.10.29 12:13:59 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2009.10.29 12:13:58 | 00,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2009.10.29 12:13:58 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2009.10.29 12:13:58 | 00,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2009.10.29 12:13:58 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2009.10.29 12:13:57 | 03,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2009.10.29 12:13:57 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2009.10.29 12:13:57 | 00,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2009.10.29 12:13:57 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2009.10.29 12:13:56 | 00,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2009.10.29 12:13:56 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2009.10.29 12:13:56 | 00,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2009.10.29 12:13:56 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2009.10.29 12:13:55 | 00,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2009.10.29 12:13:55 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2009.10.29 12:13:54 | 00,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2009.10.29 12:13:54 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2009.10.29 12:13:48 | 03,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2009.10.29 12:13:48 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2009.10.29 12:13:47 | 00,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2009.10.29 12:13:47 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2009.10.29 12:13:47 | 00,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2009.10.29 12:13:47 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2009.10.29 12:13:45 | 03,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2009.10.29 12:13:45 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2009.10.29 12:13:44 | 03,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2009.10.29 12:13:44 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2009.10.29 12:13:42 | 03,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2009.10.29 12:13:42 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2009.10.29 12:13:40 | 03,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2009.10.29 12:13:40 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2009.10.29 12:13:39 | 03,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2009.10.29 12:13:39 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2009.10.29 12:13:37 | 03,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2009.10.29 12:13:37 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2009.10.28 21:43:31 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll [2009.10.28 20:22:29 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2009.10.28 20:22:29 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2009.10.28 20:22:26 | 03,815,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll [2009.10.28 20:22:26 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll [2009.10.28 20:22:26 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll [2009.10.28 20:22:25 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll [2009.10.28 11:20:18 | 10,626,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2009.10.28 11:20:16 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unregmp2.exe [2009.10.28 11:20:16 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unregmp2.exe [2009.10.28 11:20:15 | 13,428,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2009.10.28 11:20:12 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2009.10.28 11:20:12 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2009.10.24 17:36:55 | 00,000,000 | RH-D | C] -- C:\Users\Ben\AppData\Roaming\SecuROM [2009.10.24 15:54:26 | 00,000,000 | ---D | C] -- C:\Users\Ben\Documents\Rockstar Games [2009.10.24 15:49:02 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Rockstar Games [2009.10.24 15:44:46 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2009.10.24 15:43:17 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2009.10.24 15:43:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2009.10.20 10:35:07 | 00,057,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2009.10.20 10:35:07 | 00,043,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2009.10.20 10:35:06 | 02,621,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2009.10.20 10:35:06 | 02,424,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll [2009.10.20 10:34:53 | 00,700,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2009.10.20 10:34:53 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2009.10.20 10:34:53 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2009.10.20 10:34:53 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2009.10.20 10:34:53 | 00,038,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2009.10.20 10:34:53 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2009.10.20 10:34:41 | 00,185,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2009.10.20 10:34:41 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2009.10.20 10:34:41 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2009.10.20 10:34:41 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2009.10.15 14:23:09 | 04,698,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2009.10.15 14:22:48 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL [2009.10.15 14:22:47 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL [2009.10.15 14:22:45 | 12,461,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll [2009.10.15 14:22:44 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll [2009.10.15 14:22:43 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2009.10.15 14:22:43 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll [2009.10.15 14:22:43 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll [2009.10.15 14:22:43 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2009.10.15 14:22:42 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2009.10.15 14:22:42 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll [2009.10.15 14:22:42 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2009.10.15 14:22:42 | 01,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2009.10.15 14:22:42 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2009.10.15 14:22:42 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2009.10.15 14:22:42 | 00,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2009.10.15 14:22:42 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2009.10.15 14:22:42 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2009.10.15 14:22:42 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2009.10.15 14:22:42 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2009.10.15 14:22:42 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2009.10.15 14:22:42 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2009.10.15 14:22:42 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2009.10.15 14:22:42 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2009.10.15 14:22:42 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2009.10.15 14:22:42 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2009.10.15 14:22:42 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2009.10.15 14:22:42 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2009.10.15 14:22:42 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2009.10.15 14:22:42 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2009.10.15 14:22:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2009.10.15 14:22:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2009.10.15 14:22:42 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2009.10.15 14:22:42 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2009.10.15 14:22:42 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2009.10.15 14:22:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2009.10.15 14:22:42 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2009.10.15 14:22:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2009.10.15 14:22:42 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2009.10.15 14:22:14 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msv1_0.dll [2009.10.15 14:22:14 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msv1_0.dll [2009.10.15 14:22:13 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys [2009.10.15 14:22:12 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2009.10.15 14:22:12 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msasn1.dll [2009.10.13 10:21:27 | 00,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2009.10.11 18:20:12 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\LogMeIn Hamachi [2009.10.11 16:07:44 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\AdobeUM [2009.10.11 16:07:39 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Adobe [2009.10.11 16:07:32 | 00,000,000 | ---D | C] -- C:\Users\Ben\Documents\My eBooks [2009.10.11 13:25:22 | 00,000,000 | ---D | C] -- C:\Users\Ben\Documents\BA [2009.10.11 13:16:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe [2009.10.11 13:16:11 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe [2009.10.11 13:16:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2009.10.10 12:13:40 | 00,000,000 | ---D | C] -- C:\Users\Ben\Documents\My Games [2009.10.10 12:13:39 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xwr35322.dll [2009.10.10 12:09:01 | 00,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Free Download Manager [2009.10.10 12:08:59 | 00,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2009.10.10 12:08:59 | 00,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG ---->KAMPF GEGEN DIE F***** VIREN<------  INTERESSANT IST AUCH: wenn ich auf den taskmanager gehe und dann auf prozesse sehe ich wie zwei mal die iexplorer.exe ausgeführt wird. wenn ich diesen prozess beenden möchte, startet er sofort wieder neu. Geändert von underware (07.11.2009 um 19:05 Uhr) |
|
07.11.2009, 19:05
| #27 |
| | IE Explorer öffnet von selbst Werbung ! und zu guter letzt otl.txt teil 3 Code:
ATTFilter ========== Files - Modified Within 30 Days ==========
[2009.11.07 18:23:28 | 02,621,440 | -HS- | M] () -- C:\Users\Ben\NTUSER.DAT
[2009.11.07 18:06:21 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.07 18:05:42 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ben\Desktop\mbam-setup.exe
[2009.11.07 17:53:20 | 01,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.11.07 17:53:20 | 00,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2009.11.07 17:53:20 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.11.07 17:53:20 | 00,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2009.11.07 17:53:20 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.11.07 17:53:00 | 00,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.11.07 17:49:16 | 00,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.11.07 17:49:00 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.07 17:49:00 | 00,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.07 17:48:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.07 17:48:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.07 17:47:07 | 00,524,288 | -HS- | M] () -- C:\Users\Ben\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2009.11.07 17:47:07 | 00,065,536 | -HS- | M] () -- C:\Users\Ben\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2009.11.07 17:47:00 | 03,461,679 | -H-- | M] () -- C:\Users\Ben\AppData\Local\IconCache.db
[2009.11.07 17:25:56 | 00,291,328 | ---- | M] () -- C:\Users\Ben\Desktop\f5gpgspy.exe
[2009.11.07 17:16:23 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2009.11.07 09:24:46 | 44,760,983 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009.11.06 12:35:40 | 00,086,225 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009.11.02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MpSigStub.exe
[2009.10.30 22:08:46 | 00,208,912 | ---- | M] () -- C:\ProgramData\Tick Regs Intra.u32mxq
[2009.10.30 22:08:46 | 00,208,912 | ---- | M] () -- C:\ProgramData\Tick Regs Intra.u32mxq
[2009.10.30 22:08:29 | 00,266,256 | ---- | M] () -- C:\ProgramData\hide fork fork.bwspk9
[2009.10.30 22:08:29 | 00,266,256 | ---- | M] () -- C:\ProgramData\hide fork fork.bwspk9
[2009.10.30 22:08:28 | 00,135,184 | ---- | M] () -- C:\ProgramData\hide fork fork.qv9j3
[2009.10.30 22:08:28 | 00,135,184 | ---- | M] () -- C:\ProgramData\hide fork fork.qv9j3
[2009.10.25 13:46:20 | 00,000,680 | ---- | M] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2009.10.24 15:44:46 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2009.10.22 03:14:52 | 09,236,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009.10.21 23:36:56 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009.10.21 11:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009.10.21 09:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009.10.20 16:38:44 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.10.20 13:46:00 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009.10.18 18:41:00 | 00,028,210 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\OFMissionEditorConfig.xml
[2009.10.18 16:29:54 | 00,284,295 | ---- | M] () -- C:\Users\Ben\Documents\editor flashpoint.mssn
[2009.10.10 12:13:39 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xwr35322.dll
========== Files Created - No Company Name ==========
[2009.11.07 18:06:21 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.07 17:25:56 | 00,291,328 | ---- | C] () -- C:\Users\Ben\Desktop\f5gpgspy.exe
[2009.10.30 22:08:46 | 00,208,912 | ---- | C] () -- C:\ProgramData\Tick Regs Intra.u32mxq
[2009.10.30 22:08:46 | 00,208,912 | ---- | C] () -- C:\ProgramData\Tick Regs Intra.u32mxq
[2009.10.30 22:08:29 | 00,266,256 | ---- | C] () -- C:\ProgramData\hide fork fork.bwspk9
[2009.10.30 22:08:29 | 00,266,256 | ---- | C] () -- C:\ProgramData\hide fork fork.bwspk9
[2009.10.30 22:08:28 | 00,135,184 | ---- | C] () -- C:\ProgramData\hide fork fork.qv9j3
[2009.10.30 22:08:28 | 00,135,184 | ---- | C] () -- C:\ProgramData\hide fork fork.qv9j3
[2009.10.25 13:46:20 | 00,000,680 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2009.10.20 16:38:44 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.10.18 16:29:53 | 00,284,295 | ---- | C] () -- C:\Users\Ben\Documents\editor flashpoint.mssn
[2009.10.11 18:17:09 | 00,028,210 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\OFMissionEditorConfig.xml
[2009.09.09 17:37:10 | 00,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.06 16:34:22 | 00,006,656 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.01 14:00:24 | 00,032,689 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.01 11:40:46 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.01 11:39:21 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.27 18:46:22 | 00,005,147 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.08.27 18:32:34 | 03,461,679 | -H-- | C] () -- C:\Users\Ben\AppData\Local\IconCache.db
[2009.08.27 18:31:23 | 00,048,600 | ---- | C] () -- C:\Users\Ben\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.27 18:30:57 | 00,000,732 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps64.dat
[2009.08.07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:49:10 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:24:55 | 00,000,174 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2006.11.02 16:06:34 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 16:06:34 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 16:06:34 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 16:06:34 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 13:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006.10.11 04:33:58 | 00,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
< End of report >
|
|
08.11.2009, 16:45
| #28 |
| /// Selecta Jahrusso   | IE Explorer öffnet von selbst Werbung ! _oeluu_ Wo ist die malwarbytes logfile.  schritt 1
schritt 2 Schliesse bitte alle laufenden Programme inkl Browser. Lösche bitte die Extra.txt von Deinem Desktop. Doppelklick auf die OTL.exe und poste beide Logfiles.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu IE Explorer öffnet von selbst Werbung ! |
| antivir, antivir guard, avira, bho, bonjour, desktop, excel, firefox, gainward, gigabyte, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, ie explorer, internet, internet explorer, limewire, logfile, mozilla, object, plug-in, problem, software, system, viren, von selbst, werbung, windows, windows xp |
Linear-Darstellung
