Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
IE-Explorer öffnet sich ungefragt! Hier die Logfile...

IE-Explorer öffnet sich ungefragt! Hier die Logfile...


Log-Analyse und Auswertung: IE-Explorer öffnet sich ungefragt! Hier die Logfile...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.06.2010, 16:05   #3
Magics
 
IE-Explorer öffnet sich ungefragt! Hier die Logfile... - Standard

IE-Explorer öffnet sich ungefragt! Hier die Logfile...


Vielen Dank für die schnelle Hilfestellung!

Habe alles gemacht.

Kleiner Hinweis noch:
Ich habe vor Ausführen der Scan-Programme den gesamten Internetcache gelöscht sowie Spybot und Antivir laufen lassen. Ich sehe aber beim Überfliegen der LogDateien, dass irgendwelche Hostprozesse von dubiosen Websites ausgeführt worden sind! Ich bin entsetzt! Ich hoffe ihr Profis könnt mir ein bisschen was dazu erzählen.

Hier der Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4167

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.06.2010 16:44:15
mbam-log-2010-06-03 (16-44-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123900
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\cleansweep.exe (Trojan.Agent) -> No action taken.

Infizierte Dateien:
C:\Users\Magics\AppData\Local\Temp\Mhv.exe (Trojan.Fraudpack) -> No action taken.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> No action taken.
C:\Users\Magics\AppData\Local\Temp\0.7223901981475723.exe (Trojan.Dropper) -> No action taken.
C:\Users\Magics\AppData\Local\Temp\0.272379808187436.exe (Trojan.Dropper) -> No action taken.

Hier die beiden von dem OTL-Scan

OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.06.2010 16:42:14 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Magics\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 29,74 Gb Free Space | 6,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGICS-PC
Current User Name: Magics
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Magics\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Magics\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 AD 4B EC 47 AB CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.17 22:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 22:30:36 | 000,000,000 | ---D | M]
 
[2010.02.11 21:05:50 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Extensions
[2010.06.02 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions
[2010.04.04 20:38:28 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.21 23:14:12 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\battlefieldheroespatcher@ea.com
[2010.02.16 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\Magics\AppData\Roaming\mozilla\Firefox\Profiles\xbwwhz09.default\extensions\DTToolbar@toolbarnet.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\Mozilla\FireFox\Profiles\xbwwhz09.default\searchplugins\conduit.xml
[2010.02.16 21:30:00 | 000,002,055 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\Mozilla\FireFox\Profiles\xbwwhz09.default\searchplugins\daemon-search.xml
[2010.05.27 13:04:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.03 14:12:50 | 000,403,758 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 13963 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Halo2] C:\Users\Magics\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell - "" = AutoRun
O33 - MountPoints2\{118227ce-1b34-11df-95cc-00040efb018f}\Shell\AutoRun\command - "" = E:\StartUp.exe -- File not found
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ecdea2-1738-11df-829e-6cf049010c3c}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.03 16:38:58 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\Malwarebytes
[2010.06.03 16:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.03 16:38:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.03 16:38:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 16:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.03 14:00:24 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.06.03 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.03 12:46:05 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.01 19:04:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\BlackMirror2
[2010.06.01 17:37:44 | 000,000,000 | ---D | C] -- C:\Programme\Black Mirror 2
[2010.05.30 14:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010.05.30 14:05:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Microsoft Games
[2010.05.29 21:06:49 | 000,000,000 | -H-D | C] -- C:\Users\Magics\Documents\Runes of Magic
[2010.05.29 20:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Runes of Magic
[2010.05.27 20:16:20 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\FOG Downloader
[2010.05.27 20:16:15 | 000,000,000 | ---D | C] -- C:\RoM
[2010.05.27 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Magics\Neuer Ordner
[2010.05.27 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\MeinSpore-Kreationen
[2010.05.27 15:30:11 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\SPORE
[2010.05.27 15:27:57 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.05.26 01:37:45 | 000,000,000 | ---D | C] -- C:\Spiele
[2010.05.26 00:54:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010.05.26 00:45:28 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\EA Games
[2010.05.22 15:17:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\My Games
[2010.05.22 14:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Firaxis Games
[2010.05.21 23:56:42 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\Battlefield Heroes
[2010.05.19 12:12:48 | 000,000,000 | ---D | C] -- C:\Programme\ASIO4ALL v2
[2010.05.18 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\Filme
[2010.05.17 22:30:17 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.17 22:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.17 22:29:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.17 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\Apple
[2010.05.17 22:29:45 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.17 22:29:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.16 18:47:10 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.05.15 23:09:30 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\4A Games
[2010.05.15 23:06:12 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Local\4A Games
[2010.05.15 23:02:42 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.05.15 23:02:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.05.15 23:02:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.05.15 23:02:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.05.15 23:02:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.05.15 21:52:02 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.05.15 20:50:32 | 000,000,000 | ---D | C] -- C:\Programme\METRO 2033
[2010.05.11 19:59:07 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\Populous Reincarnated
[2010.05.11 19:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Populous Reincarnated
[2010.05.11 19:59:02 | 000,000,000 | ---D | C] -- C:\Programme\Populous Reincarnated
[2010.05.11 19:57:45 | 000,132,096 | ---- | C] (Electronic Arts) -- C:\Windows\System32\EAEXEC.EXE
[2010.05.11 19:56:58 | 000,000,000 | ---D | C] -- C:\Programme\bullfrog
[2010.05.11 19:14:26 | 000,000,000 | ---D | C] -- C:\POP3.CD
[2010.05.11 18:44:09 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.05.11 18:44:09 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx7vb.dll
[2010.05.11 18:44:09 | 000,366,080 | ---- | C] (JB) -- C:\Windows\System32\vbskfr2.ocx
[2010.05.11 18:44:09 | 000,311,296 | ---- | C] (Puma Computer Systems, LLC.) -- C:\Windows\System32\puma lcd simulator v7.ocx
[2010.05.11 18:44:09 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comct232.ocx
[2010.05.11 18:44:09 | 000,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Windows\System32\fmod.dll
[2010.05.11 18:44:09 | 000,151,552 | ---- | C] (xFX JumpStart®) -- C:\Windows\System32\dxvumeter3.ocx
[2010.05.11 18:44:09 | 000,069,632 | ---- | C] (Andrew Keat, aktools@ihug.co.nz, hxxp://aktools.rentmaster.co.nz) -- C:\Windows\System32\webupdate.ocx
[2010.05.11 18:44:09 | 000,040,960 | ---- | C] (Andrew Keat, aktools@ihug.co.nz, hxxp://aktools.rentmaster.co.nz) -- C:\Windows\System32\akprogressbar.ocx
[2010.05.11 18:44:09 | 000,040,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsetup.dll
[2010.05.11 18:44:09 | 000,035,840 | ---- | C] (xFX JumpStart) -- C:\Windows\System32\xfxslider.ocx
[2010.05.11 18:44:09 | 000,024,576 | ---- | C] (VBSmart) -- C:\Windows\System32\smartsubclass.dll
[2010.05.11 18:44:07 | 000,000,000 | ---D | C] -- C:\Programme\Atmosphere Lite
[2010.05.10 20:32:19 | 000,000,000 | ---D | C] -- C:\Users\Magics\Documents\DIE SIEDLER - Aufstieg eines Königreichs
[2010.05.09 21:43:34 | 000,000,000 | ---D | C] -- C:\Users\Magics\AppData\Roaming\dvdcss
[2010.05.05 19:59:27 | 000,000,000 | ---D | C] -- C:\Programme\SEGA
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.03 16:42:34 | 000,022,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.03 16:42:34 | 000,022,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.03 16:39:55 | 006,291,456 | -HS- | M] () -- C:\Users\Magics\ntuser.dat
[2010.06.03 16:38:55 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 16:35:28 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2010.06.03 16:35:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.03 16:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.03 16:35:13 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.03 15:43:36 | 010,072,960 | -H-- | M] () -- C:\Users\Magics\AppData\Local\IconCache.db
[2010.06.03 14:01:53 | 000,001,220 | ---- | M] () -- C:\Users\Magics\Desktop\Spybot - Search & Destroy.lnk
[2010.06.03 12:46:05 | 000,002,969 | ---- | M] () -- C:\Users\Magics\Desktop\HiJackThis.lnk
[2010.06.03 00:09:19 | 000,057,918 | ---- | M] () -- C:\Users\Magics\Desktop\ct7.jpg
[2010.06.02 14:02:57 | 001,501,000 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.02 14:02:57 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.02 14:02:57 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.02 14:02:57 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.02 14:02:57 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.02 13:58:53 | 000,323,384 | ---- | M] () -- C:\Users\Magics\Desktop\b.htm
[2010.06.01 17:45:52 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk
[2010.05.27 21:49:00 | 000,001,734 | ---- | M] () -- C:\Users\Magics\Desktop\SporeApp - Verknüpfung.lnk
[2010.05.26 02:28:33 | 000,524,288 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000002.regtrans-ms
[2010.05.26 02:28:33 | 000,524,288 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 02:28:33 | 000,065,536 | -HS- | M] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TM.blf
[2010.05.22 14:39:34 | 000,001,286 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2010.05.22 00:00:31 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.22 00:00:07 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.21 23:29:42 | 000,138,056 | ---- | M] () -- C:\Users\Magics\AppData\Roaming\PnkBstrK.sys
[2010.05.21 23:29:11 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.16 18:47:13 | 000,001,867 | ---- | M] () -- C:\Users\Magics\Desktop\Defraggler.lnk
[2010.05.16 18:44:52 | 000,003,742 | ---- | M] () -- C:\Users\Magics\Documents\cc_20100516_184449.reg
[2010.05.16 15:28:43 | 000,016,111 | ---- | M] () -- C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml
[2010.05.11 19:59:03 | 000,001,215 | ---- | M] () -- C:\Users\Magics\Desktop\Populous MatchMaker.lnk
[2010.05.11 19:57:52 | 000,001,100 | ---- | M] () -- C:\Users\Magics\Desktop\Populous Menu.lnk
[2010.05.11 19:57:45 | 000,132,096 | ---- | M] (Electronic Arts) -- C:\Windows\System32\EAEXEC.EXE
[2010.05.11 19:57:45 | 000,024,576 | ---- | M] () -- C:\Windows\System32\EALTEST.EXE
[2010.05.09 21:19:36 | 002,248,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.09 14:14:15 | 000,075,528 | ---- | M] () -- C:\Users\Magics\AppData\Local\GDIPFONTCACHEV1.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.03 16:38:55 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.03 14:01:53 | 000,001,220 | ---- | C] () -- C:\Users\Magics\Desktop\Spybot - Search & Destroy.lnk
[2010.06.03 12:46:05 | 000,002,969 | ---- | C] () -- C:\Users\Magics\Desktop\HiJackThis.lnk
[2010.06.03 00:09:17 | 000,057,918 | ---- | C] () -- C:\Users\Magics\Desktop\ct7.jpg
[2010.06.02 13:58:52 | 000,323,384 | ---- | C] () -- C:\Users\Magics\Desktop\U.htm
[2010.06.01 17:45:52 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Black Mirror 2.lnk
[2010.05.27 21:49:00 | 000,001,734 | ---- | C] () -- C:\Users\Magics\Desktop\SporeApp - Verknüpfung.lnk
[2010.05.26 01:31:12 | 000,524,288 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000002.regtrans-ms
[2010.05.26 01:31:12 | 000,524,288 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TMContainer00000000000000000001.regtrans-ms
[2010.05.26 01:31:12 | 000,065,536 | -HS- | C] () -- C:\Users\Magics\ntuser.dat{c15f8123-6853-11df-8739-00040efb018f}.TM.blf
[2010.05.26 00:16:08 | 3515,154,431 | ---- | C] () -- C:\Users\Magics\Desktop\Sims2-eXtreme_v1.01.iso
[2010.05.22 14:28:12 | 000,001,286 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Civilization 4 starten.lnk
[2010.05.22 00:00:07 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.21 23:29:11 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.05.16 18:47:13 | 000,001,867 | ---- | C] () -- C:\Users\Magics\Desktop\Defraggler.lnk
[2010.05.16 18:44:51 | 000,003,742 | ---- | C] () -- C:\Users\Magics\Documents\cc_20100516_184449.reg
[2010.05.16 15:28:42 | 000,016,111 | ---- | C] () -- C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml
[2010.05.11 19:59:03 | 000,001,215 | ---- | C] () -- C:\Users\Magics\Desktop\Populous MatchMaker.lnk
[2010.05.11 19:57:52 | 000,001,100 | ---- | C] () -- C:\Users\Magics\Desktop\Populous Menu.lnk
[2010.05.11 19:57:45 | 000,024,576 | ---- | C] () -- C:\Windows\System32\EALTEST.EXE
[2010.02.16 22:02:18 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.16 22:02:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.16 21:29:46 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.13 23:25:50 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.13 21:26:02 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.02.11 19:34:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.02.11 19:30:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 936 bytes -> C:\Users\Magics\Documents\Re_ Potwierdzenie zamówienia (kopia) DE.eml:OECustomProperty
< End of report >
--- --- ---
Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2010 16:42:14 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Magics\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 29,74 Gb Free Space | 6,38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGICS-PC
Current User Name: Magics
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1 
"{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light
"{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut 2
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97EA42A5-3FAB-4948-B74D-F3C44B13F5CE}" = Crysis WARHEAD(R) Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1A9A33E-F1E5-FBF4-8D72-E90BEAC7108A}" = HydraVision
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C982FAE0-9E75-0BB0-933D-69046512C216}" = ATI AVIVO Codecs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9D5C97D-2FDD-4FE0-A4D6-551C5E6F430D}" = bhv Multimedia Führerschein und Verkehr 2009
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ASIO4ALL" = ASIO4ALL
"Atmosphere Lite_is1" = Atmosphere Lite v6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Black Mirror 2_is1" = Black Mirror 2
"BTmod" = Oblivion - BTmod 2.20
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis WARHEAD(R) Patch" = Crysis WARHEAD(R) Patch
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler
"Drakensang_is1" = Drakensang
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hydrogen" = Hydrogen
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Populous MatchMaker" = Populous MatchMaker
"Power Tab Editor 1.7" = Power Tab Editor 1.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Riding Star 3" = Riding Star 3
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 500" = Left 4 Dead
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"UltraISO_is1" = UltraISO Premium V8.65
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"X3TerranConflict_is1" = X3 Terran Conflict v2.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.05.2010 09:33:40 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.150.3, Zeitstempel:
 0x4a6ad1a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x17161514  ID des fehlerhaften Prozesses:
 0x164c  Startzeit der fehlerhaften Anwendung: 0x01cafda136c5a854  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 7595b882-6994-11df-98ed-00040efb018f
 
Error - 27.05.2010 13:58:06 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.05.2010 14:47:32 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.05.2010 17:26:16 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SporeApp.exe, Version: 1.1.0.338,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: SporeApp.exe, Version: 1.1.0.338,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00faf4c4  ID des fehlerhaften
 Prozesses: 0x17cc  Startzeit der fehlerhaften Anwendung: 0x01cafdd5a7e010a4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Electronic Arts\SPORE\Sporebin\SporeApp.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Electronic Arts\SPORE\Sporebin\SporeApp.exe
Berichtskennung:
 7afa5745-69d6-11df-8695-00040efb018f
 
Error - 29.05.2010 13:10:35 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.05.2010 07:52:05 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 12.0.0.49974,
 Zeitstempel: 0x4475d140  Name des fehlerhaften Moduls: ISRT.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x446a0c9c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x034c3bf0
ID
 des fehlerhaften Prozesses: 0x1b8  Startzeit der fehlerhaften Anwendung: 0x01caffed259bd607
Pfad
 der fehlerhaften Anwendung: D:\setup.exe  Pfad des fehlerhaften Moduls: ISRT.dll  Berichtskennung:
 c3e9c283-6be1-11df-9730-00040efb018f
 
Error - 31.05.2010 11:28:14 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.06.2010 10:39:28 | Computer Name = Magics-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
 Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.06.2010 17:18:41 | Computer Name = Magics-PC | Source = Application Hang | ID = 1002
Description = Programm ccleaner.exe, Version 2.28.0.1091 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: af0    Startzeit: 
01cb0298ec11d5f1    Endzeit: 3    Anwendungspfad: C:\Program Files\CCleaner\ccleaner.exe

Berichts-ID:
 6738a4ed-6e8c-11df-8ad1-00040efb018f  
 
Error - 03.06.2010 07:39:31 | Computer Name = Magics-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0.272379808187436.exe, Version: 0.0.0.0,
 Zeitstempel: 0x499d3f6e  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x13ec  Startzeit der fehlerhaften Anwendung: 0x01cb03116d0164c0  Pfad der
 fehlerhaften Anwendung: C:\Users\Magics\AppData\Local\Temp\0.272379808187436.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: ac1a17be-6f04-11df-a230-00040efb018f
 
[ System Events ]
Error - 27.05.2010 09:36:25 | Computer Name = Magics-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?05.?2010 um 15:34:49 unerwartet heruntergefahren.
 
Error - 27.05.2010 10:05:14 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.05.2010 10:05:52 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.05.2010 09:53:25 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.05.2010 12:52:18 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.06.2010 07:31:56 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.06.2010 17:49:01 | Computer Name = Magics-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.06.2010 06:38:13 | Computer Name = MAGICS-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 03.06.2010 06:42:03 | Computer Name = Magics-PC | Source = bowser | ID = 8003
Description = 
 
Error - 03.06.2010 07:14:58 | Computer Name = Magics-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
--- --- ---


Weiterhin möchte ich anmerken, dass bei mir plötzlich eine Fehlermeldung nach dem Systemstart auftaucht. Angeblich wird die Datei "sshnas21.dll" im Userprofil Ordner nicht gefunden.

Grüße
Magics
__________________
Geändert von Magics (03.06.2010 um 16:12 Uhr)

 

Themen zu IE-Explorer öffnet sich ungefragt! Hier die Logfile...
adobe, alle 10 minuten, antivir, antivir guard, avg, avira, betriebssystem windows 7, bho, black, cleansweep.exe, desktop, firefox, hijack, hijackthis, home, ieframe.dll, internet explorer, local\temp, logfile, mozilla, netzwerk, object, plug-in, realtek, rundll, senden, software, stick, temp, tippen, trojaner, viren, windows, windows 7 home


« GUI-Probleme, IE-Abstürze, Freezes - aber nichts im HJT-Log, oder doch? | Dauerndes Klick Geräusch »


Ähnliche Themen: IE-Explorer öffnet sich ungefragt! Hier die Logfile...


  1. neues Fenster und Werbung öffnet sich in Chrome ungefragt
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (41)
  2. Nation Zoom öffnet sich ungefragt in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 04.01.2014 (12)
  3. Trojanerbefall (IE öffnet sich ungefragt, Firefox läd Spiele runter)
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (4)
  4. Windows 7: IE öffnet sich mehrmals ungefragt (Delta Search -> bösartig)
    Log-Analyse und Auswertung - 29.08.2013 (7)
  5. Webseite bizcoaching öffnet sich ständig ungefragt
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (38)
  6. Internetexplorer öffnet sich ungefragt, Trojaner wird vermutet.
    Plagegeister aller Art und deren Bekämpfung - 27.02.2011 (23)
  7. Internet Explorer öffnet sich von selbst HiJack Logfile
    Log-Analyse und Auswertung - 10.11.2010 (1)
  8. IE öffnet ungefragt / Ton schaltetet sich ab
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (8)
  9. Internet Explorer öffnet von selbst und ungefragt
    Plagegeister aller Art und deren Bekämpfung - 25.06.2010 (23)
  10. Explorer öffnet ständig seiten -> hier HiJack Protokoll
    Log-Analyse und Auswertung - 09.06.2010 (8)
  11. Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 09.05.2010 (64)
  12. HILFE: Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.05.2010 (6)
  13. Inet-Explorer öffnet sich selbstänig, Bitte Logfile auswerten
    Log-Analyse und Auswertung - 06.10.2009 (12)
  14. prunnet.exe >> IE öffnet sich ungefragt
    Log-Analyse und Auswertung - 11.01.2009 (10)
  15. Internet Explorer öffnet sich automatisch - HiJackThis Logfile
    Log-Analyse und Auswertung - 08.08.2007 (1)
  16. Internetexplorer öffnet von selbst. Hier der LogFile. Bitte helft mir :-(
    Mülltonne - 05.06.2007 (1)
  17. Explorer öffnet automatisch hier mein Logfile
    Log-Analyse und Auswertung - 08.03.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema IE-Explorer öffnet sich ungefragt! Hier die Logfile... - Vielen Dank für die schnelle Hilfestellung! Habe alles gemacht. Kleiner Hinweis noch: Ich habe vor Ausführen der Scan-Programme den gesamten Internetcache gelöscht sowie Spybot und Antivir laufen lassen. Ich sehe - IE-Explorer öffnet sich ungefragt! Hier die Logfile......
Archiv
Du betrachtest: IE-Explorer öffnet sich ungefragt! Hier die Logfile... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131