| |
| |||||||
Log-Analyse und Auswertung: OTL file auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.06.2010, 02:47
| #1 |
 |  OTL file auswerten Hi könnte jemand mal bitte dieses OTL file auswerten. Würde mich sehr freuen. vielen Danke schon mal OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.06.2010 21:36:53 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Moritz_2\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,94 Gb Total Space | 387,34 Gb Free Space | 85,33% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MORITZ-LAPTOP Current User Name: Moritz Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.26 21:33:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz_2\Downloads\OTL.exe PRC - [2010.06.02 01:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Moritz_2\AppData\Local\Google\Chrome\Application\chrome.exe PRC - [2010.04.06 12:59:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.11.19 17:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe PRC - [2009.11.01 19:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.08.28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe PRC - [2009.08.20 21:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.07.03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.06.04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2008.11.14 14:35:28 | 001,453,992 | R--- | M] (Take-Two Interactive Software, Inc.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe ========== Modules (SafeList) ========== MOD - [2010.06.26 21:33:44 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Moritz_2\Downloads\OTL.exe MOD - [2009.07.13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009.07.13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.01 09:11:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2010.04.17 13:01:43 | 000,607,048 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.06 12:59:29 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.04.01 09:16:50 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.04.01 09:11:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.03.21 01:10:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.09.30 13:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.08.28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.08.25 13:38:06 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.20 21:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.07.17 16:20:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS) SRV - [2009.07.13 23:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) SRV - [2009.07.13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds) SRV - [2009.07.03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.12.08 14:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:64bit: - [2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.09.18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.15 16:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R) DRV:64bit: - [2009.08.21 17:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.08.11 12:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.07.13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.02 07:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.07.02 07:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.02 07:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.02 07:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.20 08:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009.06.10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.05.05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 15:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2009.04.08 10:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.10.14 06:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.06.10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) DRV - [2009.06.10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip) DRV - [2009.03.26 15:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj65&r=27360310i4b6l03h0z185f48k1u695 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2009.06.10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7EED9A13-A696-46E3-8888-09CDE606B3D1} hxxp://www.sat1.de/service/podcasts/sony_walkman/videoDL.cab (CDownloader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.06.24 19:35:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.24 19:34:49 | 000,000,000 | ---D | C] -- C:\e25677745c39d3bc83f661 [2010.06.24 11:17:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KaloMa [2010.05.30 12:22:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2010.05.30 12:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2010.05.30 12:21:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.05.30 12:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.05.30 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Apple [2010.05.30 12:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.05.25 22:14:29 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\Rockstar Games [2010.05.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Rockstar Games [2010.05.18 21:38:13 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.05.17 23:23:16 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Avira [2010.05.17 23:19:31 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.05.17 23:19:31 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.05.17 23:19:31 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.05.17 23:19:31 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.05.17 23:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.17 23:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.05.16 23:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.05.10 17:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack [2010.05.10 17:40:24 | 000,000,000 | ---D | C] -- C:\Users\Moritz\Documents\gothic3 [2010.05.09 22:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RapidSolution [2010.05.09 22:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution [2010.05.09 22:33:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\RapidSolution [2010.05.09 21:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.05.01 22:03:12 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Local\Microsoft Games [2010.04.28 23:29:44 | 000,037,480 | ---- | C] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys [2010.04.20 15:33:04 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\TheLastRipper [2010.04.19 18:02:40 | 000,000,000 | ---D | C] -- C:\Downloads [2010.04.19 18:02:20 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Orbit [2010.04.18 22:08:12 | 000,000,000 | ---D | C] -- C:\Users\Moritz\AppData\Roaming\Malwarebytes [2010.04.18 22:08:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.18 22:08:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.18 22:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.18 22:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.04.17 13:01:45 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.04.17 13:01:45 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2010.04.17 13:01:45 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.04.17 13:01:45 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.04.10 15:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piranha-Bytes [2010.04.07 23:49:58 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.04.07 23:08:36 | 000,000,000 | ---D | C] -- C:\drivers [2010.04.06 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gothic III [2010.04.06 21:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2010.04.06 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010.03.28 22:39:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010.03.28 22:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat ========== Files - Modified Within 90 Days ========== [2010.06.26 21:36:37 | 001,310,720 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT [2010.06.26 21:28:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1000UA.job [2010.06.26 20:58:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1002UA.job [2010.06.26 20:45:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003UA.job [2010.06.26 20:02:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.26 20:02:20 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.26 19:55:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.26 19:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.26 19:54:51 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2010.06.26 11:28:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1000Core.job [2010.06.25 14:59:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1002Core.job [2010.06.24 19:35:38 | 001,507,452 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.24 19:35:38 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.24 19:35:38 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.24 19:35:38 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.24 19:35:38 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.24 18:45:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003Core.job [2010.06.21 22:14:04 | 004,212,395 | -H-- | M] () -- C:\Users\Moritz\AppData\Local\IconCache.db [2010.06.11 11:36:40 | 000,350,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.04 20:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.06.04 20:32:04 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.06.04 20:32:04 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TM.blf [2010.05.30 12:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.30 12:53:20 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 12:53:20 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TM.blf [2010.05.29 22:14:47 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.29 22:14:47 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.29 22:14:47 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TM.blf [2010.05.23 10:42:44 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk [2010.05.17 23:19:38 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.16 23:18:40 | 000,001,897 | ---- | M] () -- C:\Users\Moritz\Desktop\CCleaner.lnk [2010.05.11 23:02:30 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.11 23:02:30 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.11 23:02:30 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TM.blf [2010.05.11 07:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.11 07:59:24 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.11 07:59:24 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TM.blf [2010.05.11 07:27:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.05.06 07:54:43 | 000,000,701 | ---- | M] () -- C:\Users\Moritz\Documents\computer.rtf [2010.05.05 11:35:26 | 000,000,379 | ---- | M] () -- C:\Users\Moritz\Documents\phone numbers.rtf [2010.05.04 20:31:13 | 000,000,250 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung mai.rtf [2010.05.01 21:30:12 | 000,002,230 | ---- | M] () -- C:\Users\Moritz\Desktop\Google Chrome.lnk [2010.04.29 18:35:30 | 000,000,514 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung April.rtf [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.28 23:29:44 | 000,037,480 | ---- | M] (RapidSolution Software AG) -- C:\Windows\SysNative\drivers\rrnetcap.sys [2010.04.27 20:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.04.27 20:56:53 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.04.27 20:56:53 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TM.blf [2010.04.26 12:38:07 | 000,000,470 | ---- | M] () -- C:\Users\Moritz\Documents\Abrechnung März.rtf [2010.04.19 21:53:28 | 000,000,321 | ---- | M] () -- C:\Users\Moritz\Documents\youtube to mp3 anleitung.rtf [2010.04.18 22:08:06 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.17 13:01:42 | 000,002,219 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.04.17 13:01:42 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.04.17 12:41:29 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.04.15 20:29:52 | 000,011,070 | ---- | M] () -- C:\Users\Moritz\Documents\Lord of the flies.rtf [2010.04.10 16:11:46 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2010.04.07 23:52:09 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Dolby Setting.lnk [2010.04.07 23:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.04.07 23:08:33 | 000,524,288 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 23:08:33 | 000,065,536 | -HS- | M] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TM.blf [2010.04.07 23:08:08 | 000,000,205 | ---- | M] () -- C:\Users\Moritz\Documents\seriennr.rtf [2010.04.06 12:59:35 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.04.06 12:59:29 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.04.06 12:59:28 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2010.04.06 12:57:58 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk [2010.04.02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.04.01 09:17:42 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2010.04.01 09:11:42 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.04.01 09:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.04.01 09:11:34 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.04.01 09:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll ========== Files Created - No Company Name ========== [2010.06.04 20:32:03 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.06.04 20:32:03 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.06.04 20:32:03 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{4a5c6135-701b-11df-a305-00262d6e21f2}.TM.blf [2010.05.30 12:53:20 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.30 12:53:20 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.30 12:53:20 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{f1e825e4-6c0a-11df-a2bc-00262d6e21f2}.TM.blf [2010.05.29 22:14:47 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.29 22:14:47 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.29 22:14:47 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{6afd50cb-6b86-11df-aab6-00262d6e21f2}.TM.blf [2010.05.23 10:42:44 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Mediaraptor 4.lnk [2010.05.18 22:49:47 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010.05.17 23:19:38 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.16 23:18:40 | 000,001,897 | ---- | C] () -- C:\Users\Moritz\Desktop\CCleaner.lnk [2010.05.11 23:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.11 23:02:02 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.11 23:02:02 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{774c17cb-5d59-11df-9889-00262d6e21f2}.TM.blf [2010.05.11 07:58:42 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.05.11 07:58:42 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.05.11 07:58:42 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{fc5077e9-5cee-11df-9b85-00262d6e21f2}.TM.blf [2010.05.10 18:40:25 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003UA.job [2010.05.10 18:40:24 | 000,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3140958396-4004633414-178901765-1003Core.job [2010.05.06 07:54:43 | 000,000,701 | ---- | C] () -- C:\Users\Moritz\Documents\computer.rtf [2010.05.05 11:32:16 | 000,000,379 | ---- | C] () -- C:\Users\Moritz\Documents\phone numbers.rtf [2010.05.04 20:31:13 | 000,000,250 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung mai.rtf [2010.04.27 20:56:43 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.04.27 20:56:43 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.04.27 20:56:43 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{46514c8b-525f-11df-952c-00262d6e21f2}.TM.blf [2010.04.26 12:33:28 | 000,000,470 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung März.rtf [2010.04.19 21:56:39 | 000,000,514 | ---- | C] () -- C:\Users\Moritz\Documents\Abrechnung April.rtf [2010.04.19 21:53:28 | 000,000,321 | ---- | C] () -- C:\Users\Moritz\Documents\youtube to mp3 anleitung.rtf [2010.04.18 22:08:06 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.15 20:29:51 | 000,011,070 | ---- | C] () -- C:\Users\Moritz\Documents\Lord of the flies.rtf [2010.04.10 16:11:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.04.07 23:52:09 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Dolby Setting.lnk [2010.04.07 23:08:36 | 000,006,088 | ---- | C] () -- C:\Windows\SysNative\drivers\CDConfig.bin [2010.04.07 23:08:32 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000002.regtrans-ms [2010.04.07 23:08:32 | 000,524,288 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 23:08:32 | 000,065,536 | -HS- | C] () -- C:\Users\Moritz\NTUSER.DAT{04586aa9-42a0-11df-9ae9-00262d6e21f2}.TM.blf [2010.04.07 23:08:08 | 000,000,205 | ---- | C] () -- C:\Users\Moritz\Documents\seriennr.rtf [2010.04.06 12:59:31 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.04.06 12:59:29 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.04.06 12:59:28 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.04.06 12:57:58 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.03.23 16:05:50 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2010.03.21 05:27:29 | 000,001,695 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.10.30 01:54:34 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.10.30 01:54:34 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.10.30 01:54:34 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010.04.19 18:06:57 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Orbit [2010.04.20 15:33:23 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TheLastRipper [2010.05.05 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\Tobit [2010.03.21 14:26:12 | 000,000,000 | ---D | M] -- C:\Users\Moritz\AppData\Roaming\TuneUp Software [2010.06.11 11:36:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/spoiler] |
|
27.06.2010, 10:26
| #2 |
| /// Selecta Jahrusso   | OTL file auswerten Irgendwelche Probleme
__________________
__________________ |
|
27.06.2010, 15:17
| #3 |
| | OTL file auswerten gehackt...
__________________ |
|
27.06.2010, 15:23
| #4 |
| /// Selecta Jahrusso | OTL file auswerten Mit deinen Angaben an Informationen kann ich dezent nichts anfangen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.06.2010, 16:10
| #5 |
| | OTL file auswerten ok sorry. Was brauchst du denn? also meine pws im intenet wurden glaube ich gehackt. Malwarebytes und avira zeigen nichts an dh hab ich hier mal das OTL file hochgeladen. viele grüße |
|
27.06.2010, 16:17
| #6 |
| /// Selecta Jahrusso | OTL file auswerten Bitte
__________________ --> OTL file auswerten |
|
04.07.2010, 09:45
| #7 |
| /// Selecta Jahrusso | OTL file auswerten Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PN an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere eröffnet bitte einen eigenen Thread.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu OTL file auswerten |
| 64-bit, adobe, antivir, auswerten, autorun, avgntflt.sys, avira, chdrt64.sys, desktop, error, explorer, explorer.exe, file, format, google, home, home premium, iastor.sys, launch, location, logfile, microsoft, mp3, nvidia, object, oldtimer, packard bell, photoshop, programdata, programme, realtek, registry, software, start menu, syswow64, webcheck, windows, winlogon |
Linear-Darstellung
