|
Log-Analyse und Auswertung: popup fenster gehen alle paar minuten aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.10.2010, 15:44 | #1 | |
| popup fenster gehen alle paar minuten auf hatte mir gestern einiges an müll eingefangen wobei die systemwiederherstellungskonsole etc deaktiviert wurde (bereits behoben). jedoch gehen alle paar minuten vom internetexplorer popupfenster auf mit zufälligen adressen... hier mal meine logfile (hoffe habe alles in h**p umgeändert... mein benutzername soll kein geheimnis sein...) ich hoffe mir kann geholfen werden MFG Zitat:
|
24.10.2010, 20:41 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | popup fenster gehen alle paar minuten auf Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
27.10.2010, 14:55 | #3 |
| popup fenster gehen alle paar minuten auf Otl:
__________________OTL Logfile: Code:
ATTFilter otl logfile created on: 10/27/2010 3:41:56 pm - run 1 otl by oldtimer - version 3.2.17.1 folder = d:\users\stefan\desktop 64bit- ultimate edition (version = 6.1.7600) - type = ntworkstation internet explorer (version = 8.0.7600.16385) locale: 00000409 | country: Germany | language: Deu | date format: Dd.mm.yyyy 6.00 gb total physical memory | 4.00 gb available physical memory | 68.00% memory free 12.00 gb paging file | 10.00 gb available in paging file | 80.00% paging file free paging file location(s): ?:\pagefile.sys [binary data] %systemdrive% = d: | %systemroot% = d:\windows | %programfiles% = d:\program files (x86) drive c: | 76.33 gb total space | 17.34 gb free space | 22.71% space free | partition type: Ntfs drive d: | 201.01 gb total space | 129.15 gb free space | 64.25% space free | partition type: Ntfs drive e: | 1196.25 gb total space | 403.74 gb free space | 33.75% space free | partition type: Ntfs drive g: | 265.75 gb total space | 86.52 gb free space | 32.56% space free | partition type: Ntfs drive h: | 100.00 gb total space | 77.71 gb free space | 77.71% space free | partition type: Ntfs computer name: Stefan-pc | user name: Stefan | logged in as administrator. Boot mode: Normal | scan mode: Current user | include 64bit scans company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 30 days ========== processes (safelist) ========== prc - d:\users\stefan\desktop\otl.exe (oldtimer tools) prc - d:\users\stefan\appdata\local\temp\gd0.exe (trend micro inc.) prc - d:\program files (x86)\mozilla firefox\firefox.exe (mozilla corporation) prc - d:\program files (x86)\mozilla firefox\plugin-container.exe (mozilla corporation) prc - d:\program files (x86)\virtualdj\virtualdj.exe (atomix productions) prc - d:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh) prc - d:\program files (x86)\daemon tools lite\dtlite.exe (dt soft ltd) prc - d:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh) prc - d:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh) prc - d:\program files (x86)\common files\binarysense\disksvc.exe (binarysense ltd.) prc - d:\program files (x86)\asus\smartdoctor\smartdoctor.exe (asustek inc.) prc - d:\program files (x86)\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab) prc - d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatuner.exe () prc - d:\windows\syswow64\asdr.exe () prc - d:\program files (x86)\asus\ai suite\ainap\ainap.exe () prc - d:\program files (x86)\analog devices\core\smax4pnp.exe (analog devices, inc.) prc - d:\windows\syswow64\ctxfihlp.exe (creative technology ltd) prc - d:\windows\syswow64\ctxfispi.exe (creative technology ltd) prc - d:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe (elaborate bytes ag) prc - d:\program files (x86)\analog devices\soundmax\soundmax.exe (analog devices, inc.) prc - d:\program files (x86)\sony ericsson\sony ericsson pc suite\supserv.exe () prc - d:\program files (x86)\avmwlanstick\wlangui.exe (avm berlin) prc - d:\program files (x86)\avmwlanstick\wlannetservice.exe (avm berlin) prc - d:\program files (x86)\creative\shared files\ctaudsvc.exe (creative technology ltd) prc - d:\program files (x86)\cpu-control\cpu_control.exe () ========== modules (safelist) ========== mod - d:\users\stefan\desktop\otl.exe (oldtimer tools) mod - d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (microsoft corporation) mod - d:\windows\syswow64\wtsapi32.dll (microsoft corporation) mod - d:\windows\syswow64\winsta.dll (microsoft corporation) mod - d:\windows\syswow64\normaliz.dll (microsoft corporation) ========== win32 services (safelist) ========== srv:64bit: - (kmservice) -- d:\windows\sysnative\srvany.exe file not found srv:64bit: - (uxtuneup) -- d:\windows\sysnative\uxtuneup.dll (tuneup software) srv:64bit: - (netzmanager service) -- d:\program files\netzmanager\nminfrais2\netzmanager_service.exe (deutsche telekom ag) srv:64bit: - (windefend) -- d:\program files\windows defender\mpsvc.dll (microsoft corporation) srv:64bit: - (appmgmt) -- d:\windows\sysnative\appmgmts.dll (microsoft corporation) srv:64bit: - (aeadifilters) -- d:\windows\sysnative\aeadisrv.exe (andrea electronics corporation) srv:64bit: - (atkfusservice) -- d:\windows\sysnative\atkfusservice.exe (asustek computer inc.) srv - (lavasoft ad-aware service) -- d:\program files (x86)\lavasoft\ad-aware\aawservice.exe (lavasoft) srv - (tuneup.utilitiessvc) -- d:\program files (x86)\tuneup utilities 2011\tuneuputilitiesservice64.exe (tuneup software) srv - (uxtuneup) tuneup designerweiterung (beta) -- d:\windows\syswow64\uxtuneup.dll (tuneup software) srv - (tomtomhomeservice) -- d:\program files (x86)\tomtom home 2\tomtomhomeservice.exe (tomtom) srv - (antivirservice) -- d:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh) srv - (antivirschedulerservice) -- d:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh) srv - (naupdate) -- d:\program files (x86)\nero\update\nasvc.exe (nero ag) srv - (emmadevmgmtsvc) -- d:\program files (x86)\common files\sony ericsson\emma core\services64\emmadevicemgmt.exe (sony ericsson mobile communications) srv - (emmaupdmgmtsvc) -- d:\program files (x86)\common files\sony ericsson\emma core\services64\emmaupdatemgmt.exe (sony ericsson mobile communications) srv - (hdd & ssd access service) -- d:\program files (x86)\common files\binarysense\disksvc.exe (binarysense ltd.) srv - (creative alchemy al6 licensing service) -- d:\program files (x86)\common files\creative labs shared\service\al6licensing.exe (creative labs) srv - (creative audio engine licensing service) -- d:\program files (x86)\common files\creative labs shared\service\ctaelicensing.exe (creative labs) srv - (aspnet_state) -- d:\windows\microsoft.net\framework64\v4.0.21006\aspnet_state.exe (microsoft corporation) srv - (wpffontcache_v0400) -- d:\windows\microsoft.net\framework64\v4.0.21006\wpf\wpffontcache_v0400.exe (microsoft corporation) srv - (clr_optimization_v4.0.21006_64) -- d:\windows\microsoft.net\framework64\v4.0.21006\mscorsvw.exe (microsoft corporation) srv - (clr_optimization_v4.0.21006_32) -- d:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe (microsoft corporation) srv - (asdr) -- d:\windows\syswow64\asdr.exe () srv - (daupdatersvc) -- g:\dragon age\bin_ship\daupdatersvc.service.exe (bioware) srv - (clr_optimization_v2.0.50727_32) -- d:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (microsoft corporation) srv - (omsi download service) -- d:\program files (x86)\sony ericsson\sony ericsson pc suite\supserv.exe () srv - (avm wlan connection service) -- d:\program files (x86)\avmwlanstick\wlannetservice.exe (avm berlin) srv - (ctaudsvcservice) -- d:\program files (x86)\creative\shared files\ctaudsvc.exe (creative technology ltd) srv - (dfsdks) -- d:\program files (x86)\ashampoo\ashampoo winoptimizer 6\dfsdks.exe (mst software gmbh, germany) srv - (tdslmgrservice) -- d:\program files (x86)\dsl-manager\dslmgrsvc.exe (t-systems enterprise services gmbh) srv - (nero backitup scheduler 4.0) -- d:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe (nero ag) srv - (kmservice) -- d:\windows\syswow64\srvany.exe () ========== driver services (safelist) ========== drv:64bit: - (nvflash) -- d:\windows\sysnative\drivers\nvflash.sys file not found drv:64bit: - (elbycdio) -- d:\windows\sysnative\drivers\elbycdio.sys (elaborate bytes ag) drv:64bit: - (lbd) -- d:\windows\sysnative\drivers\lbd.sys (lavasoft ab) drv:64bit: - (anydvd) -- d:\windows\sysnative\drivers\anydvd.sys (slysoft, inc.) drv:64bit: - (avipbb) -- d:\windows\sysnative\drivers\avipbb.sys (avira gmbh) drv:64bit: - (avgntflt) -- d:\windows\sysnative\drivers\avgntflt.sys (avira gmbh) drv:64bit: - (atksgt) -- d:\windows\sysnative\drivers\atksgt.sys () drv:64bit: - (lirsgt) -- d:\windows\sysnative\drivers\lirsgt.sys () drv:64bit: - (sptd) -- d:\windows\sysnative\drivers\sptd.sys () drv:64bit: - (eio64) -- d:\windows\sysnative\drivers\eio64.sys (asustek computer inc.) drv:64bit: - (xusb21) -- d:\windows\sysnative\drivers\xusb21.sys (microsoft corporation) drv:64bit: - (amdsata) -- d:\windows\sysnative\drivers\amdsata.sys (advanced micro devices) drv:64bit: - (amdxata) -- d:\windows\sysnative\drivers\amdxata.sys (advanced micro devices) drv:64bit: - (amdsbs) -- d:\windows\sysnative\drivers\amdsbs.sys (amd technologies inc.) drv:64bit: - (lsi_sas2) -- d:\windows\sysnative\drivers\lsi_sas2.sys (lsi corporation) drv:64bit: - (hpsamd) -- d:\windows\sysnative\drivers\hpsamd.sys (hewlett-packard company) drv:64bit: - (stexstor) -- d:\windows\sysnative\drivers\stexstor.sys (promise technology) drv:64bit: - (ntfs) -- d:\windows\sysnative\wbem\ntfs.mof () drv:64bit: - (nvenetfd) -- d:\windows\sysnative\drivers\nvm62x64.sys (nvidia corporation) drv:64bit: - (ebdrv) -- d:\windows\sysnative\drivers\evbda.sys (broadcom corporation) drv:64bit: - (b06bdrv) -- d:\windows\sysnative\drivers\bxvbda.sys (broadcom corporation) drv:64bit: - (b57nd60a) -- d:\windows\sysnative\drivers\b57nd60a.sys (broadcom corporation) drv:64bit: - (hcw85cir) -- d:\windows\sysnative\drivers\hcw85cir.sys (hauppauge computer works, inc.) drv:64bit: - (adihdaudaddservice) -- d:\windows\sysnative\drivers\adihdaud.sys (analog devices, inc.) drv:64bit: - (ha20x2k) -- d:\windows\sysnative\drivers\ha20x2k.sys (creative technology ltd) drv:64bit: - (emupia) -- d:\windows\sysnative\drivers\emupia2k.sys (creative technology ltd) drv:64bit: - (ctsfm2k) -- d:\windows\sysnative\drivers\ctsfm2k.sys (creative technology ltd) drv:64bit: - (ctprxy2k) -- d:\windows\sysnative\drivers\ctprxy2k.sys (creative technology ltd) drv:64bit: - (ossrv) -- d:\windows\sysnative\drivers\ctoss2k.sys (creative technology ltd.) drv:64bit: - (ctaud2k) creative audio driver (wdm) -- d:\windows\sysnative\drivers\ctaud2k.sys (creative technology ltd) drv:64bit: - (ctac32k) -- d:\windows\sysnative\drivers\ctac32k.sys (creative technology ltd) drv:64bit: - (ctexfifx.sys) -- d:\windows\sysnative\drivers\ctexfifx.sys (creative technology ltd.) drv:64bit: - (ctexfifx) -- d:\windows\sysnative\drivers\ctexfifx.sys (creative technology ltd.) drv:64bit: - (cthwiut.sys) -- d:\windows\sysnative\drivers\cthwiut.sys (creative technology ltd.) drv:64bit: - (cthwiut) -- d:\windows\sysnative\drivers\cthwiut.sys (creative technology ltd.) drv:64bit: - (ct20xut.sys) -- d:\windows\sysnative\drivers\ct20xut.sys (creative technology ltd.) drv:64bit: - (ct20xut) -- d:\windows\sysnative\drivers\ct20xut.sys (creative technology ltd.) drv:64bit: - (vclone) -- d:\windows\sysnative\drivers\vclone.sys (elaborate bytes ag) drv:64bit: - (mtsensor) -- d:\windows\sysnative\drivers\asacpi.sys () drv:64bit: - (hotcore3) -- d:\windows\sysnative\drivers\hotcore3.sys (paragon software group) drv:64bit: - (ggsemc) -- d:\windows\sysnative\drivers\ggsemc.sys (sony ericsson mobile communications) drv:64bit: - (ggflt) -- d:\windows\sysnative\drivers\ggflt.sys (sony ericsson mobile communications) drv:64bit: - (a4djavs_x64) -- d:\windows\sysnative\drivers\a4djavs_x64.sys (native instruments gmbh) drv:64bit: - (a4djusb_x64) -- d:\windows\sysnative\drivers\a4djusb_x64.sys (native instruments gmbh) drv:64bit: - (fwlanusbn) -- d:\windows\sysnative\drivers\fwlanusbn.sys (avm gmbh) drv:64bit: - (avmeject) -- d:\windows\sysnative\drivers\avmeject.sys (avm berlin) drv:64bit: - (atkdisplf) -- d:\windows\sysnative\drivers\atkdisplowfilter.sys (asustek computer inc.) drv:64bit: - (asusgsb) -- d:\windows\sysnative\drivers\asusgsb.sys (asustek computer inc.) drv:64bit: - (s0017unic) sony ericsson device 0017 usb ethernet emulation semc0017 (wdm) -- d:\windows\sysnative\drivers\s0017unic.sys (mcci corporation) drv:64bit: - (s0017obex) -- d:\windows\sysnative\drivers\s0017obex.sys (mcci corporation) drv:64bit: - (s0017nd5) sony ericsson device 0017 usb ethernet emulation semc0017 (ndis) -- d:\windows\sysnative\drivers\s0017nd5.sys (mcci corporation) drv:64bit: - (s0017mdm) -- d:\windows\sysnative\drivers\s0017mdm.sys (mcci corporation) drv:64bit: - (s0017mgmt) sony ericsson device 0017 usb wmc device management drivers (wdm) -- d:\windows\sysnative\drivers\s0017mgmt.sys (mcci corporation) drv:64bit: - (s0017mdfl) -- d:\windows\sysnative\drivers\s0017mdfl.sys (mcci corporation) drv:64bit: - (s0017bus) sony ericsson device 0017 driver (wdm) -- d:\windows\sysnative\drivers\s0017bus.sys (mcci corporation) drv:64bit: - (seehcri) -- d:\windows\sysnative\drivers\seehcri.sys (sony ericsson mobile communications) drv:64bit: - (sifilter) -- d:\windows\sysnative\drivers\siwinacc.sys (silicon image, inc) drv:64bit: - (siremfil) -- d:\windows\sysnative\drivers\siremfil.sys (silicon image, inc) drv:64bit: - (si3132) -- d:\windows\sysnative\drivers\si3132.sys (silicon image, inc) drv:64bit: - (dslmnlwf) -- d:\windows\sysnative\drivers\dslmnlwf.sys (t-systems enterprise services gmbh) drv:64bit: - (s125obex) -- d:\windows\sysnative\drivers\s125obex.sys (mcci corporation) drv:64bit: - (s125bus) sony ericsson device 125 driver (wdm) -- d:\windows\sysnative\drivers\s125bus.sys (mcci corporation) drv:64bit: - (elbycdfl) -- d:\windows\sysnative\drivers\elbycdfl.sys (slysoft, inc.) drv:64bit: - (fwlanusb) -- d:\windows\sysnative\drivers\fwlanusb.sys (avm gmbh) drv - (lavasoft kernexplorer) -- d:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys () drv - (anydvd) -- d:\windows\syswow64\drivers\anydvd.sys (slysoft, inc.) drv - (tuneuputilitiesdrv) -- d:\program files (x86)\tuneup utilities 2011\tuneuputilitiesdriver64.sys (tuneup software) drv - (rivatuner64) -- d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatuner64.sys () drv - (elbycdfl) -- d:\windows\syswow64\drivers\elbycdfl.sys (slysoft, inc.) drv - (nvflash) -- d:\windows\syswow64\drivers\nvflash.sys () ========== standard registry (safelist) ========== ========== internet explorer ========== ie - hklm\software\microsoft\internet explorer\main,local page = d:\windows\syswow64\blank.htm ie - hkcu\software\microsoft\internet explorer\main,secondary start pages = h**p://4fuckr.com/page_1.htm [binary data] ie - hkcu\software\microsoft\internet explorer\main,start page = h**p://welt4.freewar.de/freewar/index.php?login_failure=1 ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache = h**p://de.msn.com/?ocid=iehp ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 2c bd 8f ab a4 60 ca 01 [binary data] ie - hkcu\..\urlsearchhook: - reg error: Key error. File not found ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0 ========== firefox ========== ff - prefs.js..browser.search.defaultenginename: "icq search" ff - prefs.js..browser.search.selectedengine: "google" ff - prefs.js..browser.search.usedbfororder: True ff - prefs.js..browser.startup.homepage: "google.de" ff - prefs.js..extensions.enableditems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 ff - prefs.js..extensions.enableditems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 ff - prefs.js..extensions.enableditems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 ff - prefs.js..extensions.enableditems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0 ff - prefs.js..extensions.enableditems: Jl@leimbach-it.de:2.5 ff - prefs.js..extensions.enableditems: {ddc359d1-844a-42a7-9aa1-88a850a938a8}:1.1.10 ff - prefs.js..keyword.url: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=" ff - hklm\software\mozilla\mozilla firefox 3.6.11\extensions\\components: D:\program files (x86)\mozilla firefox\components [2010/10/21 13:26:43 | 000,000,000 | ---d | m] ff - hklm\software\mozilla\mozilla firefox 3.6.11\extensions\\plugins: D:\program files (x86)\mozilla firefox\plugins [2010/10/21 13:26:43 | 000,000,000 | ---d | m] [2010/10/08 17:59:59 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\extensions [2010/10/08 17:59:59 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\extensions\home2@tomtom.com [2010/10/26 21:00:36 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions [2010/03/07 19:07:33 | 000,000,000 | ---d | m] (linkification) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010/07/18 21:40:08 | 000,000,000 | ---d | m] (reloadevery) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/10/14 21:50:48 | 000,000,000 | ---d | m] (downloadhelper) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/08/20 06:33:38 | 000,000,000 | ---d | m] (adblock plus) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/08/09 14:35:58 | 000,000,000 | ---d | m] (downthemall!) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{ddc359d1-844a-42a7-9aa1-88a850a938a8} [2010/03/26 00:10:48 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\jl@leimbach-it.de [2010/03/13 11:43:38 | 000,000,687 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icq-search.xml [2010/04/09 05:24:01 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-1.xml [2010/06/24 05:14:10 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-2.xml [2010/06/28 05:34:20 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-3.xml [2010/03/23 21:50:29 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin.xml [2010/10/26 21:00:36 | 000,000,000 | ---d | m] -- d:\program files (x86)\mozilla firefox\extensions [2010/08/10 22:39:24 | 000,001,392 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/08/10 22:39:24 | 000,002,344 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\ebay-de.xml [2010/08/10 22:39:24 | 000,006,805 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/08/10 22:39:24 | 000,001,178 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/08/10 22:39:24 | 000,001,105 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\yahoo-de.xml o1 hosts file: ([2009/06/10 23:00:26 | 000,000,824 | ---- | m]) - d:\windows\sysnative\drivers\etc\hosts o2:64bit: - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~2\office14\urlredir.dll (microsoft corporation) o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~2\micros~1\office14\urlredir.dll (microsoft corporation) o2 - bho: (d:\windows\syswow64\qkad7.dll) - {b6ba40c1-a501-59bd-f413-03b03a2c8952} - d:\windows\syswow64\qkad7.dll file not found o3 - hklm\..\toolbar: (toolbar fuer ebay) - {000e148c-f7a7-445a-9044-93bf6ce09ecb} - d:\users\stefan\appdata\roaming\toolbars\toolbar fuer ebay\ebay.dll () o3 - hkcu\..\toolbar\webbrowser: (toolbar fuer ebay) - {000e148c-f7a7-445a-9044-93bf6ce09ecb} - d:\users\stefan\appdata\roaming\toolbars\toolbar fuer ebay\ebay.dll () o4:64bit: - hklm..\run: [rivatuner] d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatunerwrapper.exe () o4:64bit: - hklm..\run: [rivatunerstartupdaemon] d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatunerwrapper.exe () o4:64bit: - hklm..\run: [soundmax] d:\program files (x86)\analog devices\soundmax\soundmax.exe (analog devices, inc.) o4 - hklm..\run: [ai nap] d:\program files (x86)\asus\ai suite\ainap\ainap.exe () o4 - hklm..\run: [avgnt] d:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh) o4 - hklm..\run: [avmwlanclient] d:\program files (x86)\avmwlanstick\wlangui.exe (avm berlin) o4 - hklm..\run: [clonecdtray] d:\program files (x86)\slysoft\clonecd\clonecdtray.exe (slysoft, inc.) o4 - hklm..\run: [cpu level up] d:\program files (x86)\asus\ai suite\cpu level upex\cpulevelup.exe (asustek) o4 - hklm..\run: [ctxfihlp] d:\windows\syswow64\ctxfihlp.exe (creative technology ltd) o4 - hklm..\run: [qfan help] d:\program files (x86)\asus\ai suite\qfan3\qfanhelp.exe () o4 - hklm..\run: [soundmaxpnp] d:\program files (x86)\analog devices\core\smax4pnp.exe (analog devices, inc.) o4 - hklm..\run: [virtualclonedrive] d:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe (elaborate bytes ag) o4 - hkcu..\run: [cpu_control] d:\program files (x86)\cpu-control\cpu_control.exe () o4 - hkcu..\run: [daemon tools lite] d:\program files (x86)\daemon tools lite\dtlite.exe (dt soft ltd) o4 - hkcu..\run: [icq] d:\program files (x86)\icq7.0\icq.exe (icq, llc.) o4 - hkcu..\run: [koo9rv9k4z] d:\users\stefan\appdata\local\temp\gd0.exe (trend micro inc.) o4 - hkcu..\run: [sony ericsson pc suite] d:\program files (x86)\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab) o4 - startup: D:\users\stefan\appdata\roaming\microsoft\windows\start menu\programs\startup\dsl-manager.lnk = d:\program files (x86)\dsl-manager\dslmgr.exe (t-systems enterprise services gmbh) o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktop = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktopchanges = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 0 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enableinstallerdetection = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablelua = 0 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablesecureuiapaths = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablevirtualization = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system: Promptonsecuredesktop = 0 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Shutdownwithoutlogon = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system: Undockwithoutlogon = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o6 - hklm\software\microsoft\windows\currentversion\policies\system\uipi\clipboard\exceptionformats: Cf_text = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m] o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: Nodrivetypeautorun = 145 o8:64bit: - extra context menu item: Add to &bom - d:\\progra~2\\biet-o~1\\\\addtobom.hta () o8 - extra context menu item: Add to &bom - d:\\progra~2\\biet-o~1\\\\addtobom.hta () o9 - extra button: Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - d:\program files (x86)\icq7.0\icq.exe (icq, llc.) o9 - extra 'tools' menuitem : Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - d:\program files (x86)\icq7.0\icq.exe (icq, llc.) o13 - gopher prefix: Missing o13 - gopher prefix: Missing o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17) o16 - dpf: {cafeefac-0016-0000-0017-abcdeffedcba} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17) o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17) o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (shockwave flash object) o16 - dpf: {f6acf75c-c32c-447b-9bef-46b766368d29} h**p://ccfiles.creative.com/web/softwareupdate/su2/ocx/15109/ctpid.cab (creative software autoupdate support package) o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.178.1 o18 - protocol\handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - reg error: Key error. File not found o20 - appinit_dlls: (anydischelp.dll) - file not found o20:64bit: - hklm winlogon: Shell - (explorer.exe) - d:\windows\explorer.exe (microsoft corporation) o20:64bit: - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - d:\windows\sysnative\systempropertiesperformance.exe (microsoft corporation) o20:64bit: - hklm winlogon: Vmapplet - (/pagefile) - file not found o20 - hklm winlogon: Shell - (explorer.exe) - d:\windows\syswow64\explorer.exe (microsoft corporation) o20 - hklm winlogon: Vmapplet - (/pagefile) - file not found o20 - hkcu winlogon: Shell - (d:\users\stefan\appdata\roaming\hotfix.exe) - d:\users\stefan\appdata\roaming\hotfix.exe file not found o21:64bit: - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - clsid or file not found. O21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - clsid or file not found. O22:64bit: - sharedtaskscheduler: {e31004d1-a431-41b8-826f-e902f9d95c81} - windows dreamscene - d:\windows\sysnative\dreamscene.dll (microsoft corporation) o22 - sharedtaskscheduler: {b6ba40c1-a501-59bd-f413-03b03a2c8952} - dfskea98e4iagjiufhg87df87u - d:\windows\syswow64\qkad7.dll file not found o22 - sharedtaskscheduler: {e31004d1-a431-41b8-826f-e902f9d95c81} - windows dreamscene - d:\windows\syswow64\dreamscene.dll (microsoft corporation) o27:64bit: - hklm ifeo\taskmgr.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\pmlauncher.exe (tuneup software) o27:64bit: - hklm ifeo\unins000.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe (tuneup software) o27:64bit: - hklm ifeo\wo6.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe (tuneup software) o27 - hklm ifeo\taskmgr.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\pmlauncher.exe (tuneup software) o27 - hklm ifeo\unins000.exe: Debugger - "d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe" (tuneup software) o27 - hklm ifeo\wo6.exe: Debugger - "d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe" (tuneup software) o32 - hklm cdrom: Autorun - 1 o32 - autorun file - [2009/11/06 12:40:17 | 000,000,000 | ---- | m] () - c:\autoexec.bat -- [ ntfs ] o33 - mountpoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\shell - "" = autorun o33 - mountpoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\shell\autorun\command - "" = f:\pushinst.exe -- file not found o33 - mountpoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\shell - "" = autorun o33 - mountpoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\shell\autorun\command - "" = j:\launchu3.exe -- file not found o34 - hklm bootexecute: (autocheck autochk *) - file not found o34 - hklm bootexecute: (lsdelete) - file not found o35:64bit: - hklm\..comfile [open] -- "%1" %* o35:64bit: - hklm\..exefile [open] -- "%1" %* o35 - hklm\..comfile [open] -- "%1" %* o35 - hklm\..exefile [open] -- "%1" %* o36 - appcertdlls: Diskvaws - (d:\windows\system32\icartend.dll) - d:\windows\syswow64\icartend.dll file not found o37:64bit: - hklm\...com [@ = comfile] -- "%1" %* o37:64bit: - hklm\...exe [@ = exefile] -- "%1" %* o37 - hklm\...com [@ = comfile] -- "%1" %* o37 - hklm\...exe [@ = exefile] -- "%1" %* ========== files/folders - created within 30 days ========== [2010/10/27 15:39:09 | 000,575,488 | ---- | c] (oldtimer tools) -- d:\users\stefan\desktop\otl.exe [2010/10/24 17:00:29 | 000,069,152 | ---- | c] (lavasoft ab) -- d:\windows\sysnative\drivers\lbd.sys [2010/10/24 15:00:14 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\sunbelt software [2010/10/24 14:59:40 | 000,000,000 | -h-d | c] -- d:\programdata\{e961ce1b-c3ea-4882-9f67-f859b555d097} [2010/10/24 14:59:36 | 000,000,000 | ---d | c] -- d:\programdata\lavasoft [2010/10/24 14:59:36 | 000,000,000 | ---d | c] -- d:\program files (x86)\lavasoft [2010/10/23 21:13:59 | 000,000,000 | ---d | c] -- d:\program files (x86)\trend micro [2010/10/23 21:12:26 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\vlc [2010/10/23 18:47:50 | 000,000,000 | ---d | c] -- d:\programdata\spybot - search & destroy [2010/10/23 18:46:19 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\avira [2010/10/23 18:36:04 | 000,116,568 | ---- | c] (avira gmbh) -- d:\windows\sysnative\drivers\avipbb.sys [2010/10/23 18:36:04 | 000,081,072 | ---- | c] (avira gmbh) -- d:\windows\sysnative\drivers\avgntflt.sys [2010/10/23 18:36:04 | 000,051,992 | ---- | c] (avira gmbh) -- d:\windows\syswow64\drivers\avgntdd.sys [2010/10/23 18:36:04 | 000,017,016 | ---- | c] (avira gmbh) -- d:\windows\syswow64\drivers\avgntmgr.sys [2010/10/23 18:36:03 | 000,000,000 | ---d | c] -- d:\programdata\avira [2010/10/23 18:36:03 | 000,000,000 | ---d | c] -- d:\program files (x86)\avira [2010/10/23 18:09:32 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\dbcontrol [2010/10/20 22:57:49 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\arcania - gothic 4 [2010/10/14 05:35:39 | 000,702,976 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\msfeeds.dll [2010/10/14 05:35:39 | 000,599,040 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\msfeeds.dll [2010/10/14 05:35:39 | 000,057,856 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\licmgr10.dll [2010/10/14 05:35:39 | 000,044,544 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\licmgr10.dll [2010/10/14 05:35:38 | 000,482,816 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\html.iec [2010/10/14 05:35:38 | 000,386,048 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\html.iec [2010/10/14 05:35:38 | 000,256,000 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\iepeers.dll [2010/10/14 05:35:38 | 000,247,808 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\ieui.dll [2010/10/14 05:35:38 | 000,185,856 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\iepeers.dll [2010/10/14 05:35:38 | 000,176,640 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\ieui.dll [2010/10/14 05:35:38 | 000,097,280 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\mshtmled.dll [2010/10/14 05:35:38 | 000,067,072 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mshtmled.dll [2010/10/14 05:35:38 | 000,012,800 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\msfeedssync.exe [2010/10/14 05:35:38 | 000,012,288 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\msfeedssync.exe [2010/10/14 05:34:41 | 014,627,840 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmp.dll [2010/10/14 05:34:40 | 012,625,408 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmploc.dll [2010/10/14 05:34:40 | 011,406,848 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmp.dll [2010/10/14 05:34:39 | 012,625,920 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmploc.dll [2010/10/14 05:34:38 | 002,085,376 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\ole32.dll [2010/10/14 05:34:12 | 000,633,856 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\comctl32.dll [2010/10/14 05:34:08 | 001,024,512 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmpmde.dll [2010/10/14 05:34:08 | 000,954,752 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mfc40.dll [2010/10/14 05:34:08 | 000,954,288 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mfc40u.dll [2010/10/14 05:34:08 | 000,738,816 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmpmde.dll [2010/10/14 05:34:07 | 000,483,840 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\structuredquery.dll [2010/10/14 05:34:07 | 000,148,992 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\t2embed.dll [2010/10/14 05:34:07 | 000,109,056 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\t2embed.dll [2010/10/14 05:34:06 | 000,009,728 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\sscore.dll [2010/10/10 21:17:50 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\anydvdhd [2010/10/08 18:21:16 | 000,000,000 | ---d | c] -- d:\program files (x86)\gpsbabel [2010/10/08 18:10:41 | 000,000,000 | ---d | c] -- d:\program files\7-zip [2010/10/08 18:00:11 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\tomtom [2010/10/08 18:00:08 | 000,000,000 | ---d | c] -- d:\programdata\tomtom [2010/10/08 17:59:59 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\tomtom [2010/10/08 17:59:59 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\tomtom [2010/10/08 17:59:54 | 000,000,000 | ---d | c] -- d:\program files (x86)\tomtom international b.v [2010/10/08 17:59:45 | 000,000,000 | ---d | c] -- d:\program files (x86)\tomtom home 2 [2010/09/30 23:25:10 | 000,040,104 | ---- | c] (elaborate bytes ag) -- d:\windows\sysnative\drivers\elbycdio.sys [2010/09/30 13:18:24 | 000,089,256 | ---- | c] (elaborate bytes ag) -- d:\windows\syswow64\elbycdio.dll [2010/09/27 20:24:45 | 000,000,000 | ---d | c] -- d:\program files (x86)\daemon tools lite [2010/01/11 22:24:29 | 000,148,736 | ---- | c] (avanquest software) -- d:\programdata\hpe671b.dll [2010/01/01 17:08:48 | 000,148,736 | ---- | c] (avanquest software) -- d:\programdata\hpe363d.dll [2009/06/04 01:57:38 | 000,060,928 | ---- | c] ( ) -- d:\windows\syswow64\a3d.dll [2 d:\windows\*.tmp files -> d:\windows\*.tmp -> ] ========== files - modified within 30 days ========== [2010/10/27 15:40:29 | 000,575,488 | ---- | m] (oldtimer tools) -- d:\users\stefan\desktop\otl.exe [2010/10/27 15:36:02 | 000,000,248 | -h-- | m] () -- d:\windows\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job [2010/10/27 15:34:54 | 000,000,290 | -h-- | m] () -- d:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job [2010/10/27 15:18:34 | 000,000,982 | ---- | m] () -- d:\users\stefan\appdata\roaming\microsoft\windows\start menu\programs\startup\dsl-manager.lnk [2010/10/27 15:15:43 | 000,014,224 | -h-- | m] () -- d:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0 [2010/10/27 15:15:43 | 000,014,224 | -h-- | m] () -- d:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0 [2010/10/27 15:08:49 | 000,000,394 | ---- | m] () -- d:\windows\tasks\ad-aware update (weekly).job [2010/10/27 15:08:19 | 000,067,584 | --s- | m] () -- d:\windows\bootstat.dat [2010/10/27 15:08:17 | 535,732,223 | -hs- | m] () -- d:\hiberfil.sys [2010/10/27 05:46:14 | 000,063,460 | ---- | m] () -- d:\windows\sysnative\bmxstatebkp-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx [2010/10/27 05:46:14 | 000,063,460 | ---- | m] () -- d:\windows\sysnative\bmxstate-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx [2010/10/27 05:46:14 | 000,001,080 | ---- | m] () -- d:\windows\sysnative\settingsbkup.sfm [2010/10/27 05:46:14 | 000,001,080 | ---- | m] () -- d:\windows\sysnative\settings.sfm [2010/10/27 05:46:14 | 000,000,788 | ---- | m] () -- d:\windows\sysnative\dvcstate-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx [2010/10/24 14:59:39 | 000,001,174 | ---- | m] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\ad-aware.lnk [2010/10/24 14:59:39 | 000,001,150 | ---- | m] () -- d:\users\public\desktop\ad-aware.lnk [2010/10/24 14:09:32 | 028,541,623 | ---- | m] () -- d:\program files (x86)\spybot - search & destroy.rar [2010/10/23 21:13:59 | 000,002,981 | ---- | m] () -- d:\users\stefan\desktop\hijackthis.lnk [2010/10/23 19:11:56 | 000,000,103 | ---- | m] () -- d:\windows\wininit.ini [2010/10/23 19:02:35 | 000,001,066 | ---- | m] () -- d:\users\public\desktop\vlc media player.lnk [2010/10/23 19:01:13 | 019,657,194 | ---- | m] () -- d:\users\stefan\documents\vlc-1.1.4-win32.exe [2010/10/23 18:36:13 | 000,002,066 | ---- | m] () -- d:\users\public\desktop\avira antivir control center.lnk [2010/10/23 18:09:24 | 000,000,179 | ---- | m] () -- d:\users\stefan\appdata\roaming\42693.bat [2010/10/23 18:09:06 | 000,000,016 | ---- | m] () -- d:\users\stefan\appdata\roaming\dxqkew.dat [2010/10/23 18:08:41 | 000,000,004 | ---- | m] () -- d:\users\stefan\appdata\roaming\avdrn.dat [2010/10/23 18:07:50 | 000,001,164 | ---- | m] () -- d:\users\stefan\desktop\antimalware doctor.lnk [2010/10/23 18:07:50 | 000,001,144 | ---- | m] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk [2010/10/20 22:48:37 | 000,000,690 | ---- | m] () -- d:\users\public\desktop\arcania - gothic 4 starten.lnk [2010/10/15 05:28:23 | 001,619,748 | ---- | m] () -- d:\windows\sysnative\perfstringbackup.ini [2010/10/15 05:28:23 | 000,697,474 | ---- | m] () -- d:\windows\sysnative\perfh007.dat [2010/10/15 05:28:23 | 000,654,354 | ---- | m] () -- d:\windows\sysnative\perfh009.dat [2010/10/15 05:28:23 | 000,148,104 | ---- | m] () -- d:\windows\sysnative\perfc007.dat [2010/10/15 05:28:23 | 000,121,224 | ---- | m] () -- d:\windows\sysnative\perfc009.dat [2010/10/14 14:25:02 | 000,418,392 | ---- | m] () -- d:\windows\sysnative\fntcache.dat [2010/10/12 14:44:28 | 000,000,083 | -hs- | m] () -- d:\programdata\.zreglib [2010/10/10 21:17:30 | 000,001,199 | ---- | m] () -- d:\users\public\desktop\clonedvd2.lnk [2010/10/10 21:17:10 | 000,001,101 | ---- | m] () -- d:\users\public\desktop\anydvd.lnk [2010/10/02 19:41:27 | 002,966,140 | ---- | m] () -- d:\users\stefan\documents\2010-10-2-17-41-mymdb_backup.xlg [2010/10/01 21:37:12 | 002,944,588 | ---- | m] () -- d:\users\stefan\documents\2010-10-1-19-37-mymdb_backup.xlg [2010/09/30 23:25:10 | 000,040,104 | ---- | m] (elaborate bytes ag) -- d:\windows\sysnative\drivers\elbycdio.sys [2010/09/30 13:18:24 | 000,089,256 | ---- | m] (elaborate bytes ag) -- d:\windows\syswow64\elbycdio.dll [2 d:\windows\*.tmp files -> d:\windows\*.tmp -> ] ========== files created - no company name ========== [2010/10/25 20:41:36 | 000,000,394 | ---- | c] () -- d:\windows\tasks\ad-aware update (weekly).job [2010/10/24 16:57:20 | 000,015,880 | ---- | c] () -- d:\windows\sysnative\lsdelete.exe [2010/10/24 14:59:39 | 000,001,174 | ---- | c] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\ad-aware.lnk [2010/10/24 14:59:39 | 000,001,150 | ---- | c] () -- d:\users\public\desktop\ad-aware.lnk [2010/10/24 14:09:19 | 028,541,623 | ---- | c] () -- d:\program files (x86)\spybot - search & destroy.rar [2010/10/23 21:13:59 | 000,002,981 | ---- | c] () -- d:\users\stefan\desktop\hijackthis.lnk [2010/10/23 19:11:56 | 000,000,103 | ---- | c] () -- d:\windows\wininit.ini [2010/10/23 19:02:35 | 000,001,066 | ---- | c] () -- d:\users\public\desktop\vlc media player.lnk [2010/10/23 18:57:08 | 019,657,194 | ---- | c] () -- d:\users\stefan\documents\vlc-1.1.4-win32.exe [2010/10/23 18:36:13 | 000,002,066 | ---- | c] () -- d:\users\public\desktop\avira antivir control center.lnk [2010/10/23 18:10:48 | 000,000,290 | -h-- | c] () -- d:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job [2010/10/23 18:10:43 | 000,000,248 | -h-- | c] () -- d:\windows\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job [2010/10/23 18:09:32 | 000,000,000 | ---- | c] () -- d:\users\stefan\appdata\local\googleupdate.log [2010/10/23 18:09:24 | 000,000,179 | ---- | c] () -- d:\users\stefan\appdata\roaming\42693.bat [2010/10/23 18:09:06 | 000,000,016 | ---- | c] () -- d:\users\stefan\appdata\roaming\dxqkew.dat [2010/10/23 18:08:41 | 000,000,004 | ---- | c] () -- d:\users\stefan\appdata\roaming\avdrn.dat [2010/10/23 18:07:50 | 000,001,164 | ---- | c] () -- d:\users\stefan\desktop\antimalware doctor.lnk [2010/10/23 18:07:50 | 000,001,144 | ---- | c] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk [2010/10/20 22:48:37 | 000,000,690 | ---- | c] () -- d:\users\public\desktop\arcania - gothic 4 starten.lnk [2010/10/10 21:17:30 | 000,001,199 | ---- | c] () -- d:\users\public\desktop\clonedvd2.lnk [2010/10/10 21:17:10 | 000,001,101 | ---- | c] () -- d:\users\public\desktop\anydvd.lnk [2010/10/02 19:41:21 | 002,966,140 | ---- | c] () -- d:\users\stefan\documents\2010-10-2-17-41-mymdb_backup.xlg [2010/10/01 21:37:07 | 002,944,588 | ---- | c] () -- d:\users\stefan\documents\2010-10-1-19-37-mymdb_backup.xlg [2010/04/02 17:17:34 | 000,179,091 | ---- | c] () -- d:\windows\syswow64\xlive.dll.cat [2010/02/07 14:21:18 | 000,000,193 | ---- | c] () -- d:\windows\wordpad.ini [2010/01/23 14:13:08 | 053,992,860 | ---- | c] () -- d:\program files (x86)\mymdb.rar [2009/12/31 16:31:52 | 000,000,083 | -hs- | c] () -- d:\programdata\.zreglib [2009/12/19 16:50:42 | 000,000,034 | ---- | c] () -- d:\windows\cdplayer.ini [2009/12/03 20:33:24 | 000,000,156 | ---- | c] () -- d:\users\stefan\appdata\roaming\default.rss [2009/12/03 20:33:07 | 000,000,069 | ---- | c] () -- d:\windows\nerodigital.ini [2009/11/28 15:39:19 | 000,015,873 | ---- | c] () -- d:\windows\syswow64\inetde.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asrussian.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\askorean.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asjapan.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asgerman.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asfrench.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\aseng.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\ascht.dll [2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\aschs.dll [2009/11/09 20:47:15 | 000,761,856 | ---- | c] () -- d:\windows\syswow64\xvidcore.dll [2009/11/09 20:47:15 | 000,180,224 | ---- | c] () -- d:\windows\syswow64\xvidvfw.dll [2009/11/09 16:39:36 | 000,000,038 | ---- | c] () -- d:\windows\avisplitter.ini [2009/11/07 20:04:33 | 000,003,040 | ---- | c] () -- d:\windows\syswow64\drivers\nvflash.sys [2009/11/07 19:39:06 | 000,024,576 | r--- | c] () -- d:\windows\syswow64\asio.dll [2009/11/07 19:39:06 | 000,013,368 | r--- | c] () -- d:\windows\syswow64\drivers\asio.sys [2009/11/07 19:38:45 | 000,001,769 | ---- | c] () -- d:\windows\language_trs.ini [2009/11/07 19:35:19 | 001,594,390 | ---- | c] () -- d:\windows\syswow64\perfstringbackup.ini [2009/11/07 19:21:22 | 000,148,480 | ---- | c] () -- d:\windows\syswow64\apomngr.dll [2009/11/07 19:21:22 | 000,073,728 | ---- | c] () -- d:\windows\syswow64\cmdrtr.dll [2009/11/07 19:20:49 | 000,003,072 | ---- | c] () -- d:\windows\syswow64\ctxfiger.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | c] () -- d:\windows\syswow64\bwcontexthandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | c] () -- d:\windows\syswow64\msjetoledb40.dll [2009/06/04 02:37:08 | 000,021,093 | ---- | c] () -- d:\windows\syswow64\instwdm.ini [2009/06/04 02:37:06 | 000,000,054 | ---- | c] () -- d:\windows\syswow64\ctzapxx.ini [2009/06/04 01:55:20 | 000,002,560 | ---- | c] () -- d:\windows\syswow64\ctxfires.dll [2009/05/27 10:49:00 | 000,000,285 | ---- | c] () -- d:\windows\syswow64\kill.ini ========== alternate data streams ========== @alternate data stream - 24 bytes -> d:\windows:917ecb1c0ee15d1d < end of report > extras: OTL Logfile: Code:
ATTFilter otl extras logfile created on: 10/27/2010 3:41:56 pm - run 1 otl by oldtimer - version 3.2.17.1 folder = d:\users\stefan\desktop 64bit- ultimate edition (version = 6.1.7600) - type = ntworkstation internet explorer (version = 8.0.7600.16385) locale: 00000409 | country: Germany | language: Deu | date format: Dd.mm.yyyy 6.00 gb total physical memory | 4.00 gb available physical memory | 68.00% memory free 12.00 gb paging file | 10.00 gb available in paging file | 80.00% paging file free paging file location(s): ?:\pagefile.sys [binary data] %systemdrive% = d: | %systemroot% = d:\windows | %programfiles% = d:\program files (x86) drive c: | 76.33 gb total space | 17.34 gb free space | 22.71% space free | partition type: Ntfs drive d: | 201.01 gb total space | 129.15 gb free space | 64.25% space free | partition type: Ntfs drive e: | 1196.25 gb total space | 403.74 gb free space | 33.75% space free | partition type: Ntfs drive g: | 265.75 gb total space | 86.52 gb free space | 32.56% space free | partition type: Ntfs drive h: | 100.00 gb total space | 77.71 gb free space | 77.71% space free | partition type: Ntfs computer name: Stefan-pc | user name: Stefan | logged in as administrator. Boot mode: Normal | scan mode: Current user | include 64bit scans company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 30 days ========== extra registry (safelist) ========== ========== file associations ========== 64bit: [hkey_local_machine\software\classes\<extension>] .url[@ = internetshortcut] -- d:\windows\system32\ieframe.dll (microsoft corporation) [hkey_local_machine\software\classes\<extension>] .cpl [@ = cplfile] -- d:\windows\syswow64\control.exe (microsoft corporation) .url [@ = internetshortcut] -- d:\windows\system32\ieframe.dll (microsoft corporation) [hkey_current_user\software\classes\<extension>] .html [@ = firefoxhtml] -- d:\program files (x86)\mozilla firefox\firefox.exe (mozilla corporation) ========== shell spawning ========== 64bit: [hkey_local_machine\software\classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* file not found cmdfile [open] -- "%1" %* file not found comfile [open] -- "%1" %* file not found exefile [open] -- "%1" %* file not found helpfile [open] -- reg error: Key error. Inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation) internetshortcut [open] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\ieframe.dll",openurl %l (microsoft corporation) internetshortcut [print] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation) piffile [open] -- "%1" %* file not found regfile [merge] -- reg error: Key error. Scrfile [config] -- "%1" file not found scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l (microsoft corporation) scrfile [open] -- "%1" /s file not found txtfile [edit] -- reg error: Key error. Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1 file not found directory [addtoplaylistvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" () directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation) directory [find] -- %systemroot%\explorer.exe (microsoft corporation) directory [playwithvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () folder [open] -- %systemroot%\explorer.exe (microsoft corporation) folder [explore] -- reg error: Value error. Drive [find] -- %systemroot%\explorer.exe (microsoft corporation) [hkey_local_machine\software\classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation) exefile [open] -- "%1" %* helpfile [open] -- reg error: Key error. Inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation) internetshortcut [open] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\ieframe.dll",openurl %l (microsoft corporation) internetshortcut [print] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation) piffile [open] -- "%1" %* regfile [merge] -- reg error: Key error. Scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l (microsoft corporation) scrfile [open] -- "%1" /s txtfile [edit] -- reg error: Key error. Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1 directory [addtoplaylistvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" () directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation) directory [find] -- %systemroot%\explorer.exe (microsoft corporation) directory [playwithvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () folder [open] -- %systemroot%\explorer.exe (microsoft corporation) folder [explore] -- reg error: Value error. Drive [find] -- %systemroot%\explorer.exe (microsoft corporation) ========== security center settings ========== 64bit: [hkey_local_machine\software\microsoft\security center] "cval" = 1 -- [2010/07/06 17:28:22 | 000,000,000 | ---d | m] 64bit: [hkey_local_machine\software\microsoft\security center\monitoring] 64bit: [hkey_local_machine\software\microsoft\security center\svc] "vistasp1" = 28 4d b2 76 41 04 ca 01 [binary data] "antivirusoverride" = 0 "antispywareoverride" = 0 "firewalloverride" = 0 64bit: [hkey_local_machine\software\microsoft\security center\svc\vol] [hkey_local_machine\software\microsoft\security center] [hkey_local_machine\software\microsoft\security center\svc] ========== system restore settings ========== 64bit: [hkey_local_machine\software\policies\microsoft\windows nt\systemrestore] [hkey_local_machine\software\policies\microsoft\windows nt\systemrestore] ========== firewall settings ========== [hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile] "disablenotifications" = 0 "enablefirewall" = 1 -- [2010/07/06 17:28:22 | 000,000,000 | ---d | m] [hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile] "disablenotifications" = 0 "enablefirewall" = 0 [hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile] "disablenotifications" = 0 "enablefirewall" = 0 ========== authorized applications list ========== ========== hkey_local_machine uninstall list ========== 64bit: [hkey_local_machine\software\microsoft\windows\currentversion\uninstall] "{013cca52-da56-4133-ac2b-1988a9568c30}" = native instruments audio 4 dj driver "{0b8565ba-bad5-4732-b122-5fd78efc50a9}" = native instruments service center "{0f2d7186-ef54-37fa-aa61-ed6f88e771ce}" = microsoft .net framework 4 extended beta 2 "{23170f69-40c1-2702-0915-000001000000}" = 7-zip 9.15 (x64 edition) "{267b3e82-c941-47d8-bcd3-1bbbb56fcbc6}" = native instruments maschine controller driver "{2aac4085-dcbf-417b-aebd-182197839240}" = native instruments traktor "{3d3e663d-4e7e-4577-a560-7ecddd45548a}" = pvsonydll "{43b74fab-fb58-447d-8d3a-5f638af36fd1}" = netzmanager "{4ffa2088-8317-3b14-93cd-4c699db37843}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729 "{7930fb47-6452-4476-bf16-d77f748646db}" = native instruments session io driver "{8220eefe-38cd-377e-8595-13398d740ace}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.17 "{90140000-0011-0000-1000-0000000ff1ce}" = microsoft office professional plus 2010 "{90140000-0012-0000-1000-0000000ff1ce}" = microsoft office standard 2010 "{90140000-0015-0407-1000-0000000ff1ce}" = microsoft office access mui (german) 2010 "{90140000-0016-0000-1000-0000000ff1ce}" = microsoft office excel 2010 "{90140000-0016-0407-1000-0000000ff1ce}" = microsoft office excel mui (german) 2010 "{90140000-0018-0000-1000-0000000ff1ce}" = microsoft office powerpoint 2010 "{90140000-0018-0407-1000-0000000ff1ce}" = microsoft office powerpoint mui (german) 2010 "{90140000-0019-0407-1000-0000000ff1ce}" = microsoft office publisher mui (german) 2010 "{90140000-001a-0000-1000-0000000ff1ce}" = microsoft office outlook 2010 "{90140000-001a-0407-1000-0000000ff1ce}" = microsoft office outlook mui (german) 2010 "{90140000-001b-0000-1000-0000000ff1ce}" = microsoft office word 2010 "{90140000-001b-0407-1000-0000000ff1ce}" = microsoft office word mui (german) 2010 "{90140000-001f-0407-1000-0000000ff1ce}" = microsoft office proof (german) 2010 "{90140000-001f-0409-1000-0000000ff1ce}" = microsoft office proof (english) 2010 "{90140000-001f-040c-1000-0000000ff1ce}" = microsoft office proof (french) 2010 "{90140000-001f-0410-1000-0000000ff1ce}" = microsoft office proof (italian) 2010 "{90140000-002c-0407-1000-0000000ff1ce}" = microsoft office proofing (german) 2010 "{90140000-0043-0000-1000-0000000ff1ce}" = microsoft office office 32-bit components 2010 "{90140000-0043-0407-1000-0000000ff1ce}" = microsoft office shared 32-bit mui (german) 2010 "{90140000-0044-0407-1000-0000000ff1ce}" = microsoft office infopath mui (german) 2010 "{90140000-006e-0407-1000-0000000ff1ce}" = microsoft office shared mui (german) 2010 "{90140000-008b-0000-1000-0000000ff1ce}" = microsoft office small business basics 2010 "{90140000-00a1-0407-1000-0000000ff1ce}" = microsoft office onenote mui (german) 2010 "{90140000-00ba-0407-1000-0000000ff1ce}" = microsoft office groove mui (german) 2010 "{a35001f0-f1e4-11dd-a38b-005056c00008}" = paragon partition manager™ 10.0 professional "{b0efb716-085b-4564-8060-212e41f5ce50}" = windows live id sign-in assistant "{b962ad08-335f-46f7-a182-257d37672e5c}" = native instruments rig kontrol 3 driver "{e856e900-52de-3f06-b493-b39442a717f6}" = microsoft .net framework 4 client profile beta 2 "{ee936c7a-ea40-31d5-9b65-8e3e089c3828}" = microsoft visual c++ 2008 atl update kb973924 - x64 9.0.30729.4148 "microsoft .net framework 4 client profile beta 2" = microsoft .net framework 4 client profile beta 2 "microsoft .net framework 4 extended beta 2" = microsoft .net framework 4 extended beta 2 "nvidia display control panel" = nvidia display control panel "nvidia drivers" = nvidia drivers "office14.excel" = microsoft excel 2010 "office14.outlook" = microsoft outlook 2010 "office14.powerpoint" = microsoft powerpoint 2010 "office14.proplus" = microsoft office professional plus 2010 "office14.smallbusbasics" = microsoft office small business basics 2010 "office14.standard" = microsoft office standard 2010 "office14.word" = microsoft word 2010 "teamspeak 3 client" = teamspeak 3 client "win7x64 components_is1" = win7x64 components v1.2.1 "winrar archiver" = winrar [hkey_local_machine\software\microsoft\windows\currentversion\uninstall] "{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = microsoft visual c++ 2008 atl update kb973924 - x86 9.0.30729.4148 "{02b244a2-7f6a-42e8-a36f-8c385d7a1625}" = gothic iii "{0711500b-9912-4d60-9a49-c577b4503d42}" = nero recode help "{07ff7593-9dea-40b5-9f87-f557e65bbf60}" = nero recode "{08b3869e-d282-424c-9afc-870e04a4ba14}" = rockstar games social club "{08c8666b-c502-4ab3-b4cb-d74ac42d14fe}" = nero backitup 10 help (chm) "{11a84fca-c3c7-4afd-a797-111db8569dbc}" = nero burningrom "{155f4a0e-76ed-45a2-91fb-ff2a2133c31a}" = risen "{16987e99-c95c-4513-9239-7b44a0a71db5}" = nero soundtrax 10 help (chm) "{1b040683-c390-4711-abc7-da8d85e470e7}" = neroburningrom "{1b8fe958-a304-4902-bf7a-4e2f0f5b7017}_is1" = gpsbabel 1.4.1 "{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148 "{1f7fb68f-52f6-46a3-b42f-38ce46295ae5}" = nero mediahub 10 "{237ccb62-8454-43e3-b158-3acd0134852e}" = high-definition video playback 10 "{24036256-bfdb-4cd3-be8a-a3d6160f2e16}" = tuneup utilities 2011 "{2436f2a8-4b7e-4b6c-ae4e-604c84aa6a4f}" = nero core components 10 "{26a24ae4-039d-4ca4-87b4-2f83216017ff}" = java(tm) 6 update 17 "{277c1559-4cf7-44ff-8d07-98aa9c13aabd}" = nero multimedia suite 10 "{28526951-55ef-4901-a0ca-b9ac966d1dd1}" = split/second "{2d3455a8-3b15-41a8-99f8-0d4215746463}" = nero startsmart "{2ffe93f0-bb72-4e52-8761-354d1aaa9387}" = sony ericsson pc suite 6.009.00 "{3097b151-1f61-4211-a4cc-d70127b226ae}" = soundtrax "{310bc5e2-31af-49bb-904d-e71eb93645dc}" = ai suite "{329411a0-19f3-4740-874f-17400b126f27}" = nero vision 10 help (chm) "{33643918-7957-4839-92c7-ea96cb621a98}" = nero express 10 help (chm) "{34bdf3bf-aa61-42e7-8818-c16a304910fc}" = emma core "{3ac8457c-0385-4bea-a959-e095f05d6d67}" = battlefield: Bad company™ 2 "{3f30cc51-0788-487b-aa83-7214a239c0c0}" = nero disc copy gadget help "{406fb8a4-f539-48a9-809c-f94706f9c9f6}_is1" = s.t.a.l.k.e.r. - call of pripyat [v1.6.01] "{42c8b7df-feb0-4d51-b169-506b6bec5797}" = nero 10 menu templatepack 1 "{4343080e-91b7-4388-ab4d-fb1000008200}" = dead rising 2 "{43fbab46-5969-4200-9958-1ff81fee506f}" = nero 10 movie themepack 1 "{45a66726-69bc-466b-a7a4-12fcba4883d7}" = hijackthis "{4d42353b-533f-4306-ad0b-7fef292ade04}" = nero coverdesigner help "{4e8c27c2-d727-4c00-a90e-c3f6376eee70}" = nero controlcenter "{5454083b-1308-4485-bf17-111000028701}" = grand theft auto: Episodes from liberty city "{5454083b-1308-4485-bf17-111000028702}" = grand theft auto: Episodes from liberty city "{5454083b-1308-4485-bf17-111000028703}" = grand theft auto: Episodes from liberty city "{5454083b-1308-4485-bf17-111000038701}" = grand theft auto: Episodes from liberty city "{555868c6-49fb-484f-bb43-8980651a1b00}" = nero burnrights 10 help (chm) "{56be5cc9-95e6-4128-abea-968414ca9c80}" = dolbyfiles "{56c049be-79e9-4502-bea7-9754a3e60f9b}" = neroxml "{579ba58c-f33d-4970-9953-b94b43768ac3}" = grand theft auto iv "{589a63d3-89e1-4d9b-8dbc-6039bb27289e}" = activision(r) "{5ae12194-3eaa-40df-b2bf-fe1d6b78bbf4}" = nero vision "{5c2e8a0f-80e2-4c68-8cc0-d8d16e7196bf}" = nero rescueagent help "{5c9a7e65-5b71-4c7f-876a-8c6af9e9e23d}" = saboteur™ "{5d4c60aa-84e6-4e1a-8a68-69970d387be1}" = tuneup utilities language pack (de-de) "{61b8b2f9-d8da-4b24-89a9-db09f38a4899}" = grand theft auto: Episodes from liberty city "{63aa3eab-23bb-48b2-9ad0-44f878075604}" = nero 10 menu templatepack basic "{65bb0407-4cc8-4dc7-952e-3eefdf05602a}" = nero update "{66049135-9659-4aad-9169-9cca269ebb3e}" = nero infotool 10 help (chm) "{6dfb899f-17a2-48f0-a533-ed8d6866cf38}" = nero control center 10 "{70550193-1c22-445c-8fa4-564e155db1a7}" = nero express 10 "{70f19404-b96c-4ebb-ad2b-3574f8736197}" = nero 10 movie themepack 2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable "{76e41f43-59d2-4f30-ba42-9a762ee1e8de}" = avanquest update "{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053 "{775dc704-aae3-4a79-981f-ea1cbaf96eb7}" = gothic iii - götterdämmerung "{7a295d8f-484b-4ffb-89ab-c1fd497591fe}" = nero waveeditor 10 help (chm) "{7a5d731d-b4b3-490e-b339-75685712baab}" = nero burning rom 10 "{7ee873af-46bb-4b5d-ba6f-cfe4b0566e22}" = tuneup utilities language pack (de-de) "{7f88c9e5-12bd-404f-ac6a-108baac9b708}" = asus gamer osd "{809d7e6d-915d-4ead-821f-e13d93f37161}" = asus smart doctor "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = microsoft visual c++ 2005 redistributable "{888f1505-c2b3-4fde-835d-36353ebd4754}" = ubisoft game launcher "{88eb38ef-4d2c-436d-abd3-56b232674062}" = icq7 "{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight "{8ecec853-5c3d-4b10-b5c7-ff11ff724807}" = nero recode 10 "{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules "{8fb1b528-e260-451e-9b55-e9152f94b80b}" = microsoft games for windows - live redistributable "{90a455a7-0fc8-4508-b7fa-8f135b8f041a}" = dsl-manager "{92146419-ae44-4c8b-a48b-0abb1b5ec026}" = nero 10 menu templatepack 3 "{92a10e9d-ea00-4a46-8f22-eea660992d61}" = nero 10 sample videos "{92e25238-61a3-4acd-a407-3c480eef47a7}" = nero rescueagent 10 help (chm) "{93a10228-4f64-4a31-b7b9-bc6aa7753bb8}" = scratch live 1.8.2 (18221) "{943cc0c0-2253-4fe0-9493-dd386f7857fd}" = nero express "{961d53ea-40dc-4156-ad74-25684ce05f81}" = nero installer "{96ed4b78-300e-4033-ae6c-c115ceb4df07}" = nero 10 clipartpack "{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17 "{9a4297f3-2a51-4ed9-92ca-4bcb8380947e}" = nero vision 10 "{9a875b56-a35c-46ba-a3aa-df8d03ee9f2f}" = nero controlcenter "{9b6b24be-80e7-46c4-9fa5-b167d5e0f345}" = nero burningrom 10 help (chm) "{9c916142-c18c-429d-bfed-40094a7e0beb}" = die siedler 7 "{9e78c42c-4ff9-4f41-bbc4-bf872606e79d}_is1" = driver robot 1.1.0.14 "{9f3523f8-dad7-ae52-6da7-45cdddf33726}" = advertising center "{a3a61264-b075-46be-9c97-376ea4ceeef5}" = pdfgrabber 6.0 "{a73bec3c-40a0-480e-87ef-efcd33629088}" = neroexpress "{a8399f58-234a-48c6-ba55-30c15738bf3c}" = nero coverdesigner "{a8f2089b-1f79-4bf6-b385-a2c2b0b9a74d}" = imagxpress "{ac76ba86-7ad7-1031-7b44-a93000000001}" = adobe reader 9.3.3 - deutsch "{acd15fdf-fc42-4175-b477-576f92ff2256}" = nero 10 sample imagepack "{ae3cf174-872c-46c6-b9f6-c0593f3bc7b8}" = microsoft office live add-in 1.4 "{aec81925-9c76-4707-84a9-40696c613ed3}" = dragon age: Origins "{b2c12c8d-65dc-40bd-b309-5adb0c6c8d8f}" = nero waveeditor "{b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1" = spybot - search & destroy "{b8777ffc-165b-4dde-b60b-ad5533d9ead3}" = aquasoft photokalender 3 "{b96c2601-52f5-4d5d-816a-63469ea311ef}" = "nero soundtrax help "{bcd82ab5-670d-4242-90fa-1f97103c16cd}" = movie templates - starter kit "{c18a0418-442a-4186-af98-d08f5054a2fc}" = nero discspeed 10 help (chm) "{c3273c55-e1e4-41ff-8d69-0158090db8d8}" = nero coverdesigner 10 help (chm) "{c3580ac4-c827-4332-b935-9a282ed5bb97}" = nero dolby files 10 "{c99c89a3-119a-45e6-b26e-dd5643caa0c5}" = menu templates - starter kit "{cd1826a5-cfcc-4c6e-9f9d-e181876162ea}" = nero rescue agent "{d0894778-7254-401e-8a82-f9c05ae100bb}" = nero 9 "{d24db8b9-bb6c-4334-9619-ba1c650e13d3}" = microsoft primary interoperability assemblies 2005 "{d7c206b6-1a63-4389-a8b1-8f607d0bff1f}" = nero startsmart help "{db7c1d4a-08ba-4c7e-a8aa-b7f9bb372dcf}" = nero recode 10 help (chm) "{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = ad-aware "{e1ee5339-5d32-458f-baab-b19f6301bce2}" = nero soundtrax 10 "{e337e787-cf61-4b7b-b84f-509202a54023}" = nero rescueagent 10 "{e4a8dd87-a746-4443-bf25-caf99ced6767}" = nero disc copy gadget "{e712c273-7564-4c8e-aa59-0fa19bc35117}" = nero 10 menu templatepack 2 "{e86156e5-9859-440d-8876-26ced1349802}" = nero waveeditor help "{ed3d71cc-9f3b-4ac5-9e55-ab915ebc0beb}" = hdd temperature v.4 "{edcdfad5-df80-4600-a493-e9dad6810230}" = nero waveeditor 10 "{efe1ab94-5466-4b6e-be31-ff4c115fd25d}" = max payne 2 "{f0a37341-d692-11d4-a984-009027ec0a9c}" = soundmax "{f333a33d-125c-32a2-8dce-5c5d14231e27}" = visual c++ 2008 x86 runtime - (v9.0.30729) "{f333a33d-125c-32a2-8dce-5c5d14231e27}.vc_x86runtime_30729_01" = visual c++ 2008 x86 runtime - v9.0.30729.01 "{f412b4af-388c-4ff5-9b2f-33db1c536953}" = nero infotool 10 "{f467862a-d9ca-47ed-8d81-b4b3c9399272}" = nero mediahub 10 help (chm) "{f53f6769-ac46-49e3-abe3-2c8afd39d0dd}" = nero vision "{f5cb822f-b365-43d1-bcc0-4fda1a2017a7}" = nero 10 movie themepack basic "{f6117f9c-adb5-4590-9be4-12c7bec28702}" = nero startsmart 10 help (chm) "{f61d489e-6c44-49ac-ad02-7da8aca73a65}" = nero startsmart 10 "{f97e3841-ca9d-4964-9d64-26066241d26f}" = microsoft games for windows - live "{f9835182-794b-4f24-902a-e2ca9d43380f}" = nvidia physx "{ff66e9f6-83e7-3a3e-af14-8de9a809a6a4}" = microsoft visual c++ 2008 redistributable - x86 9.0.21022 "ad-aware" = ad-aware "adobe flash player activex" = adobe flash player 10 activex "adobe flash player plugin" = adobe flash player 10 plugin "alchemy" = creative alchemy "any dvd converter professional_is1" = any dvd converter professional 3.5.8 "anydvd" = anydvd "aoa video joiner_is1" = aoa video joiner "aquasoft photokalender 3" = aquasoft photokalender 3 "arcania" = arcania - gothic 4 "ashampoo winoptimizer 6_is1" = ashampoo winoptimizer 6.30 "asio4all" = asio4all "audiocs" = creative audio-systemsteuerung "audiograbber" = audiograbber 1.83 se "audiograbber-lame" = audiograbber lame-mp3-plugin "avi2dvd" = avi2dvd 0.4.5 beta "avira antivir desktop" = avira antivir personal - free antivirus "avisynth" = avisynth 2.5 "avmwlancli" = avm fritz!wlan "biet-o-matic v2.12.0" = biet-o-matic v2.12.0 "ca_movielabel_is1" = movie label 2011 v6.1 "call of duty modern warfare 2_is1" = call of duty modern warfare 2 "clonecd" = clonecd "clonedvd2" = clonedvd2 "console launcher" = creative konsole starter "cpu-control_is1" = cpu-control "creative software autoupdate" = creative software autoupdate "creative sound blaster properties x64 edition" = creative sound blaster properties x64 edition "efcl seculauncher error fix v1.1 by tokzic 1.1" = efcl seculauncher error fix v1.1 by tokzic 1.1 "eflc errors fix v1.3 tokzic 4 mygully" = eflc errors fix v1.3 tokzic 4 mygully "festo fluidsim_is1" = festo fluidsim 3.6 "formatfactory" = formatfactory 2.20 "future wars" = future wars "g3qp231012008_is1" = questpaket 4 update 1 deinstallation "gfwl_{4343080e-91b7-4388-ab4d-fb1000008200}" = dead rising 2 "gordon's gate flash driver" = gordon's gate flash driver 1.1.0.12 "host openal (adi)" = host openal (adi) "installshield_{589a63d3-89e1-4d9b-8dbc-6039bb27289e}" = blur(tm) "installshield_{809d7e6d-915d-4ead-821f-e13d93f37161}" = asus smart doctor "logo!soft comfort v6.0" = logo!soft comfort v6.0 "mafia ii update 1_is1" = mafia ii update 1 "mafia ii_is1" = mafia ii "manhunt 2" = manhunt 2 "mkv to avi with subtitle_is1" = mkv to avi with subtitle version 2.0 "mozilla firefox (3.6.11)" = mozilla firefox (3.6.11) "mymdb_0" = mymdb 3.5.3 "mymdb_1" = mymdb 3.6 "mymdb_2" = mymdb 3.6 "mymdb_3" = mymdb 3.6 "mymdb_4" = mymdb 3.6 "mymdb_5" = mymdb 3.6 "native instruments audio 4 dj driver" = native instruments audio 4 dj driver "native instruments finale gpo" = native instruments finale gpo "native instruments maschine controller driver" = native instruments maschine controller driver "native instruments rig kontrol 3 driver" = native instruments rig kontrol 3 driver "native instruments service center" = native instruments service center "native instruments session io driver" = native instruments session io driver "native instruments traktor" = native instruments traktor "native instruments traktor dj studio 3" = native instruments traktor dj studio 3 "netzmanager" = netzmanager "no-ip.com duc" = no-ip.com duc (remove only) "openal" = openal "reason4_is1" = reason 4.0 "rivatuner" = rivatuner v2.24 msi master overclocking arena 2009 edition "semc omsi module" = semc omsi module "sfbm" = soundfont-bank-manager "smart recorder" = creative smart recorder "tbsb03968.tbsb03968toolbar" = toolbar fuer ebay "teamspeak 2 rc2_is1" = teamspeak 2 rc2 "tomtom home" = tomtom home 2.7.6.2056 "tuneup utilities 2011" = tuneup utilities 2011 "virtual dj - atomix productions" = virtual dj - atomix productions "virtualclonedrive" = virtualclonedrive "vlc media player" = vlc media player 1.1.4 "xvid" = xvid mpeg-4 video codec "youtubeget_is1" = youtubeget 5.3 ========== hkey_current_user uninstall list ========== [hkey_current_user\software\microsoft\windows\currentversion\uninstall] "freewar karten editor" = freewar karten editor ========== last 10 event log errors ========== error reading event logs: The event service is not operating properly or the event logs are corrupt! < end of report > |
27.10.2010, 18:54 | #4 | |
| popup fenster gehen alle paar minuten auf anti mailware logfile: Zitat:
|
27.10.2010, 21:11 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | popup fenster gehen alle paar minuten aufZitat:
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu popup fenster gehen alle paar minuten auf |
ad-aware, antivir, antivir guard, asus, avg, avira, bho, desktop, ebay, explorer, firefox, helper, hijack, hijackthis, internet explorer, logfile, mozilla, nvidia, object, popup, senden, software, stick, syswow64, windows, wmp |