|
Plagegeister aller Art und deren Bekämpfung: Programme lassen sich von einem User nicht mehr ausführenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.02.2011, 10:29 | #1 |
| Programme lassen sich von einem User nicht mehr ausführen Hallo, nach drei Jahren ungetrübten Nutzens hab ich mal wieder ein PC-Problem, bei dem ich auf eure Hilfe baue. Board- und Googlesuche haben keine exakten Treffer ergeben oder zu Foreneinträgen geführt die Jahre zurück liegen. Also zum Teil noch nicht mal mit ähnlichem OS wie dem meinem auftraten. OS ist Vista32, das gerät mitlerweile ein NB von MSI. Programme wie Firefox, CCleaner oder einfach das Notepad lassen sich nicht mehr starten. Nicht über Verknüpfungen, Schnellstartleiste oder direkt aus den Install-Ordnern heraus. Keine Fehlermeldung oder sonstiges. Nur das Vista-Pendant zur Sanduhr und dann nichts mehr. Habe gestern ein bischen "aufgeräumt", also ungenutzte Progs und Files entfernt. Danach noch CCleaner genutzt. Ein paar Neustarts wurden auch durchgeführt und es traten keine Probleme auf. Bis heute Morgen. Das betrifft allerdings nur eine Benutzeroberfläche, mit der ich gewöhnlich ins Netz gehe. Bei anderen hab ich, wie man sieht, keine Probleme mit Browsern o.ä. Deshalb dachte ich, das Problem könnte durchaus auf Malware zurück zu führen sein und ihr die richtigen Ansprechpartner. Einziges Log bisher ist die Prüfung der Systemverzeichnise mit AntiVir: Anhang 13630 Soweit ich das verstanden habe, ist HJT nicht mehr das Scan-Programm der Wahl. Daher wäre ich dankbar für eine Empfehlung in der Richtung und einer Seite mit Einführung in die Auswertung des Scan-Logs. Ich arbeite mich ganz gerne selbst in solche Sachen ein soweit möglich. Allerdings werde ich Programme wahrscheinlich nicht von der betroffenen Benutzeroberfläche aus starten können! Natürlich kann alles durch die Anwendung von CCleaner und das versehentliche Löschen einer Systemdatei verursacht worden sein. Halte ich aber für unwahrscheinlich, da ich CCleaner öfters nutze und nie ein ähnliches Problem hatte. Außerdem funktionierte nach Neustart wie gesagt gestern alles noch und die Probleme treten nur bei einem Nutzer auf. Entfernen systemrelevanter Dateien oder rummurksen in der Registry sollte sich dann doch auf alle Nutzer auswirken, oder? EDIT: Was auch noch funktioniert sind alle Progs die nach Start automatisch ausgeführt werden wie z.B. AntiVir und Skype. Vielen Dank für jegliche Mühe im Voraus Geändert von Geezus (16.02.2011 um 10:43 Uhr) |
16.02.2011, 11:11 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Programme lassen sich von einem User nicht mehr ausführen Hallo und
__________________Probier mal bitte aus, notfalls im abgesicherten Modus mit Netzwerktreibern: Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
16.02.2011, 15:13 | #3 |
| Programme lassen sich von einem User nicht mehr ausführen Hallo Cosinus,
__________________danke für die Antwort. Hier das Quikscan-Log von Malwarebytes. Vollscan mach ich auch noch, hatte deine Anweisungen vor deinem Edit übernommen. PHP-Code: OTL-Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.02.2011 14:43:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\help Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,34 Gb Total Space | 2,65 Gb Free Space | 7,71% Space Free | Partition Type: NTFS Drive D: | 192,69 Gb Total Space | 93,82 Gb Free Space | 48,69% Space Free | Partition Type: NTFS Computer Name: HIVE-IVE | User Name: Sebastian Edlich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\help\OTL.exe (OldTimer Tools) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe () PRC - C:\Programme\LaCie\Desktop Manager\lacie_dm_service.exe () PRC - C:\Programme\LaCie\Desktop Manager\lacie_launcherd.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - D:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - D:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - d:\Program Files\CPUCooL\CooLSRV.exe () PRC - C:\Windows\System32\maFwTray.exe (Avid Technology, Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\BisonCam\BisonHK.exe () PRC - C:\Windows\BisonCam\BsMnt.exe () PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\System Control Manager\edd.exe () ========== Modules (SafeList) ========== MOD - D:\help\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NMSAccess) -- File not found SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LaCieDesktopManagerService) -- C:\Programme\LaCie\Desktop Manager\lacie_dm_service.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Ati External Event Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (HauppaugeTVServer) -- D:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (CPUCooLServer) -- d:\Program Files\CPUCooL\CooLSRV.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe () ========== Driver Services (SafeList) ========== DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MAFW) -- C:\Windows\System32\drivers\mafw.sys (Avid Technology, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (OXSDIDRV_x32) Oxford Semi eSATA Filter (x32) -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys () DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys () DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys () DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com/?o=101764&l=dis IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de" FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Program Files\real\browserrecord [2008.05.01 17:03:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.02.09 05:50:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.02.13 14:52:11 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: D:\Program Files\Mozilla Sunbird\components [2008.12.02 23:50:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: D:\Program Files\Mozilla Sunbird\plugins [2011.02.13 14:52:11 | 000,000,000 | ---D | M] [2008.12.04 15:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Edlich\AppData\Roaming\mozilla\Extensions [2011.02.16 13:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Edlich\AppData\Roaming\mozilla\Firefox\Profiles\ocx2yjm6.default\extensions [2009.12.18 18:54:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sebastian Edlich\AppData\Roaming\mozilla\Firefox\Profiles\ocx2yjm6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.05 00:02:12 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Sebastian Edlich\AppData\Roaming\mozilla\Firefox\Profiles\ocx2yjm6.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008.12.02 23:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian Edlich\AppData\Roaming\mozilla\Sunbird\Profiles\9z9hiwlp.default\extensions [2009.11.30 16:49:24 | 000,000,687 | ---- | M] () -- C:\Users\Sebastian Edlich\AppData\Roaming\Mozilla\Firefox\Profiles\ocx2yjm6.default\searchplugins\ask.xml [2010.09.06 21:34:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2008.07.12 23:05:11 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2008.11.26 19:35:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [2009.03.06 21:47:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2010.01.28 23:41:39 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- D:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\real\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe () O4 - HKLM..\Run: [BsMnt] C:\Windows\BisonCam\BsMnt.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GBMLite8AgentLaCie] d:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) O4 - HKLM..\Run: [LaCie Desktop Manager Launcher] C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [MAFWTaskbarApp] C:\Windows\System32\maFwTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] d:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\maFwTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [WinCast] File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [GBMLite8AgentLaCie] d:\Program Files\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft) O4 - HKCU..\Run: [LaCie Desktop Manager Startup] C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe () O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Download by Orbit - d:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - d:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - d:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - d:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sebastian Edlich\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sebastian Edlich\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bc9b3c1-0cb2-11dd-b73d-0019dbefb016}\Shell - "" = AutoRun O33 - MountPoints2\{5bc9b3c1-0cb2-11dd-b73d-0019dbefb016}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{80d08082-7816-11dd-8fd2-0019dbefb016}\Shell - "" = AutoRun O33 - MountPoints2\{80d08082-7816-11dd-8fd2-0019dbefb016}\Shell\AutoRun\command - "" = F:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.16 14:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sebastian Edlich\AppData\Roaming\Malwarebytes [2011.02.16 14:26:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.16 14:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.16 14:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.16 14:26:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.16 13:18:43 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.02.16 13:18:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.02.16 13:18:36 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.02.16 13:18:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.02.16 13:18:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.02.16 13:18:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.02.16 13:18:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.02.16 13:18:33 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.02.16 13:18:33 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.02.16 13:18:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.02.16 13:18:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.02.16 13:18:32 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.02.16 13:18:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.02.16 13:18:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.02.16 13:18:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.02.16 13:18:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.02.16 13:18:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.02.16 13:18:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.02.16 13:18:23 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.02.16 13:18:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.02.16 13:18:15 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.02.16 13:18:15 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.02.16 13:18:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.02.16 13:18:15 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2011.02.16 13:18:15 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.02.16 13:18:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.02.16 13:18:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.02.16 13:18:14 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.02.16 13:18:14 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.02.16 13:18:14 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.02.16 13:18:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.02.16 13:18:14 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.02.16 13:18:13 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.02.16 13:18:13 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.02.16 13:18:13 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.02.16 13:18:12 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.02.16 13:18:12 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.02.16 13:18:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.02.16 13:18:11 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.02.16 13:18:11 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.02.16 13:18:11 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.02.16 13:18:11 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.02.16 13:18:08 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.02.16 13:18:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.02.16 13:18:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.02.16 13:17:55 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.02.16 13:17:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.02.16 13:17:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.02.16 13:17:31 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.02.16 13:17:31 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.02.16 13:17:14 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.02.16 13:16:59 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.02.16 13:16:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.02.16 13:16:52 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.02.16 13:16:46 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.02.16 13:16:46 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.02.16 13:16:45 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.02.16 13:16:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.02.16 13:15:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.02.16 13:15:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.02.16 13:15:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.02.16 13:15:29 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.02.16 13:15:24 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.02.16 13:15:23 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.02.16 13:15:16 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.02.16 13:15:15 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.02.16 13:15:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.02.16 13:01:07 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.02.15 14:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2011.02.15 14:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2011.02.15 14:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2011.02.15 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Sebastian Edlich\AppData\Roaming\Skype [2011.02.15 14:44:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian Edlich\AppData\Local\LogMeIn Hamachi [2011.01.24 09:42:26 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys [2011.01.24 09:42:23 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi [2011.01.24 09:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.16 14:42:25 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\dylh.sys [2011.02.16 14:22:11 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.16 14:22:11 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.16 14:22:11 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.16 14:22:10 | 000,146,040 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.16 14:17:09 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.16 14:17:09 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.16 14:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.16 14:15:39 | 000,315,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.02.13 20:00:00 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\GBM - Basis-Vollständig.job [2011.01.20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.01.20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.01.20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.01.20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.01.20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.01.20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.01.20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.01.20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.01.20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.01.20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.01.20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.01.20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.01.20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.01.20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.01.20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.01.20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.01.20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.01.20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.01.20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.01.20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.01.20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.01.20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.01.20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.01.20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.01.20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.16 14:42:25 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\dylh.sys [2010.09.06 21:36:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.23 04:36:52 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll [2010.05.18 22:03:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.05.11 20:44:06 | 000,000,023 | ---- | C] () -- C:\Windows\wiso.ini [2010.05.11 20:14:52 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.05.11 20:14:51 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.05.11 20:11:16 | 000,007,192 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009.12.09 20:02:14 | 000,000,031 | ---- | C] () -- C:\Windows\LEGEND.INI [2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.09.01 13:41:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.11 22:22:43 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.08.11 22:22:43 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.07.24 01:39:11 | 000,000,256 | ---- | C] () -- C:\Windows\Sierra.ini [2009.05.19 14:14:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.05.17 12:04:10 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2009.02.09 10:08:24 | 000,052,656 | ---- | C] () -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys [2009.02.09 10:08:02 | 000,048,688 | ---- | C] () -- C:\Windows\System32\OXSDICIN_x32.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.08.15 11:13:59 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.08.14 15:43:15 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.08.14 15:43:15 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.07.23 23:37:07 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.07.23 23:37:07 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.06.02 23:35:44 | 000,000,104 | ---- | C] () -- C:\Users\Sebastian Edlich\AppData\Local\fusioncache.dat [2008.04.18 22:06:35 | 000,000,362 | ---- | C] () -- C:\Users\Sebastian Edlich\AppData\Roaming\wklnhst.dat [2008.04.17 20:01:48 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.04.15 20:02:33 | 000,005,120 | ---- | C] () -- C:\Users\Sebastian Edlich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.15 20:01:47 | 000,027,524 | ---- | C] () -- C:\Users\Sebastian Edlich\AppData\Roaming\UserTile.png [2008.04.12 16:40:28 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2008.04.12 16:40:28 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2007.08.08 22:04:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.08.08 21:54:56 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2007.08.08 21:54:56 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2007.08.08 21:54:56 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2007.08.08 19:13:27 | 000,000,045 | ---- | C] () -- C:\Windows\GX610.ini [2007.05.17 14:52:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.08.09 23:12:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll < End of report > und OTL-Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.02.2011 14:43:36 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = D:\help Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,34 Gb Total Space | 2,65 Gb Free Space | 7,71% Space Free | Partition Type: NTFS Drive D: | 192,69 Gb Total Space | 93,82 Gb Free Space | 48,69% Space Free | Partition Type: NTFS Computer Name: HIVE-IVE | User Name: Sebastian Edlich | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Program Files\BitTorrent\bittorrent.exe" = D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "d:\Program Files\Orbitdownloader\orbitdm.exe" = d:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "d:\Program Files\Orbitdownloader\orbitnet.exe" = d:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1A716326-18CA-41B1-AFAA-90EB771133F8}" = rport=137 | protocol=17 | dir=out | app=system | "{3FA1F272-45C1-46BE-B18C-396D3492269D}" = lport=139 | protocol=6 | dir=in | app=system | "{4CAEBBD9-28E6-4CE1-8347-7DC23CA28808}" = lport=138 | protocol=17 | dir=in | app=system | "{4D33EE64-50B2-444C-8E50-F1A4D3CD8319}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{537CE50E-5B96-4C5C-95CE-3D4A5C0CD24E}" = rport=445 | protocol=6 | dir=out | app=system | "{5CD2CD0C-C2B3-4EEC-AD95-EFF2C08C71AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{6A8543B2-8D09-4209-AFCC-80D62F7E1FDC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72EAC333-932F-4573-8AFD-830FFA94115D}" = lport=137 | protocol=17 | dir=in | app=system | "{7693E796-A08F-4A8B-B16C-E14133F8015E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8CA5C270-B9BB-4888-8D92-32AAFFDF6437}" = lport=445 | protocol=6 | dir=in | app=system | "{8E4122D7-DED5-4B15-BBFE-41C2EF985EE0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8CC7238-03B6-4CD5-AF76-4E8F3FFFEB0C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B8CE87EF-F2CB-421A-BE7F-06A83ED9D36F}" = lport=2869 | protocol=6 | dir=in | app=system | "{CF5189AC-E367-477D-A456-C1D6A39B56F8}" = lport=10243 | protocol=6 | dir=in | app=system | "{D7F24DE2-C5B4-400D-B194-4D2F63DA78EE}" = rport=139 | protocol=6 | dir=out | app=system | "{D81530CC-747B-4091-BED1-58CCACB479C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E0B5E271-C635-4689-9A81-A6E2321E4483}" = lport=6346 | protocol=6 | dir=in | name=slsk | "{EFA3B8E8-AB94-4EF2-A9DE-86354A52C2E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FBA37475-75F4-4AB5-B17A-7DBEA3CD7851}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF11D4CB-33F6-488A-8CF7-4E9FF4BE205E}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{047BCB44-83F1-435B-8A13-DAC5F53F0D73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0A7B138A-8D67-4E30-A96D-4257C1F15F0A}" = protocol=6 | dir=in | app=d:\program files\azureus\azureus.exe | "{11F27389-ABDF-467F-A77F-1C33B045B916}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe | "{19B2B4D9-86A2-4BA2-8716-928E4CACFDCC}" = protocol=6 | dir=in | app=d:\program files\opera\opera.exe | "{2F681B64-06D0-42F9-80DF-F2B3907FD7B6}" = protocol=6 | dir=out | app=system | "{33D69009-6E48-4A7F-A41C-B667EF3DE543}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3BB651FC-2B50-4B2A-A2F6-6EBE7B2C88F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3E609B93-4A17-4A84-862F-3A415CA862C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4F428E57-072D-48AC-898F-F41AF2BA8512}" = protocol=17 | dir=in | app=d:\program files\azureus\azureus.exe | "{557A777F-3FE8-427A-912A-E2DBA6D906DE}" = protocol=6 | dir=in | app=d:\program files\avira\antivir personaledition classic\avcenter.exe | "{55B04F8C-3B11-4AF6-AD05-888166705359}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{56A938BC-171D-4194-8C05-DD5D02C9C9C2}" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | "{5781F73A-820D-4E6A-ABE3-8B86605942B3}" = protocol=17 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | "{692229D0-0909-49E6-8426-07872B27E67B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{70B29DBD-A720-4B77-BCAF-B5C352C49BAD}" = protocol=17 | dir=in | app=d:\program files\avira\antivir personaledition classic\avcenter.exe | "{7D3B2A4C-0070-417A-99A7-34B774834B5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8FB897A6-A685-49B1-AE42-59DAAFD5667E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9D070B47-8D2D-4C97-920D-6B31013FBBD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A291BE1D-5EE2-4E18-A855-FFFB711779E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A641E00F-41CE-4E93-B0F0-68C70184C149}" = protocol=17 | dir=in | app=d:\program files\opera\opera.exe | "{A8F06027-D28A-4468-8D08-EDB4F031B0D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B4E647F2-73E1-47CC-9195-BFC0375F1A06}" = protocol=6 | dir=in | app=d:\games\dragon age\daoriginslauncher.exe | "{C5E2FC57-960A-4869-9FB2-2F9EE024242F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D6AEE914-16FF-43B5-B8E8-98AC5FCB1BCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D83D3C06-4A63-4477-B816-B832A93BD432}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daupdatersvc.service.exe | "{D8FA7FA8-9AED-47C1-B068-C9769561A57A}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{D95F21EF-58C3-4219-B929-19A4AD47827A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DE28A217-58D2-4AE5-B581-7E62D60E270E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E24033AB-0068-4A53-846C-0ADB57D5E184}" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | "{EAE28B4C-9998-4CF6-AC2F-ABE95C80AAC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FEEDCA45-BC64-417F-B9DB-15E86F19FD2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{0071D67F-026E-482B-9A09-571474DB489B}C:\users\sebastian edlich\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian edlich\program files\dna\btdna.exe | "TCP Query User{0782F4C5-0F2F-4E5D-B9DC-119BB17A42B1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{0A577D70-3A68-4EC3-84C9-E889A10E6845}D:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\program files\soulseek\slsk.exe | "TCP Query User{13A3F37E-6B2E-451D-9C69-227A7F122577}D:\program files\real\realplay.exe" = protocol=6 | dir=in | app=d:\program files\real\realplay.exe | "TCP Query User{16A506D4-5540-4A0C-B8C1-02076453058B}D:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=d:\program files\bittorrent\bittorrent.exe | "TCP Query User{176BD8F1-9211-4DBB-837F-EE8377EAADAD}D:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=d:\program files\bittorrent\bittorrent.exe | "TCP Query User{17DD4433-9030-452C-9C00-60440BF1C8AD}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{1BAEEDCF-2E2A-4941-9322-3CB0F9573D9A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{220CB48A-CE8A-43A8-B13E-41FA9E04C09E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{29E84A49-AA44-4172-A40D-AE974EC16635}D:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\program files\soulseekns\slsk.exe | "TCP Query User{2D8987BE-D162-40A5-9A39-BAD7C157265E}D:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\program files\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{2EDC58E3-D2E5-4386-9FFE-BBEAF2C2E55F}D:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files\videolan\vlc\vlc.exe | "TCP Query User{6012CCCA-5FEE-4085-AA65-47705C1973EE}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{73D4AFE3-F830-46B2-9B22-27753C0A37BA}D:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=d:\program files\soulseekns\slsk.exe | "TCP Query User{7B0A3FF0-45F0-483A-BDEA-3087A274CC9D}D:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\program files\azureus\azureus.exe | "TCP Query User{7FFD02BC-5EDD-4C5B-B10C-0ADECFA14D0B}C:\programdata\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programdata\mozilla firefox\firefox.exe | "TCP Query User{801B37A5-D196-46D3-BDB0-664B5CB7D7EA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{86A4356F-1A43-4755-B6A2-F4B84FE69D57}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A1C7F116-9BDD-4149-8A31-FCE8EECED7D2}D:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\program files\mozilla firefox\firefox.exe | "TCP Query User{ADABCD39-F1BC-402B-8045-A9F2051E9679}C:\users\sebastian edlich\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian edlich\program files\dna\btdna.exe | "TCP Query User{B158FFCC-3B85-471F-B5BA-200AB2E70502}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe | "TCP Query User{C834B3E0-E3CD-46B2-A82D-1D385C0663DD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{D81D2360-828B-4B59-B82D-98B2BF8511A6}D:\program files\native instruments\traktor dj studio 2\traktordjstudio2.exe" = protocol=6 | dir=in | app=d:\program files\native instruments\traktor dj studio 2\traktordjstudio2.exe | "TCP Query User{DBBE9B81-5520-4ADD-8CBA-67BAE577B35C}D:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=d:\program files\soulseek\slsk.exe | "TCP Query User{DE5F2845-A1B8-4981-BDD5-37494F510B33}D:\g\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\g\starcraft\starcraft.exe | "TCP Query User{DF73DD0B-558A-4C36-BA8E-7D73A77F551E}D:\g\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\g\starcraft\starcraft.exe | "TCP Query User{E2D89CAB-BF23-4614-8F7B-F652CAF3256B}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe | "UDP Query User{01C94A6C-1D10-4BC3-9DE6-DF6D82CFB84D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{029EF5D1-7713-4533-981D-29891FF316EF}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "UDP Query User{02E81F2A-74F0-459D-8F02-B38454E76BDE}D:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\program files\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{0A73B920-CD53-4830-B847-AB22F49885A3}D:\g\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\g\starcraft\starcraft.exe | "UDP Query User{0DE2E613-B968-4DF4-9E4E-8AFC89E6B1E2}D:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=d:\program files\bittorrent\bittorrent.exe | "UDP Query User{18FBF7E0-DB8B-49FD-8087-CCCECB3779FA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{3AEF8916-46EE-4C1C-A2B6-B22A8C5C4C54}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{42E34560-B788-4582-9019-AFA58016688A}C:\users\sebastian edlich\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian edlich\program files\dna\btdna.exe | "UDP Query User{4338DDFE-81E2-4D4C-A9BC-39F6B88969F0}D:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\program files\soulseekns\slsk.exe | "UDP Query User{45B4FE9F-1B0C-41CB-8F03-BAB8350D5B05}D:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files\videolan\vlc\vlc.exe | "UDP Query User{4B7B26E4-3E83-4191-915E-B053FD15992B}D:\program files\real\realplay.exe" = protocol=17 | dir=in | app=d:\program files\real\realplay.exe | "UDP Query User{573A2575-384B-4A2D-A0C6-6632E6A3DEFD}D:\program files\native instruments\traktor dj studio 2\traktordjstudio2.exe" = protocol=17 | dir=in | app=d:\program files\native instruments\traktor dj studio 2\traktordjstudio2.exe | "UDP Query User{6FB99C8C-DE71-4313-AEDE-D728F2348935}D:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=d:\program files\soulseekns\slsk.exe | "UDP Query User{7D92104F-3274-495F-8933-BC5C5B8499F0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{7FB0F9BD-6125-4B0A-A9AD-3D4A7371B828}D:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\program files\soulseek\slsk.exe | "UDP Query User{8D0E7277-3349-4DF2-ACFB-345F9CC318BE}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe | "UDP Query User{9361D223-B3D5-4360-8E5D-E06238BDB46F}D:\g\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\g\starcraft\starcraft.exe | "UDP Query User{98EDACD7-5FCB-4F60-A642-35491A765CD9}D:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\program files\azureus\azureus.exe | "UDP Query User{9D71E52E-F920-4DAC-9697-7B8A866A391A}D:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\program files\mozilla firefox\firefox.exe | "UDP Query User{A2A05E77-16A6-4B8D-A7FA-A1B48F98FA21}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe | "UDP Query User{A3C899DD-12DA-4D7D-9EB1-B9F2E243087F}C:\programdata\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programdata\mozilla firefox\firefox.exe | "UDP Query User{A7741D73-3385-4F0C-9C69-6008F4747809}D:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=d:\program files\bittorrent\bittorrent.exe | "UDP Query User{AC02BA09-548E-4FA9-BF3C-563B989E4B48}D:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=d:\program files\soulseek\slsk.exe | "UDP Query User{B9FC80C6-B1B7-457A-B6D7-069A4DD4AF97}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{C2CE0C1F-37A8-4DEB-9216-5FEFEF7A1E6C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{EF649358-1B23-42EF-A4E5-94E87D477ABE}C:\users\sebastian edlich\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian edlich\program files\dna\btdna.exe | "UDP Query User{FF81CF2E-7263-4724-8866-A2E47A93DA81}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02383859-C71C-4AE0-80C9-12552ADA6B1E}" = Adobe Setup "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{0CCC0F9A-81E6-3529-4394-86384585325C}" = Catalyst Control Center Graphics Light "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{153A64E0-7140-A1AE-C7ED-745A3218DFBD}" = ccc-utility "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 11 "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2C99779B-99A9-CE50-C43F-A9F765E1FE23}" = ATI Catalyst Install Manager "{2FBE4C1F-D40A-B18C-FEC0-EE01199DECD1}" = ccc-core-static "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1" = LaCie Desktop Manager 1.1.0.40 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3BA4ABD7-21F1-2961-9584-834028C43538}" = Catalyst Control Center Localization German "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{43BEEE26-01A8-4EEE-8632-2353261E3B55}" = RemoteComms driver "{456894DE-8818-B1B4-8C97-A47CEFB9E76A}" = Catalyst Control Center Graphics Previews Vista "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam "{4D917177-4E73-144B-EFFE-802EFF83D5B4}" = Catalyst Control Center InstallProxy "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D6EAA68-8DB3-8F96-6293-4A50AC92BA77}" = CCC Help German "{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53 "{7157C65D-270C-F593-C873-FF9AD949E221}" = Skins "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733C47BE-4A73-66BE-03EC-460AC98E550C}" = Catalyst Control Center Graphics Previews Vista "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79C051A5-3141-1CD2-D601-7127D0CD9E22}" = Catalyst Control Center HydraVision Full "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{899FEBB5-CDF7-FD73-01B5-1381EAA75EED}" = CCC Help English "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3BC9DDC-4B4C-F307-FEDC-7B77992FBC9F}" = Catalyst Control Center Graphics Full New "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{b4da0de8-cfd5-4340-883e-465c4dd97398}" = Deep View Minimum "{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CD960D1B-2D16-5A6A-FAD7-E5C32BB78CE7}" = Catalyst Control Center Graphics Full Existing "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D191837E-0AE9-F062-9EE3-A97DD6D9A11D}" = Catalyst Control Center Core Implementation "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D9CF5E60-42B1-489B-A0E2-9A6EE3DEB969}" = FireWire Family "{E0B403F2-5684-4E9F-AD7A-D27FE16D38AA}" = Deep View "{E94F42C9-75F5-FFA4-0112-37D2F040017F}" = Catalyst Control Center Graphics Previews Common "{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "AC3Filter_is1" = AC3Filter 1.63b "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_5a2cf0498f0f8a9d712b9c8926ae172" = Adobe Soundbooth CS4 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Astroburn Lite" = Astroburn Lite "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Azureus" = Azureus "CCleaner" = CCleaner (remove only) "Claw" = Claw "CPUCooL" = CPUCooL (remove only) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "EPSON BX300F Series" = Druckerdeinstallation für EPSON BX300F Series "EPSON Scanner" = EPSON Scan "Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Hauppauge Signal Monitor Utility" = Hauppauge Signal Monitor Utility "Hauppauge WinTV 7" = Hauppauge WinTV 7 "IsoBuster_is1" = IsoBuster 2.8 "JDownloader" = JDownloader "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MobilityDotNET" = DH Mobility Modder.NET "Mozilla Firefox (2.0.0.18)" = Mozilla Firefox (2.0.0.18) "Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9) "Native Instruments Traktor DJ Studio 2" = Native Instruments Traktor DJ Studio 2 "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "RealPlayer 6.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "VLC media player" = VLC media player 1.0.3 "WinAce Archiver" = WinAce Archiver "Winamp" = Winamp "WinImage" = WinImage "WinRAR archiver" = WinRAR "Xvid_is1" = Xvid 1.1.3 final uninstall ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Bin ich ja mal gespannt! |
16.02.2011, 16:33 | #4 |
| Programme lassen sich von einem User nicht mehr ausführen Und das Log vom Vollscan: PHP-Code: |
16.02.2011, 17:32 | #5 |
| Programme lassen sich von einem User nicht mehr ausführen So, entweder waren wirklich die Trojaner schuld oder eines meiner Updates hat das Problem aus der Welt geschaffen. Zumindest geht jetzt wieder alles. Vielen Dank auf jeden Fall für die empfohlenen Progs, die scheinen ja wirklich was zu können. Wenn es noch Infos zu dem spyware.banker gibt wär ich sehr interessiert. Konnte nichts finden außer toten Links von vor 2-3 Jahren. |
Themen zu Programme lassen sich von einem User nicht mehr ausführen |
antivir, anwendung, auswertung, browser, ccleaner, dateien, empfehlung, entfernen, fehlermeldung, files, firefox, jahre, log, löschen, malware, nach start, nicht mehr, nichts, pc-problem, probleme, programme, registry, sanduhr, seite, verursacht, vista, vista32 |