| |
| |||||||
Alles rund um Windows: IE9 - ein Virenscanfenster öffnet sichWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
 |
15.03.2011, 19:25
| #1 | |
| |  Problem: IE9 - ein Virenscanfenster öffnet sich ich habe heute den IE9 installiert und erstmal föhlich drauf los gesurft. mit einem mal kameine Windowseigene Meldung, dass nun ein Scan durchgeführt werde. In einem Tab des Browsers wurde ein Virenscan angezeigt, der angeblich ein paar Trojaner fand. Ich habe das Fenster schnellst möglich geschlossen (da kam nochmal eine Meldung von Windows), und sofort HijackThis angeworfen. Hijackthis fand nichts. Entgegen jedem Funken gesunden Menschenverstands habe ich dann Combofix drüberlaufen lassen, der löschte ein paar Dateien: Zitat:
Bin ich hier richig, wenn ich nach diesen Auskünften suche? Braucht ihr noch den HijackThis Log? Soll ich den kompletten Combofix Log posten? Vielen Dank im Voraus. |
|
16.03.2011, 11:53
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | IE9 - ein Virenscanfenster öffnet sich Anleitung / Hilfe Überlesen => http://www.trojaner-board.de/95176-combofix.html
__________________Außerdem ist das Log nicht vollständig. So wird das nichts 
__________________ |
|
16.03.2011, 12:19
| #3 |
| | IE9 - ein Virenscanfenster öffnet sich Details Ja, ich weiß, die Panik packte mich.
__________________hier die logs: Combofix Combofix Logfile: Code:
ATTFilter ComboFix 11-03-14.07 - Benutzer 15.03.2011 17:23:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3067.1804 [GMT 1:00]
ausgeführt von:: c:\downloads\Software\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\MSMASK32.OCX
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-15 bis 2011-03-15 ))))))))))))))))))))))))))))))
.
.
2011-03-15 16:34 . 2011-03-15 16:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-15 15:54 . 2011-03-15 15:54 2514 ----a-w- c:\users\Benutzer\cc_20110315_165414.reg
2011-03-15 11:48 . 2011-03-15 11:48 -------- d-----w- c:\program files\Konami
2011-03-15 10:15 . 2011-03-15 10:15 -------- d-----w- c:\users\Benutzer\AppData\Local\{444FA878-C7DB-40F7-82C2-A6D44C020A25}
2011-03-15 06:58 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAF9FA18-D8D4-4600-A19C-9EF74D175226}\mpengine.dll
2011-03-14 22:14 . 2011-03-14 22:14 -------- d-----w- c:\users\Benutzer\AppData\Local\{F5E1DFA5-4C6A-46C9-9CF2-C3A484BC9276}
2011-03-14 17:28 . 2001-10-28 15:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2011-03-14 17:28 . 1998-07-06 16:56 125712 ----a-w- c:\windows\system32\VB6DE.DLL
2011-03-14 10:14 . 2011-03-14 10:14 -------- d-----w- c:\users\Benutzer\AppData\Local\{A63B6DDA-4DA2-4E6D-8C6A-F3BE0613A3A8}
2011-03-13 21:38 . 2011-03-13 21:39 -------- d-----w- c:\users\Benutzer\AppData\Local\{37785AC6-71AE-49CA-B830-EF66434EBF51}
2011-03-13 17:49 . 2011-03-13 19:41 -------- d-----w- c:\users\Benutzer\f4
2011-03-13 17:49 . 2011-03-13 17:49 -------- d-----w- c:\program files\f4
2011-03-13 08:26 . 2011-03-13 08:26 -------- d-----w- c:\users\Benutzer\AppData\Local\{AB69449D-7E1F-437C-BF31-F200B77F1E13}
2011-03-12 20:25 . 2011-03-12 20:25 -------- d-----w- c:\users\Benutzer\AppData\Local\{9EDC30AB-0A50-4AF9-AB93-115D272D3DAE}
2011-03-12 08:25 . 2011-03-12 08:25 -------- d-----w- c:\users\Benutzer\AppData\Local\{7AE5B526-3ABF-45F8-B5DC-0D29ADC29DDB}
2011-03-11 20:24 . 2011-03-11 20:24 -------- d-----w- c:\users\Benutzer\AppData\Local\{F416E896-34AD-44CA-B13E-44C8DA39B7B9}
2011-03-11 08:24 . 2011-03-11 08:24 -------- d-----w- c:\users\Benutzer\AppData\Local\{EB661E99-1EC8-4545-B3E9-2925A4A9DB36}
2011-03-10 14:59 . 2011-03-10 14:59 -------- d-----w- c:\users\Benutzer\AppData\Local\{6B7D8A7C-357F-41F5-9BCE-F8A09C796580}
2011-03-10 00:21 . 2011-03-10 00:21 -------- d-----w- c:\users\Benutzer\AppData\Local\{BB58DF50-D376-4F8F-889D-CFF8C744720C}
2011-03-09 10:21 . 2011-03-09 10:21 -------- d-----w- c:\users\Benutzer\AppData\Local\{95660795-44AE-4851-BFA5-01E44A4E6FD3}
2011-03-09 07:38 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 07:38 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 07:38 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 07:38 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 07:38 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 07:38 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 20:33 . 2011-03-08 20:33 -------- d-----w- c:\users\Benutzer\AppData\Local\{C87951B0-955B-444F-BC9D-E0EB89D888BA}
2011-03-08 08:13 . 2011-03-08 08:13 -------- d-----w- c:\users\Benutzer\AppData\Local\{B0FD89B4-71CF-412E-8741-166D5FE767A9}
2011-03-07 22:26 . 2011-03-07 22:26 -------- d-----w- c:\users\Benutzer\AppData\Local\{1EB3DB89-FCFB-47F7-9820-A535350B77A0}
2011-03-07 19:42 . 2011-03-07 19:42 -------- d-----w- c:\program files\Ubisoft
2011-03-07 19:10 . 2011-03-07 19:55 161986 ----a-w- c:\windows\Star Assault Uninstaller.exe
2011-03-07 19:10 . 2011-03-07 19:10 -------- d-----w- c:\program files\Kalypso
2011-03-05 11:32 . 2011-03-05 11:32 1362 ----a-w- c:\users\Benutzer\cc_20110305_123214.reg
2011-03-04 17:01 . 2011-03-04 17:01 -------- d-----w- c:\windows\UltraDefrag
2011-03-03 20:56 . 2011-03-03 20:56 2014 ----a-w- c:\users\Benutzer\cc_20110303_215624.reg
2011-03-02 16:27 . 2011-03-02 16:27 -------- d-----w- c:\users\Benutzer\.idlerc
2011-02-26 20:27 . 2011-02-26 20:55 -------- d-----w- c:\program files\EA
2011-02-26 20:25 . 2011-02-26 20:25 -------- d-----w- c:\program files\NVIDIA Corporation
2011-02-22 19:42 . 2011-02-22 19:42 -------- d-----w- c:\users\Benutzer\AppData\Roaming\Blender Foundation
2011-02-22 10:13 . 2011-02-22 10:13 14440 ----a-w- c:\users\Benutzer\cc_20110222_111333.reg
2011-02-17 08:47 . 2011-02-17 08:47 -------- d-----w- c:\program files\Common Files\Java
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 20:33 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-09 20:55 . 2011-02-09 20:55 700 ----a-w- c:\users\Benutzer\cc_20110209_215514.reg
2011-02-02 20:40 . 2010-04-16 18:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-01-14 20:55 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 17:03 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 17:03 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:03 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:03 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:03 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:02 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 17:02 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:03 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:03 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 17:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 17:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:02 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 17:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:03 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 17:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 17:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:03 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 17:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:03 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:03 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:03 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 17:03 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-09 17:03 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-09 17:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-13 08:47 . 2010-06-29 07:38 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-01-14 17:28 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-01-14 17:28 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-01-14 17:28 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-01-14 17:28 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-01-14 17:28 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-01-14 17:28 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-08 08:47 . 2011-02-09 17:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 17:02 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 17:03 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 07:16 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-17 22:13 . 2010-12-17 22:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"IntelSWUpdateClient"="c:\program files\Intel\inteldh\common\SWUpdateClient.exe" [2008-07-16 129424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1311790516-237250954-1396119219-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 lac97inf;lac97inf;c:\users\Benutzer\AppData\Local\Temp\lac97inf.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-14 691696]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ME Services Manager;ME Services Manager;c:\program files\Intel\inteldh\msm\MSM.exe [2008-07-16 1628560]
S2 Software Services Manager;Software Services Manager;c:\program files\Intel\inteldh\common\IntelDHSvcMgr.exe [2008-07-16 51088]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-03-09 5010288]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-11-21 220288]
S3 PhilCap;Pinnacle PCTV service;c:\windows\system32\DRIVERS\PhilCap.sys [2007-07-17 908832]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 16168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2010-03-12 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-11 10:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-15 17:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1311790516-237250954-1396119219-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,df,c1,a8,a3,8d,e7,1f,e3,f3,6a,fe,f2,e2,a3,bd,30,f5,a7,4d,c2,
b4,3a,26,56,93,7f,67,27,8b,95,16,58,8e,07,c4,d5,f4,30,13,b3,5d,65,d1,47,ff,\
"rkeysecu"=hex:b4,0e,20,bc,e1,3b,c0,a7,fa,96,f4,73,9e,d7,ea,a7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:cb,84,7c,25,de,ca,38,ca,71,39,3b,08,69,b1,34,0a,70,d2,41,5d,a5,
5a,e9,70,52,50,3a,e4,25,4e,d5,f9,52,4c,e6,18,d9,9b,3a,a4,11,e1,85,8c,69,0d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:cb,84,7c,25,de,ca,38,ca,71,39,3b,08,69,b1,34,0a,70,d2,41,5d,a5,
5a,e9,70,52,50,3a,e4,25,4e,d5,f9,52,4c,e6,18,d9,9b,3a,a4,11,e1,85,8c,69,0d,\
.
Zeit der Fertigstellung: 2011-03-15 17:39:09
ComboFix-quarantined-files.txt 2011-03-15 16:39
.
Vor Suchlauf: 26 Verzeichnis(se), 284.628.156.416 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 286.112.210.944 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - C0042B5B2AB35348992CFDF8863504DF
/edit: entfernt Wird es so was?  Geändert von okulossos (16.03.2011 um 12:31 Uhr) |
|
16.03.2011, 12:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lösung: IE9 - ein Virenscanfenster öffnet sich Hijackthis interessiert mich nicht!  Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2011, 12:32
| #5 |
| | Wie IE9 - ein Virenscanfenster öffnet sich ok, ist entfernt... /edit: ich mach die Load.exe morgen und liefere nach. Malwarebites hatte gestern nichts gefunden, leider kam ich erst danach auf die Idee mich hier eizuloggen, mittlerweile ist schon alles wieder gelöscht (*d'oh*). Geändert von okulossos (16.03.2011 um 13:05 Uhr) |
|
16.03.2011, 13:29
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wo IE9 - ein Virenscanfenster öffnet sich Lösung! Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ --> IE9 - ein Virenscanfenster öffnet sich |
|
17.03.2011, 11:23
| #7 |
| | IE9 - ein Virenscanfenster öffnet sich Nope alles mehr oder minder sauber gelöscht. Gmer mach ich nachher (Zeitmangel), aber das ist denke ich ok, denn ich mache mir allgemein eher weniger Sorgen. dennoch, hier sind OTL und EXTRAS. ich hoffe ihr nehmt mir nicht übel, dass ich das land entfernt habe, das kann man zwar anhand meiner IP erkennen, aber die hat nicht jeder und naja, meine Paranoia. also: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2011 09:48:00 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Benutzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 267,32 Gb Free Space | 28,70% Space Free | Partition Type: NTFS Computer Name: MERCURY-PC | User Name: Benutzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.17 09:35:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe PRC - [2011.01.13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.08.26 02:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.08.26 02:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.03.09 01:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe PRC - [2010.03.09 01:47:06 | 002,046,320 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.16 14:06:56 | 000,129,424 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe PRC - [2008.07.16 13:44:28 | 001,628,560 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\inteldh\msm\MSM.exe PRC - [2008.07.16 13:42:46 | 000,051,088 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe PRC - [2008.06.23 13:12:52 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (SafeList) ========== MOD - [2011.03.17 09:35:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe MOD - [2011.01.13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll ========== Win32 Services (SafeList) ========== SRV - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.08.26 02:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.09 01:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2010.01.14 22:54:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.12.22 11:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2008.07.16 13:44:28 | 001,628,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\inteldh\msm\MSM.exe -- (ME Services Manager) SRV - [2008.07.16 13:42:46 | 000,051,088 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\inteldh\common\IntelDHSvcMgr.exe -- (Software Services Manager) SRV - [2008.06.23 13:12:52 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011.01.13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.01.13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.01.13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.01.13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.01.13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.08.26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.08.26 04:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.08.26 02:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.06.07 10:44:38 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.06.07 10:44:38 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.01.25 00:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2010.01.14 19:15:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.09.22 00:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.04.11 14:18:01 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.11.21 02:53:44 | 000,220,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R) DRV - [2008.03.28 13:42:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2007.07.17 10:22:06 | 000,908,832 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2005.01.31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928) DRV - [2005.01.31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0 FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0 FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9 FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1 FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5 [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG [2010.01.14 19:27:16 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG O1 HOSTS File: ([2011.03.17 09:41:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [IntelSWUpdateClient] C:\Program Files\Intel\inteldh\common\SWUpdateClient.exe (Intel(R) Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Benutzer\Pictures\Desktop\battle.jpg O24 - Desktop BackupWallPaper: C:\Users\Benutzer\Pictures\Desktop\battle.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.17 09:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.17 09:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.03.17 09:35:49 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Benutzer\Desktop\Erunt-setup.exe [2011.03.17 09:35:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2011.03.17 09:35:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\TFC.exe [2011.03.17 09:08:37 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{ABB62BB9-7619-4FCF-B1F3-52A08EB8C8A7} [2011.03.16 11:54:50 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{2FD05649-F3E4-4008-912B-9D6176C011F4} [2011.03.15 23:54:15 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{97E74F65-03D3-49C2-B37F-7396EB75F17B} [2011.03.15 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Malwarebytes [2011.03.15 20:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.15 17:39:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.03.15 17:39:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.03.15 17:20:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.03.15 17:20:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.03.15 17:20:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.03.15 17:19:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.15 17:19:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.03.15 17:18:49 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.03.15 17:18:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.03.15 11:15:09 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{444FA878-C7DB-40F7-82C2-A6D44C020A25} [2011.03.14 23:14:34 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{F5E1DFA5-4C6A-46C9-9CF2-C3A484BC9276} [2011.03.14 18:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.03.14 11:14:00 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{A63B6DDA-4DA2-4E6D-8C6A-F3BE0613A3A8} [2011.03.13 22:38:46 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{37785AC6-71AE-49CA-B830-EF66434EBF51} [2011.03.13 18:49:40 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\f4 [2011.03.13 18:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4 [2011.03.13 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\f4 [2011.03.13 09:26:12 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{AB69449D-7E1F-437C-BF31-F200B77F1E13} [2011.03.12 21:25:37 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{9EDC30AB-0A50-4AF9-AB93-115D272D3DAE} [2011.03.12 09:25:03 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{7AE5B526-3ABF-45F8-B5DC-0D29ADC29DDB} [2011.03.11 21:24:28 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{F416E896-34AD-44CA-B13E-44C8DA39B7B9} [2011.03.11 09:24:05 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{EB661E99-1EC8-4545-B3E9-2925A4A9DB36} [2011.03.10 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{6B7D8A7C-357F-41F5-9BCE-F8A09C796580} [2011.03.10 01:21:46 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{BB58DF50-D376-4F8F-889D-CFF8C744720C} [2011.03.09 11:21:38 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{95660795-44AE-4851-BFA5-01E44A4E6FD3} [2011.03.08 21:33:39 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{C87951B0-955B-444F-BC9D-E0EB89D888BA} [2011.03.08 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{B0FD89B4-71CF-412E-8741-166D5FE767A9} [2011.03.07 23:26:40 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Local\{1EB3DB89-FCFB-47F7-9820-A535350B77A0} [2011.03.07 20:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2011.03.07 20:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft [2011.03.07 20:10:44 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Assault [2011.03.07 20:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kalypso [2011.03.04 18:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag [2011.03.04 18:01:51 | 000,000,000 | ---D | C] -- C:\Windows\UltraDefrag [2011.03.02 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\.idlerc [2011.02.26 21:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\EA [2011.02.26 21:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.02.22 20:42:21 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\Blender Foundation [2011.02.17 09:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java ========== Files - Modified Within 30 Days ========== [2011.03.17 09:46:04 | 000,638,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.17 09:46:04 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.17 09:46:04 | 000,131,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.17 09:46:04 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.17 09:45:39 | 000,000,693 | ---- | M] () -- C:\Users\Benutzer\Desktop\NTREGOPT.lnk [2011.03.17 09:45:39 | 000,000,674 | ---- | M] () -- C:\Users\Benutzer\Desktop\ERUNT.lnk [2011.03.17 09:41:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.03.17 09:41:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.17 09:41:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.17 09:40:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.17 09:40:54 | 3216,908,288 | -HS- | M] () -- C:\hiberfil.sys [2011.03.17 09:36:00 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\TFC.exe [2011.03.17 09:35:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Benutzer\Desktop\OTL.exe [2011.03.17 09:35:52 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Benutzer\Desktop\Erunt-setup.exe [2011.03.17 09:35:50 | 000,296,448 | ---- | M] () -- C:\Users\Benutzer\Desktop\g2m3e4r.exe [2011.03.16 12:58:50 | 000,742,874 | ---- | M] () -- C:\Users\Benutzer\Desktop\Load.exe [2011.03.16 11:42:19 | 000,001,192 | ---- | M] () -- C:\Users\Benutzer\Documents\vlc-record-2011-03-16-11h42m17s-Immaterials_ Light painting WiFi.mp4-.mp4 [2011.03.16 09:13:39 | 000,003,204 | ---- | M] () -- C:\Users\Benutzer\cc_20110316_091334.reg [2011.03.16 00:32:46 | 000,480,216 | ---- | M] () -- C:\Users\Benutzer\Desktop\Quokka.jpg [2011.03.15 18:59:08 | 000,016,762 | ---- | M] () -- C:\Users\Benutzer\Desktop\20011q1.ods [2011.03.15 18:26:34 | 000,006,088 | ---- | M] () -- C:\Users\Benutzer\cc_20110315_182631.reg [2011.03.15 16:54:17 | 000,002,514 | ---- | M] () -- C:\Users\Benutzer\cc_20110315_165414.reg [2011.03.15 12:43:56 | 000,104,960 | ---- | M] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.15 11:39:10 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.03.15 11:39:10 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.03.15 11:38:59 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.03.14 16:28:11 | 000,008,949 | ---- | M] () -- C:\Users\Benutzer\.recently-used.xbel [2011.03.14 14:42:44 | 000,365,461 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe [2011.03.13 12:36:01 | 000,009,241 | ---- | M] () -- C:\Users\Benutzer\Desktop\Anleitung.html [2011.03.07 20:55:11 | 000,161,986 | ---- | M] () -- C:\Windows\Star Assault Uninstaller.exe [2011.03.07 20:10:54 | 000,001,868 | ---- | M] () -- C:\Users\Benutzer\Desktop\Star Assault.lnk [2011.03.05 12:32:18 | 000,001,362 | ---- | M] () -- C:\Users\Benutzer\cc_20110305_123214.reg [2011.03.04 08:58:49 | 000,003,872 | ---- | M] () -- C:\Windows\System32\Wacom_Tablet.dat [2011.03.03 21:56:29 | 000,002,014 | ---- | M] () -- C:\Users\Benutzer\cc_20110303_215624.reg [2011.02.22 20:36:59 | 000,000,841 | ---- | M] () -- C:\Users\Benutzer\Desktop\blender.lnk [2011.02.22 11:13:42 | 000,014,440 | ---- | M] () -- C:\Users\Benutzer\cc_20110222_111333.reg [2011.02.15 20:21:02 | 003,222,026 | ---- | M] () -- C:\Users\Benutzer\Documents\Pheno01 001.pdf ========== Files Created - No Company Name ========== [2011.03.17 09:45:39 | 000,000,693 | ---- | C] () -- C:\Users\Benutzer\Desktop\NTREGOPT.lnk [2011.03.17 09:45:39 | 000,000,674 | ---- | C] () -- C:\Users\Benutzer\Desktop\ERUNT.lnk [2011.03.17 09:35:50 | 000,296,448 | ---- | C] () -- C:\Users\Benutzer\Desktop\g2m3e4r.exe [2011.03.16 12:58:49 | 000,742,874 | ---- | C] () -- C:\Users\Benutzer\Desktop\Load.exe [2011.03.16 11:42:19 | 000,001,192 | ---- | C] () -- C:\Users\Benutzer\Documents\vlc-record-2011-03-16-11h42m17s-Immaterials_ Light painting WiFi.mp4-.mp4 [2011.03.16 09:13:37 | 000,003,204 | ---- | C] () -- C:\Users\Benutzer\cc_20110316_091334.reg [2011.03.16 00:33:22 | 000,480,216 | ---- | C] () -- C:\Users\Benutzer\Desktop\Quokka.jpg [2011.03.15 18:26:33 | 000,006,088 | ---- | C] () -- C:\Users\Benutzer\cc_20110315_182631.reg [2011.03.15 17:20:04 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.03.15 17:20:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.03.15 17:20:04 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.03.15 17:20:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.03.15 17:20:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.03.15 16:54:16 | 000,002,514 | ---- | C] () -- C:\Users\Benutzer\cc_20110315_165414.reg [2011.03.15 11:38:59 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.03.14 18:28:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.03.14 16:28:11 | 000,008,949 | ---- | C] () -- C:\Users\Benutzer\.recently-used.xbel [2011.03.13 12:41:20 | 000,009,241 | ---- | C] () -- C:\Users\Benutzer\Desktop\Anleitung.html [2011.03.13 12:16:23 | 000,365,461 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe [2011.03.10 18:09:45 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.03.07 20:10:53 | 000,001,868 | ---- | C] () -- C:\Users\Benutzer\Desktop\Star Assault.lnk [2011.03.07 20:10:44 | 000,161,986 | ---- | C] () -- C:\Windows\Star Assault Uninstaller.exe [2011.03.05 12:32:16 | 000,001,362 | ---- | C] () -- C:\Users\Benutzer\cc_20110305_123214.reg [2011.03.03 21:56:26 | 000,002,014 | ---- | C] () -- C:\Users\Benutzer\cc_20110303_215624.reg [2011.02.22 20:36:59 | 000,000,841 | ---- | C] () -- C:\Users\Benutzer\Desktop\blender.lnk [2011.02.22 11:13:40 | 000,014,440 | ---- | C] () -- C:\Users\Benutzer\cc_20110222_111333.reg [2011.02.15 20:20:58 | 003,222,026 | ---- | C] () -- C:\Users\Benutzer\Documents\Pheno01 001.pdf [2011.02.03 16:56:32 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2011.02.03 16:56:32 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011.02.03 16:56:05 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2011.01.01 11:37:46 | 000,003,872 | ---- | C] () -- C:\Windows\System32\Wacom_Tablet.dat [2010.12.07 17:09:08 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.11.27 00:22:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.11.27 00:22:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2010.11.27 00:22:27 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2010.11.27 00:22:27 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.11.27 00:22:27 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2010.11.07 10:03:35 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL [2010.11.07 10:03:29 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.10.15 08:22:18 | 000,000,096 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\fusioncache.dat [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.10.13 12:01:12 | 000,022,328 | ---- | C] () -- C:\Users\Benutzer\AppData\Roaming\PnkBstrK.sys [2010.09.24 08:49:00 | 000,014,848 | ---- | C] () -- C:\Windows\System32\lua5.1a_gui.exe [2010.09.24 08:49:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\lua5.1a.exe [2010.09.24 08:48:58 | 000,092,160 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll [2010.08.26 02:19:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2010.07.29 08:03:07 | 000,001,148 | ---- | C] () -- C:\Windows\System32\game.ini [2010.07.24 01:03:37 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini [2010.07.24 00:32:23 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll [2010.07.24 00:32:23 | 000,102,400 | ---- | C] () -- C:\Windows\System32\TrackerNET.dll [2010.07.20 18:08:13 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2010.07.10 19:28:29 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.07.10 19:28:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.06.16 14:22:56 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.06.07 10:44:38 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.06.07 10:44:38 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.05.17 21:08:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.05.10 21:36:47 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.05.10 21:06:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.03.29 14:50:26 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.03.24 18:59:24 | 000,000,338 | ---- | C] () -- C:\Windows\d3xp.ini [2010.03.20 18:52:41 | 000,000,331 | ---- | C] () -- C:\Windows\doom3.ini [2010.03.14 16:23:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2010.03.14 16:23:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2010.03.14 16:23:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2010.03.09 09:57:10 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.02.04 19:58:05 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI [2010.02.03 01:33:51 | 000,270,336 | ---- | C] () -- C:\Windows\unin0407.exe [2010.01.16 13:21:33 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.01.16 13:21:33 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.01.15 17:48:55 | 000,130,798 | ---- | C] () -- C:\Windows\hpoins18.dat [2010.01.15 02:50:26 | 000,104,960 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.14 23:01:47 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2010.01.14 19:40:45 | 000,000,760 | ---- | C] () -- C:\Windows\AnimatorDV.INI [2010.01.14 19:31:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.01.14 13:44:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.01.14 12:26:41 | 000,000,680 | ---- | C] () -- C:\Users\Benutzer\AppData\Local\d3d9caps.dat [2009.04.11 17:54:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.04.11 17:54:14 | 000,638,898 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.04.11 17:54:14 | 000,131,000 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.04.11 17:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.04.11 14:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.04.11 14:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.11 14:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2007.08.22 11:21:08 | 000,184,320 | ---- | C] () -- C:\Windows\System32\vgl.dll [2007.07.17 10:22:02 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2007.06.27 16:13:51 | 000,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll [2007.06.08 08:10:38 | 000,319,488 | ---- | C] () -- C:\Windows\System32\LS3Renderer.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 001,602,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.01.31 08:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== LOP Check ========== [2010.09.23 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\.minecraft [2010.11.21 00:08:35 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\avidemux [2011.02.22 20:42:21 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Blender Foundation [2010.01.14 22:52:29 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\DAEMON Tools Lite [2011.03.15 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Free Download Manager [2011.01.23 18:44:22 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FreeBurner [2010.05.08 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\FreeFLVConverter [2010.01.14 23:42:26 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Greyfirst [2011.03.12 20:00:39 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\gtk-2.0 [2010.05.18 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Image Zone Express [2011.01.23 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\InfraRecorder [2010.01.23 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\IrfanView [2011.03.16 12:52:16 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\MusicBee [2011.01.26 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\MySQL [2010.01.16 09:51:27 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\OpenOffice.org [2010.05.18 22:39:32 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Printer Info Cache [2010.10.21 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\smc [2010.09.07 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\SpieleEntwicklungsKombinat [2010.01.22 00:15:10 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\uqm [2011.01.05 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\Windows Live Writer [2010.03.12 11:43:48 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\CreateChoiceProcessTask.job [2011.03.17 09:39:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.15 17:39:16 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.04.16 18:41:02 | 000,000,000 | ---D | M] -- C:\adobe [2011.02.03 20:27:40 | 000,000,000 | ---D | M] -- C:\ADVProjects [2011.02.01 11:42:38 | 000,000,000 | ---D | M] -- C:\AHDProjects [2010.01.14 13:38:37 | 000,000,000 | ---D | M] -- C:\ATI [2011.01.10 12:57:00 | 000,000,000 | ---D | M] -- C:\Bibliothek [2011.03.06 15:30:10 | 000,000,000 | ---D | M] -- C:\Bilder [2010.01.14 12:10:06 | 000,000,000 | ---D | M] -- C:\Boot [2011.03.15 17:39:14 | 000,000,000 | ---D | M] -- C:\ComboFix [2011.03.15 16:52:50 | 000,000,000 | ---D | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.01.14 12:25:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.07 12:15:11 | 000,000,000 | ---D | M] -- C:\Downloads [2011.03.03 21:49:42 | 000,000,000 | ---D | M] -- C:\games [2011.02.06 18:16:50 | 000,000,000 | ---D | M] -- C:\gmax [2010.05.10 21:06:21 | 000,000,000 | ---D | M] -- C:\I-Magic [2010.01.14 12:38:54 | 000,000,000 | ---D | M] -- C:\Intel [2010.11.20 16:01:00 | 000,000,000 | ---D | M] -- C:\kram [2011.03.04 00:59:35 | 000,000,000 | ---D | M] -- C:\meine Filme [2011.02.14 10:38:16 | 000,000,000 | ---D | M] -- C:\pages [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.03.17 09:45:38 | 000,000,000 | ---D | M] -- C:\Program Files [2011.03.15 20:59:19 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.01.14 12:25:07 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.24 00:55:16 | 000,000,000 | ---D | M] -- C:\Python26 [2011.03.15 17:39:14 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.10.03 09:42:40 | 000,000,000 | ---D | M] -- C:\Root [2010.07.24 01:02:51 | 000,000,000 | ---D | M] -- C:\Sierra [2010.03.11 12:21:46 | 000,000,000 | ---D | M] -- C:\Sonstige Projekte [2011.03.17 09:49:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.28 00:34:36 | 000,000,000 | ---D | M] -- C:\Temp [2010.01.14 13:26:46 | 000,000,000 | ---D | M] -- C:\TempEI4 [2011.03.08 10:03:01 | 000,000,000 | ---D | M] -- C:\Uni [2010.01.14 12:26:40 | 000,000,000 | R--D | M] -- C:\Users [2011.03.17 09:39:07 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-15 06:58:24 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.03.2011 09:48:00 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Benutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 267,32 Gb Free Space | 28,70% Space Free | Partition Type: NTFS
Computer Name: MERCURY-PC | User Name: Benutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1311790516-237250954-1396119219-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03D4F066-2F96-49B8-BD1B-AD477B38B6C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C74AE9A-280F-4B02-82AA-A0D27768E4BA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{51F3724F-B006-4F36-ACB9-6B40EB88F9C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{73405F3C-5B18-48F5-B673-9067248D7755}" = lport=137 | protocol=17 | dir=in | app=system |
"{7BD7D5A3-8B2D-4686-B877-48FABF844711}" = lport=445 | protocol=6 | dir=in | app=system |
"{824CD84F-73C4-4C08-BD58-6CF3B759172E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9ABACE36-6610-4B83-9CBE-EE643F1AE605}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC0A73F0-4C10-4A77-AB6C-75F7B695F412}" = rport=138 | protocol=17 | dir=out | app=system |
"{C8E9058F-F518-48B2-A8CB-C054A34BFD2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E14C7D68-2CF1-4431-AC9C-207E69556962}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9AF4699-73C2-4843-9803-E85F43285A32}" = rport=137 | protocol=17 | dir=out | app=system |
"{FFD5E713-49BD-474D-8028-A970829A1953}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024C0160-C837-4344-8EB8-DF9EF448160E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{03E0F865-1646-4292-A498-98422BCE49AE}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0E9C785E-5BF8-4B36-BDE7-9D7A255C616D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{12E02750-4DAA-464F-9993-477494782D9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{228DB644-41BE-403D-8305-01887C17A445}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{2838AC0B-0209-446F-9BE7-91A98F8566A4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{33CBD062-CFBB-4D05-B2B8-36EE378C352A}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{39F7EB88-7DE3-4097-A941-9737C76B24D0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{48C824A7-AB05-48E6-8CE7-470C3EE6439F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{5853F19B-C346-49F8-B292-788A87B52430}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{720F8412-35EE-478B-AF55-37E15BF79A7D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{75A64743-7EEE-468D-8CD5-3859D0C2989A}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{77277E88-62B7-4EE6-A0B0-F4721835567A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7B1235AA-55F6-4EB4-A09F-B1592897F83F}" = protocol=6 | dir=in | app=c:\program files\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{7CEE7290-247B-49DB-A860-B99DAD3A9B2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7F01B39D-22E6-4F2E-88AF-F95AEED5D26F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{820A765C-22E8-4054-B2A0-9346C48EC951}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{8975284E-EA24-4535-BF8D-3181AB9AC982}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A28947E-BA0F-4003-A557-D739294B1B36}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{95F2ABF8-23CF-4CEF-8430-E529C94259E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{989F884F-ACB1-4426-8BA9-3D67CC346CDB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A240917-F1D3-465F-A503-3FE9BCF31D84}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5F17897-46A1-46A3-A8BB-1040B1F275DB}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{AF44AA5C-F0F0-4421-9671-058C4A0EDC88}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3C6089B-0138-417A-B403-183EB499A8D0}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{BAD81DC3-F356-42AE-87C6-4A0867C758BA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C1DF2D7E-6961-4927-8039-D15143875395}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{C87DF743-1C0C-4DE6-BD14-ADDC3F0ACD5F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C931F1AE-B487-4A11-B4F4-8B40F672FEB7}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{D8E0B27E-2D9C-49E1-9A24-C3A83BC1A3BA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DCC62720-1C41-4448-A8E1-0BEE3FF34DF1}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{DFD3CA83-DF34-4C1A-9A83-8ACCBD030CA0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{EC7D61DD-424C-4367-B341-23CA5887D499}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"TCP Query User{0938D019-7F9A-47F7-9D21-F07A7CDA5BD0}C:\program files\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"TCP Query User{1750BB9A-61DE-4F04-873B-3DDD1BDC5313}C:\games\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\games\urbanterror\iourbanterror.exe |
"TCP Query User{1C0B56B8-3B29-4A41-8D0B-26FF676215C1}C:\program files\proun beta\proun.exe" = protocol=6 | dir=in | app=c:\program files\proun beta\proun.exe |
"TCP Query User{24B3AEF4-50DF-485D-9BBC-25A80C45F033}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{4F36C661-26A1-471B-B621-625D91E597D6}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{51D0AA4F-37CC-4F72-9285-46CA6F16C8C6}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{58301552-6B65-4514-995F-07254DD452B8}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
"TCP Query User{63FCC78B-1CF5-45E5-B8DF-B27DE779943A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6FAC0BE6-549A-437B-9D49-5D3FFD5476FE}C:\program files\ea games\american mcgee's alice\alice.exe" = protocol=6 | dir=in | app=c:\program files\ea games\american mcgee's alice\alice.exe |
"TCP Query User{727D1F70-918E-4E8C-80C1-7BF3B7870B26}C:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\dungeon defense\binaries\win32\udk.exe |
"TCP Query User{8BD40546-2AD4-42D1-AD5B-9E60B189E9DB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9F58970A-153E-4896-826C-E3691C073249}C:\dynamix\tribes2\gamedata\tribes2.exe" = protocol=6 | dir=in | app=c:\dynamix\tribes2\gamedata\tribes2.exe |
"TCP Query User{BBF391DB-2DC8-4640-9E67-A3D1B8CCA2CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C2A5D85A-0F6E-4D98-80E4-D5F17EA912AF}C:\program files\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"TCP Query User{D138565B-8D38-461F-A244-563DE0D391E2}C:\sierra\half-life\hl.exe" = protocol=6 | dir=in | app=c:\sierra\half-life\hl.exe |
"TCP Query User{D98D600F-7057-4D39-8B49-FC083BB5736C}C:\downloads\jd\eclipse-php-helios-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\downloads\jd\eclipse-php-helios-sr1-win32\eclipse\eclipse.exe |
"TCP Query User{EF75C27B-77F5-418F-8FA8-FD3103D9CB9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FC7D2849-3CB9-4758-81B7-E40FB264DBFC}C:\codemasters\insane\game.exe" = protocol=6 | dir=in | app=c:\codemasters\insane\game.exe |
"UDP Query User{0790E740-1E56-4F31-9F31-C1BAB921FD8B}C:\sierra\half-life\hl.exe" = protocol=17 | dir=in | app=c:\sierra\half-life\hl.exe |
"UDP Query User{2724C868-CF1F-43D4-8327-FEC6F1EC6D20}C:\program files\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\program files\quake iii arena\quake3.exe |
"UDP Query User{2CD72FA5-189E-448E-B342-78925907D868}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{689B0435-878C-42C9-AB64-9B677F59246D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{70467346-429A-456E-A03B-42CB0F88E38B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{705D10F2-5CC1-4412-8BE1-F50F10B5D0EF}C:\games\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\games\urbanterror\iourbanterror.exe |
"UDP Query User{752C7BC2-DD92-4C68-B954-9C2E8FDE50A1}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{7E1C134B-4BE2-4BE2-BD83-A525C5CD984E}C:\program files\ea games\american mcgee's alice\alice.exe" = protocol=17 | dir=in | app=c:\program files\ea games\american mcgee's alice\alice.exe |
"UDP Query User{ACE12BC6-11BC-4A8B-BDF2-299ABD3D2EB4}C:\downloads\jd\eclipse-php-helios-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\downloads\jd\eclipse-php-helios-sr1-win32\eclipse\eclipse.exe |
"UDP Query User{B1069055-BB03-407B-83A9-8B97C1377CF4}C:\dynamix\tribes2\gamedata\tribes2.exe" = protocol=17 | dir=in | app=c:\dynamix\tribes2\gamedata\tribes2.exe |
"UDP Query User{B1776FE5-881F-4000-999F-669AAD92B493}C:\program files\proun beta\proun.exe" = protocol=17 | dir=in | app=c:\program files\proun beta\proun.exe |
"UDP Query User{E0403854-5E72-461D-8AA2-16D30384B6B2}C:\program files\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\program files\eclipse\eclipse.exe |
"UDP Query User{E383FABE-D40E-4F45-8B5B-B8E5247C7B47}C:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\dungeon defense\binaries\win32\udk.exe |
"UDP Query User{E47EB45B-AB1F-4A83-B391-01CC46167E42}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{E530F366-9DBC-43CF-93A8-9FD76B4AF54B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EA7DB116-7B50-45A5-9BFD-C13905ADAAB0}C:\codemasters\insane\game.exe" = protocol=17 | dir=in | app=c:\codemasters\insane\game.exe |
"UDP Query User{F6AD1086-9732-47CA-BAF5-011F1739D947}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{FE4417F4-A0BD-4D60-A012-5ACDF7371105}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel Painter Sketch Pad
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{00D6C191-50A2-4D9C-9285-1817D8420FB6}" = IPM
"{0370E621-61D1-4199-82AF-8F21851FD194}" = i_instrumentation 1.0.38.0
"{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D2F6F25-394B-4ACA-BC9C-1394E963C620}" = Intel(R) Remote Wake Technology 1.0.45.9
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1D666E21-2924-4B94-9A33-D6136761ACAB}" = Intel(R) Remote Wake Technology 1.0.296.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{273799F6-BC76-46F1-95E1-EF05322C3A5F}" = i_msm 1.0.312.0
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2BE51F94-8ED9-4B31-898C-01BFA71CC1DC}" = i_swupdate 1.0.40.0
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{52A7026F-476C-4E3B-A4C7-8FF7DAD65FEB}" = i_redistributables 1.0.45
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{5BD093B2-58E6-467D-99E4-E88A5FFC412C}" = Painter Sketch Pad
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6200495A-E409-4D63-B84E-F92D3C5310C1}_is1" = AnimatorHD Home
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{657B7314-CC55-46A3-BB92-1E3315E051B9}" = ME_Kit_Files
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72F6D9F1-98C4-473F-A540-ECDCEB6D3D76}" = Registration
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DB4B3C5-9308-401B-97E6-ECF0A378703A}" = MusicBee
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F014E72-8456-431B-A985-EBBBFEAE85ED}" = Game Creators Dark GDK
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E7562F88-BDCC-44D3-9C6B-313FC43052B7}" = IconHandler 32 bit
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{EAB6F4ED-B18D-4BF5-B18E-3C7921560EC4}" = Corel SketchPad - ICA
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Android SDK Tools" = Android SDK Tools
"AnimatorDV Simple+ 9.02_is1" = AnimatorDV Simple+ 9.02
"ArgoUML" = ArgoUML 0.30.2
"Audiograbber" = Audiograbber 1.83 SE
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"Celtx (2.7)" = Celtx (2.7)
"CintaNotes_is1" = CintaNotes 1.2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"f4" = f4 3.1.0
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Easy Burner_is1" = Free Easy Burner V 4.1
"Free FLV Converter_is1" = Free FLV Converter V 6.7.7
"Half-Life" = Half-Life
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InfraRecorder" = InfraRecorder
"InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"MaPZone2.Free" = Allegorithmic MaPZone2.Free
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Octodad" = Octodad
"OpenAL" = OpenAL
"Playlogic_Xyanide_Resurrection" = Xyanide Resurrection
"PROSetDX" = Intel(R) Network Connections 13.5.32.0
"Proun Beta" = Proun Beta
"Quake2MissionPackGroundZeroUninstallKey" = Quake II MP: Ground Zero
"Quake2MissionPackUninstallKey" = Quake II MP: The Reckoning
"Quake2UninstallKey" = Quake II
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"SimCity2000CDv1" = SimCity 2000® CD-Collection
"Star Assault" = Star Assault
"Steam App 10680" = Aliens vs Predator
"Steam App 400" = Portal
"The Ur-Quan Masters" = The Ur-Quan Masters 0.6.2
"TmNationsForever_is1" = TmNationsForever
"UltraDefrag" = Ultra Defragmenter
"Unlocker" = Unlocker 1.8.7
"Urban Terror_is1" = Urban Terror 4.1
"VLC media player" = VLC media player 1.0.3
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8172654c702bc68b" = FLV to AVI Converter
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 07.03.2011 06:35:54 | Computer Name = mercury-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 14.01.2010 09:08:23 | Computer Name = Benutzer-PC | Source = ehRecvr | ID = 4
Description =
Error - 14.01.2010 09:08:23 | Computer Name = Benutzer-PC | Source = ehRecvr | ID = 4
Description =
Error - 14.01.2010 09:08:34 | Computer Name = Benutzer-PC | Source = ehRecvr | ID = 4
Description =
Error - 14.01.2010 09:08:36 | Computer Name = Benutzer-PC | Source = ehRecvr | ID = 4
Description =
Error - 27.11.2010 19:32:12 | Computer Name = mercury-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide
Error - 27.11.2010 19:32:18 | Computer Name = mercury-PC | Source = ehRecvr | ID = 4
Description =
Error - 27.11.2010 19:32:18 | Computer Name = mercury-PC | Source = ehRecvr | ID = 4
Description =
Error - 04.12.2010 15:49:19 | Computer Name = mercury-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 04.12.2010 16:40:16 | Computer Name = mercury-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 15.03.2011 02:53:58 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 06:45:21 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.03.2011 12:23:07 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 15.03.2011 12:30:08 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 15.03.2011 12:35:54 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 15.03.2011 12:59:02 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.03.2011 04:10:05 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.03.2011 04:07:49 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.03.2011 04:36:32 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.03.2011 04:42:28 | Computer Name = mercury-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
ja, wie gesagt, wenn nötig kümmere ich mich heute am späten nachmittag noch um die Gmer.txt, aber wenn man hierdraus bereits erkennen kann, dass nichts ist, dann erspare ich mir das. Vielen Dank soweit erstmal, ich bin jetzt mal auf Antworten gespannt. Oh ach ja, wegen dem Firefox: ich hab ihn nicht installiert, sondern als portable on-off Version, nur falls die Einträge dazu irgendwie komisch aussehen. |
|
17.03.2011, 11:40
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE9 - ein Virenscanfenster öffnet sichZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 12:27
| #9 |
| | IE9 - ein Virenscanfenster öffnet sich Weil er nichts gemeldet hat und ich gerne einen aufgeraemten rechner habe. Ich kam erst danach auf die idee hier nochmal schell gegenzuchecken um meine Paranoia zu beruhigen. |
|
17.03.2011, 12:56
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE9 - ein Virenscanfenster öffnet sich [gelöst] Sry aber ein paar Logs verstopfen nicht den Rechner. Naja. Installier Malwarebytes bitte wieder, mach ein Update und einen Vollscan.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2011, 16:27
| #11 |
| | IE9 - ein Virenscanfenster öffnet sich [gelöst] gut, Malwarebytes läuft |
|
17.03.2011, 19:14
| #12 | |
| | IE9 - ein Virenscanfenster öffnet sich [gelöst] Hier der Log: Zitat:
/edit: ok, Gmer Log ist gestorben, das Programm stürzt ab (Bluescreen). It es absolut notwendig? Wenn ja, dann versuch ichs nochmal, ansonsten würd ichs lieber lassen. Geändert von okulossos (17.03.2011 um 20:06 Uhr) |
|
18.03.2011, 18:18
| #13 |
| | IE9 - ein Virenscanfenster öffnet sich [gelöst] Gut, also Theoretisch läuft GMER schon, aber das scannt so tief, dass es bei einer gut gefüllten 1TB Festplatte wohl doch länger als einen Tag brauchen wird und läuft so instabil, dass es wohl doch überwacht werden muss, daher erspare ich mir das an dieser Stelle. Was da genau passiert war kann man ohnehin nicht mehr rekonstruieren, auch wenn ich mir in den Hintern beiße, dass ich keinen Screenshot gemacht habe. Wenn es Werbung war weiß ich nicht was Combofix gelöscht hat, aber es scheint nichts relevantes gewesen zu sein. Wenn es etwas bösariges war ist entweder meine Abwehr damit fertig geworden und ich weiß wieder nicht was Combofix gefunden hat, oder Combofix hat die Sache für mich erledigt. Jedenfalls findet kein Tool noch irendwas, und das ist entweder gut, oder so schlecht dass es eh keine Hoffnung mehr gibt  .Mein PC scheint sauber zu sein und Combofix scheint nichts ´relevantes kaputt gemacht zu haben und da die Logs, die ich gepostet habe scheinbar niemandem Aufschluss über meine Situation geben beende ich die Sache an dieser Stelle einmal, bevor das Analysieren eines eventuellen Problems noch zu realen Problemen führt. Ich werde jetzt diese ganzen Analysetools entsorgen, mein Registry nach Auffälligkeiten durchsuchen meinen Rechner ein paar Woche lang beobachten, und alles wichtige erstmal von der Linuxpartition aus machen. Ich bin mir jetzt unsicher in wie fern dieses Forum hilfreich war oder nicht, denn der Einzige, der sich die Logs angesehen hat war wohl ich selbst. Dennoch habe ich hier schon ne Menge interessanter Infos gewonnen gehabt, also ist es auf jeden fall cool, dass es euch gibt. Vielleicht wirds das nächste Mal ja was (auch wenn ich hoeffe, dass es kein nächstes Mal geben wird). Wichtig ist für mich auch, dass dieses problem einmal im Internet erwähnt war, sollte es tatsächlich etwas Windows eigenes gewesen sein, was ich nicht glaube. Bis die Tage  |
|
| Themen zu IE9 - ein Virenscanfenster öffnet sich |
| antivirus, avast, avast!, benutzer, brauch, combofix, dateien, defender, funktioniert, hijack, hijackthis, home, installiert, log, meldung, scan, scanner, software, suche, system, system32, tab, trojaner, virenscan, virenscanner, öffnet |
Linear-Darstellung
