Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: popup fenster gehen alle paar minuten auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 24.10.2010, 15:44   #1
EvilKnievel
 
popup fenster gehen alle paar minuten auf - Standard

popup fenster gehen alle paar minuten auf



hatte mir gestern einiges an müll eingefangen wobei die systemwiederherstellungskonsole etc deaktiviert wurde (bereits behoben).

jedoch gehen alle paar minuten vom internetexplorer popupfenster auf mit zufälligen adressen... hier mal meine logfile (hoffe habe alles in h**p umgeändert... mein benutzername soll kein geheimnis sein...)


ich hoffe mir kann geholfen werden
MFG

Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:25, on 24.10.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
D:\Program Files (x86)\CPU-Control\CPU_Control.exe
D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\DSL-Manager\DslMgr.exe
D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files (x86)\avmwlanstick\WLanGUI.exe
D:\Windows\SysWOW64\Ctxfihlp.exe
D:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
D:\Windows\SysWOW64\CTXFISPI.EXE
D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\VirtualDJ\virtualdj.exe
D:\Windows\Ggowoa.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://welt4.freewar.de/freewar/index.php?login_failure=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: D:\Windows\SysWow64\qkad7.dll - {B6BA40C1-A501-59BD-F413-03B03A2C8952} - D:\Windows\SysWow64\qkad7.dll (file missing)
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - D:\Users\Stefan\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up] "D:\Program Files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CPU_Control] D:\Program Files (x86)\CPU-Control\CPU_Control.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "D:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: DSL-Manager.lnk = D:\Program Files (x86)\DSL-Manager\DslMgr.exe
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - h**p://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: AnyDiscHelp.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\SysWow64\DreamScene.dll
O22 - SharedTaskScheduler: dfskea98e4iagjiufhg87df87u - {B6BA40C1-A501-59BD-F413-03B03A2C8952} - D:\Windows\SysWow64\qkad7.dll (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - D:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASDR - Unknown owner - D:\Windows\SysWOW64\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - D:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - D:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDD & SSD access service - BinarySense Ltd. - D:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - D:\Windows\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - D:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12732 bytes

Alt 24.10.2010, 20:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
popup fenster gehen alle paar minuten auf - Standard

popup fenster gehen alle paar minuten auf



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 27.10.2010, 14:55   #3
EvilKnievel
 
popup fenster gehen alle paar minuten auf - Standard

popup fenster gehen alle paar minuten auf



Otl:

OTL Logfile:
Code:
ATTFilter
otl logfile created on: 10/27/2010 3:41:56 pm - run 1
otl by oldtimer - version 3.2.17.1     folder = d:\users\stefan\desktop
64bit- ultimate edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 8.0.7600.16385)
locale: 00000409 | country: Germany | language: Deu | date format: Dd.mm.yyyy
 
6.00 gb total physical memory | 4.00 gb available physical memory | 68.00% memory free
12.00 gb paging file | 10.00 gb available in paging file | 80.00% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = d: | %systemroot% = d:\windows | %programfiles% = d:\program files (x86)
drive c: | 76.33 gb total space | 17.34 gb free space | 22.71% space free | partition type: Ntfs
drive d: | 201.01 gb total space | 129.15 gb free space | 64.25% space free | partition type: Ntfs
drive e: | 1196.25 gb total space | 403.74 gb free space | 33.75% space free | partition type: Ntfs
drive g: | 265.75 gb total space | 86.52 gb free space | 32.56% space free | partition type: Ntfs
drive h: | 100.00 gb total space | 77.71 gb free space | 77.71% space free | partition type: Ntfs
 
computer name: Stefan-pc | user name: Stefan | logged in as administrator.
Boot mode: Normal | scan mode: Current user | include 64bit scans
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 30 days
 
========== processes (safelist) ==========
 
prc - d:\users\stefan\desktop\otl.exe (oldtimer tools)
prc - d:\users\stefan\appdata\local\temp\gd0.exe (trend micro inc.)
prc - d:\program files (x86)\mozilla firefox\firefox.exe (mozilla corporation)
prc - d:\program files (x86)\mozilla firefox\plugin-container.exe (mozilla corporation)
prc - d:\program files (x86)\virtualdj\virtualdj.exe (atomix productions)
prc - d:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh)
prc - d:\program files (x86)\daemon tools lite\dtlite.exe (dt soft ltd)
prc - d:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh)
prc - d:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh)
prc - d:\program files (x86)\common files\binarysense\disksvc.exe (binarysense ltd.)
prc - d:\program files (x86)\asus\smartdoctor\smartdoctor.exe (asustek inc.)
prc - d:\program files (x86)\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab)
prc - d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatuner.exe ()
prc - d:\windows\syswow64\asdr.exe ()
prc - d:\program files (x86)\asus\ai suite\ainap\ainap.exe ()
prc - d:\program files (x86)\analog devices\core\smax4pnp.exe (analog devices, inc.)
prc - d:\windows\syswow64\ctxfihlp.exe (creative technology ltd)
prc - d:\windows\syswow64\ctxfispi.exe (creative technology ltd)
prc - d:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe (elaborate bytes ag)
prc - d:\program files (x86)\analog devices\soundmax\soundmax.exe (analog devices, inc.)
prc - d:\program files (x86)\sony ericsson\sony ericsson pc suite\supserv.exe ()
prc - d:\program files (x86)\avmwlanstick\wlangui.exe (avm berlin)
prc - d:\program files (x86)\avmwlanstick\wlannetservice.exe (avm berlin)
prc - d:\program files (x86)\creative\shared files\ctaudsvc.exe (creative technology ltd)
prc - d:\program files (x86)\cpu-control\cpu_control.exe ()
 
 
========== modules (safelist) ==========
 
mod - d:\users\stefan\desktop\otl.exe (oldtimer tools)
mod - d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (microsoft corporation)
mod - d:\windows\syswow64\wtsapi32.dll (microsoft corporation)
mod - d:\windows\syswow64\winsta.dll (microsoft corporation)
mod - d:\windows\syswow64\normaliz.dll (microsoft corporation)
 
 
========== win32 services (safelist) ==========
 
srv:64bit: - (kmservice) -- d:\windows\sysnative\srvany.exe file not found
srv:64bit: - (uxtuneup) -- d:\windows\sysnative\uxtuneup.dll (tuneup software)
srv:64bit: - (netzmanager service) -- d:\program files\netzmanager\nminfrais2\netzmanager_service.exe (deutsche telekom ag)
srv:64bit: - (windefend) -- d:\program files\windows defender\mpsvc.dll (microsoft corporation)
srv:64bit: - (appmgmt) -- d:\windows\sysnative\appmgmts.dll (microsoft corporation)
srv:64bit: - (aeadifilters) -- d:\windows\sysnative\aeadisrv.exe (andrea electronics corporation)
srv:64bit: - (atkfusservice) -- d:\windows\sysnative\atkfusservice.exe (asustek computer inc.)
srv - (lavasoft ad-aware service) -- d:\program files (x86)\lavasoft\ad-aware\aawservice.exe (lavasoft)
srv - (tuneup.utilitiessvc) -- d:\program files (x86)\tuneup utilities 2011\tuneuputilitiesservice64.exe (tuneup software)
srv - (uxtuneup) tuneup designerweiterung (beta) -- d:\windows\syswow64\uxtuneup.dll (tuneup software)
srv - (tomtomhomeservice) -- d:\program files (x86)\tomtom home 2\tomtomhomeservice.exe (tomtom)
srv - (antivirservice) -- d:\program files (x86)\avira\antivir desktop\avguard.exe (avira gmbh)
srv - (antivirschedulerservice) -- d:\program files (x86)\avira\antivir desktop\sched.exe (avira gmbh)
srv - (naupdate) -- d:\program files (x86)\nero\update\nasvc.exe (nero ag)
srv - (emmadevmgmtsvc) -- d:\program files (x86)\common files\sony ericsson\emma core\services64\emmadevicemgmt.exe (sony ericsson mobile communications)
srv - (emmaupdmgmtsvc) -- d:\program files (x86)\common files\sony ericsson\emma core\services64\emmaupdatemgmt.exe (sony ericsson mobile communications)
srv - (hdd & ssd access service) -- d:\program files (x86)\common files\binarysense\disksvc.exe (binarysense ltd.)
srv - (creative alchemy al6 licensing service) -- d:\program files (x86)\common files\creative labs shared\service\al6licensing.exe (creative labs)
srv - (creative audio engine licensing service) -- d:\program files (x86)\common files\creative labs shared\service\ctaelicensing.exe (creative labs)
srv - (aspnet_state) -- d:\windows\microsoft.net\framework64\v4.0.21006\aspnet_state.exe (microsoft corporation)
srv - (wpffontcache_v0400) -- d:\windows\microsoft.net\framework64\v4.0.21006\wpf\wpffontcache_v0400.exe (microsoft corporation)
srv - (clr_optimization_v4.0.21006_64) -- d:\windows\microsoft.net\framework64\v4.0.21006\mscorsvw.exe (microsoft corporation)
srv - (clr_optimization_v4.0.21006_32) -- d:\windows\microsoft.net\framework\v4.0.21006\mscorsvw.exe (microsoft corporation)
srv - (asdr) -- d:\windows\syswow64\asdr.exe ()
srv - (daupdatersvc) -- g:\dragon age\bin_ship\daupdatersvc.service.exe (bioware)
srv - (clr_optimization_v2.0.50727_32) -- d:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe (microsoft corporation)
srv - (omsi download service) -- d:\program files (x86)\sony ericsson\sony ericsson pc suite\supserv.exe ()
srv - (avm wlan connection service) -- d:\program files (x86)\avmwlanstick\wlannetservice.exe (avm berlin)
srv - (ctaudsvcservice) -- d:\program files (x86)\creative\shared files\ctaudsvc.exe (creative technology ltd)
srv - (dfsdks) -- d:\program files (x86)\ashampoo\ashampoo winoptimizer 6\dfsdks.exe (mst software gmbh, germany)
srv - (tdslmgrservice) -- d:\program files (x86)\dsl-manager\dslmgrsvc.exe (t-systems enterprise services gmbh)
srv - (nero backitup scheduler 4.0) -- d:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe (nero ag)
srv - (kmservice) -- d:\windows\syswow64\srvany.exe ()
 
 
========== driver services (safelist) ==========
 
drv:64bit: - (nvflash) -- d:\windows\sysnative\drivers\nvflash.sys file not found
drv:64bit: - (elbycdio) -- d:\windows\sysnative\drivers\elbycdio.sys (elaborate bytes ag)
drv:64bit: - (lbd) -- d:\windows\sysnative\drivers\lbd.sys (lavasoft ab)
drv:64bit: - (anydvd) -- d:\windows\sysnative\drivers\anydvd.sys (slysoft, inc.)
drv:64bit: - (avipbb) -- d:\windows\sysnative\drivers\avipbb.sys (avira gmbh)
drv:64bit: - (avgntflt) -- d:\windows\sysnative\drivers\avgntflt.sys (avira gmbh)
drv:64bit: - (atksgt) -- d:\windows\sysnative\drivers\atksgt.sys ()
drv:64bit: - (lirsgt) -- d:\windows\sysnative\drivers\lirsgt.sys ()
drv:64bit: - (sptd) -- d:\windows\sysnative\drivers\sptd.sys ()
drv:64bit: - (eio64) -- d:\windows\sysnative\drivers\eio64.sys (asustek computer inc.)
drv:64bit: - (xusb21) -- d:\windows\sysnative\drivers\xusb21.sys (microsoft corporation)
drv:64bit: - (amdsata) -- d:\windows\sysnative\drivers\amdsata.sys (advanced micro devices)
drv:64bit: - (amdxata) -- d:\windows\sysnative\drivers\amdxata.sys (advanced micro devices)
drv:64bit: - (amdsbs) -- d:\windows\sysnative\drivers\amdsbs.sys (amd technologies inc.)
drv:64bit: - (lsi_sas2) -- d:\windows\sysnative\drivers\lsi_sas2.sys (lsi corporation)
drv:64bit: - (hpsamd) -- d:\windows\sysnative\drivers\hpsamd.sys (hewlett-packard company)
drv:64bit: - (stexstor) -- d:\windows\sysnative\drivers\stexstor.sys (promise technology)
drv:64bit: - (ntfs) -- d:\windows\sysnative\wbem\ntfs.mof ()
drv:64bit: - (nvenetfd) -- d:\windows\sysnative\drivers\nvm62x64.sys (nvidia corporation)
drv:64bit: - (ebdrv) -- d:\windows\sysnative\drivers\evbda.sys (broadcom corporation)
drv:64bit: - (b06bdrv) -- d:\windows\sysnative\drivers\bxvbda.sys (broadcom corporation)
drv:64bit: - (b57nd60a) -- d:\windows\sysnative\drivers\b57nd60a.sys (broadcom corporation)
drv:64bit: - (hcw85cir) -- d:\windows\sysnative\drivers\hcw85cir.sys (hauppauge computer works, inc.)
drv:64bit: - (adihdaudaddservice) -- d:\windows\sysnative\drivers\adihdaud.sys (analog devices, inc.)
drv:64bit: - (ha20x2k) -- d:\windows\sysnative\drivers\ha20x2k.sys (creative technology ltd)
drv:64bit: - (emupia) -- d:\windows\sysnative\drivers\emupia2k.sys (creative technology ltd)
drv:64bit: - (ctsfm2k) -- d:\windows\sysnative\drivers\ctsfm2k.sys (creative technology ltd)
drv:64bit: - (ctprxy2k) -- d:\windows\sysnative\drivers\ctprxy2k.sys (creative technology ltd)
drv:64bit: - (ossrv) -- d:\windows\sysnative\drivers\ctoss2k.sys (creative technology ltd.)
drv:64bit: - (ctaud2k) creative audio driver (wdm) -- d:\windows\sysnative\drivers\ctaud2k.sys (creative technology ltd)
drv:64bit: - (ctac32k) -- d:\windows\sysnative\drivers\ctac32k.sys (creative technology ltd)
drv:64bit: - (ctexfifx.sys) -- d:\windows\sysnative\drivers\ctexfifx.sys (creative technology ltd.)
drv:64bit: - (ctexfifx) -- d:\windows\sysnative\drivers\ctexfifx.sys (creative technology ltd.)
drv:64bit: - (cthwiut.sys) -- d:\windows\sysnative\drivers\cthwiut.sys (creative technology ltd.)
drv:64bit: - (cthwiut) -- d:\windows\sysnative\drivers\cthwiut.sys (creative technology ltd.)
drv:64bit: - (ct20xut.sys) -- d:\windows\sysnative\drivers\ct20xut.sys (creative technology ltd.)
drv:64bit: - (ct20xut) -- d:\windows\sysnative\drivers\ct20xut.sys (creative technology ltd.)
drv:64bit: - (vclone) -- d:\windows\sysnative\drivers\vclone.sys (elaborate bytes ag)
drv:64bit: - (mtsensor) -- d:\windows\sysnative\drivers\asacpi.sys ()
drv:64bit: - (hotcore3) -- d:\windows\sysnative\drivers\hotcore3.sys (paragon software group)
drv:64bit: - (ggsemc) -- d:\windows\sysnative\drivers\ggsemc.sys (sony ericsson mobile communications)
drv:64bit: - (ggflt) -- d:\windows\sysnative\drivers\ggflt.sys (sony ericsson mobile communications)
drv:64bit: - (a4djavs_x64) -- d:\windows\sysnative\drivers\a4djavs_x64.sys (native instruments gmbh)
drv:64bit: - (a4djusb_x64) -- d:\windows\sysnative\drivers\a4djusb_x64.sys (native instruments gmbh)
drv:64bit: - (fwlanusbn) -- d:\windows\sysnative\drivers\fwlanusbn.sys (avm gmbh)
drv:64bit: - (avmeject) -- d:\windows\sysnative\drivers\avmeject.sys (avm berlin)
drv:64bit: - (atkdisplf) -- d:\windows\sysnative\drivers\atkdisplowfilter.sys (asustek computer inc.)
drv:64bit: - (asusgsb) -- d:\windows\sysnative\drivers\asusgsb.sys (asustek computer inc.)
drv:64bit: - (s0017unic) sony ericsson device 0017 usb ethernet emulation semc0017 (wdm) -- d:\windows\sysnative\drivers\s0017unic.sys (mcci corporation)
drv:64bit: - (s0017obex) -- d:\windows\sysnative\drivers\s0017obex.sys (mcci corporation)
drv:64bit: - (s0017nd5) sony ericsson device 0017 usb ethernet emulation semc0017 (ndis) -- d:\windows\sysnative\drivers\s0017nd5.sys (mcci corporation)
drv:64bit: - (s0017mdm) -- d:\windows\sysnative\drivers\s0017mdm.sys (mcci corporation)
drv:64bit: - (s0017mgmt) sony ericsson device 0017 usb wmc device management drivers (wdm) -- d:\windows\sysnative\drivers\s0017mgmt.sys (mcci corporation)
drv:64bit: - (s0017mdfl) -- d:\windows\sysnative\drivers\s0017mdfl.sys (mcci corporation)
drv:64bit: - (s0017bus) sony ericsson device 0017 driver (wdm) -- d:\windows\sysnative\drivers\s0017bus.sys (mcci corporation)
drv:64bit: - (seehcri) -- d:\windows\sysnative\drivers\seehcri.sys (sony ericsson mobile communications)
drv:64bit: - (sifilter) -- d:\windows\sysnative\drivers\siwinacc.sys (silicon image, inc)
drv:64bit: - (siremfil) -- d:\windows\sysnative\drivers\siremfil.sys (silicon image, inc)
drv:64bit: - (si3132) -- d:\windows\sysnative\drivers\si3132.sys (silicon image, inc)
drv:64bit: - (dslmnlwf) -- d:\windows\sysnative\drivers\dslmnlwf.sys (t-systems enterprise services gmbh)
drv:64bit: - (s125obex) -- d:\windows\sysnative\drivers\s125obex.sys (mcci corporation)
drv:64bit: - (s125bus) sony ericsson device 125 driver (wdm) -- d:\windows\sysnative\drivers\s125bus.sys (mcci corporation)
drv:64bit: - (elbycdfl) -- d:\windows\sysnative\drivers\elbycdfl.sys (slysoft, inc.)
drv:64bit: - (fwlanusb) -- d:\windows\sysnative\drivers\fwlanusb.sys (avm gmbh)
drv - (lavasoft kernexplorer) -- d:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys ()
drv - (anydvd) -- d:\windows\syswow64\drivers\anydvd.sys (slysoft, inc.)
drv - (tuneuputilitiesdrv) -- d:\program files (x86)\tuneup utilities 2011\tuneuputilitiesdriver64.sys (tuneup software)
drv - (rivatuner64) -- d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatuner64.sys ()
drv - (elbycdfl) -- d:\windows\syswow64\drivers\elbycdfl.sys (slysoft, inc.)
drv - (nvflash) -- d:\windows\syswow64\drivers\nvflash.sys ()
 
 
========== standard registry (safelist) ==========
 
 
========== internet explorer ==========
 
ie - hklm\software\microsoft\internet explorer\main,local page = d:\windows\syswow64\blank.htm
 
ie - hkcu\software\microsoft\internet explorer\main,secondary start pages = h**p://4fuckr.com/page_1.htm [binary data]
ie - hkcu\software\microsoft\internet explorer\main,start page = h**p://welt4.freewar.de/freewar/index.php?login_failure=1
ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache = h**p://de.msn.com/?ocid=iehp
ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = de
ie - hkcu\software\microsoft\internet explorer\main,start page redirect cache_timestamp = 2c bd 8f ab a4 60 ca 01  [binary data]
ie - hkcu\..\urlsearchhook:  - reg error: Key error. File not found
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
 
========== firefox ==========
 
ff - prefs.js..browser.search.defaultenginename: "icq search"
ff - prefs.js..browser.search.selectedengine: "google"
ff - prefs.js..browser.search.usedbfororder: True
ff - prefs.js..browser.startup.homepage: "google.de"
ff - prefs.js..extensions.enableditems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
ff - prefs.js..extensions.enableditems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
ff - prefs.js..extensions.enableditems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
ff - prefs.js..extensions.enableditems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
ff - prefs.js..extensions.enableditems: Jl@leimbach-it.de:2.5
ff - prefs.js..extensions.enableditems: {ddc359d1-844a-42a7-9aa1-88a850a938a8}:1.1.10
ff - prefs.js..keyword.url: "h**p://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
ff - hklm\software\mozilla\mozilla firefox 3.6.11\extensions\\components: D:\program files (x86)\mozilla firefox\components [2010/10/21 13:26:43 | 000,000,000 | ---d | m]
ff - hklm\software\mozilla\mozilla firefox 3.6.11\extensions\\plugins: D:\program files (x86)\mozilla firefox\plugins [2010/10/21 13:26:43 | 000,000,000 | ---d | m]
 
[2010/10/08 17:59:59 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\extensions
[2010/10/08 17:59:59 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\extensions\home2@tomtom.com
[2010/10/26 21:00:36 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions
[2010/03/07 19:07:33 | 000,000,000 | ---d | m] (linkification) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/07/18 21:40:08 | 000,000,000 | ---d | m] (reloadevery) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/10/14 21:50:48 | 000,000,000 | ---d | m] (downloadhelper) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/20 06:33:38 | 000,000,000 | ---d | m] (adblock plus) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/09 14:35:58 | 000,000,000 | ---d | m] (downthemall!) -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\{ddc359d1-844a-42a7-9aa1-88a850a938a8}
[2010/03/26 00:10:48 | 000,000,000 | ---d | m] -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\extensions\jl@leimbach-it.de
[2010/03/13 11:43:38 | 000,000,687 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icq-search.xml
[2010/04/09 05:24:01 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-1.xml
[2010/06/24 05:14:10 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-2.xml
[2010/06/28 05:34:20 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin-3.xml
[2010/03/23 21:50:29 | 000,000,950 | ---- | m] () -- d:\users\stefan\appdata\roaming\mozilla\firefox\profiles\eluxhlz3.default\searchplugins\icqplugin.xml
[2010/10/26 21:00:36 | 000,000,000 | ---d | m] -- d:\program files (x86)\mozilla firefox\extensions
[2010/08/10 22:39:24 | 000,001,392 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/08/10 22:39:24 | 000,002,344 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\ebay-de.xml
[2010/08/10 22:39:24 | 000,006,805 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/08/10 22:39:24 | 000,001,178 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/08/10 22:39:24 | 000,001,105 | ---- | m] () -- d:\program files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
o1 hosts file: ([2009/06/10 23:00:26 | 000,000,824 | ---- | m]) - d:\windows\sysnative\drivers\etc\hosts
o2:64bit: - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~2\office14\urlredir.dll (microsoft corporation)
o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~2\micros~1\office14\urlredir.dll (microsoft corporation)
o2 - bho: (d:\windows\syswow64\qkad7.dll) - {b6ba40c1-a501-59bd-f413-03b03a2c8952} - d:\windows\syswow64\qkad7.dll file not found
o3 - hklm\..\toolbar: (toolbar fuer ebay) - {000e148c-f7a7-445a-9044-93bf6ce09ecb} - d:\users\stefan\appdata\roaming\toolbars\toolbar fuer ebay\ebay.dll ()
o3 - hkcu\..\toolbar\webbrowser: (toolbar fuer ebay) - {000e148c-f7a7-445a-9044-93bf6ce09ecb} - d:\users\stefan\appdata\roaming\toolbars\toolbar fuer ebay\ebay.dll ()
o4:64bit: - hklm..\run: [rivatuner] d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatunerwrapper.exe ()
o4:64bit: - hklm..\run: [rivatunerstartupdaemon] d:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\rivatunerwrapper.exe ()
o4:64bit: - hklm..\run: [soundmax] d:\program files (x86)\analog devices\soundmax\soundmax.exe (analog devices, inc.)
o4 - hklm..\run: [ai nap] d:\program files (x86)\asus\ai suite\ainap\ainap.exe ()
o4 - hklm..\run: [avgnt] d:\program files (x86)\avira\antivir desktop\avgnt.exe (avira gmbh)
o4 - hklm..\run: [avmwlanclient] d:\program files (x86)\avmwlanstick\wlangui.exe (avm berlin)
o4 - hklm..\run: [clonecdtray] d:\program files (x86)\slysoft\clonecd\clonecdtray.exe (slysoft, inc.)
o4 - hklm..\run: [cpu level up] d:\program files (x86)\asus\ai suite\cpu level upex\cpulevelup.exe (asustek)
o4 - hklm..\run: [ctxfihlp] d:\windows\syswow64\ctxfihlp.exe (creative technology ltd)
o4 - hklm..\run: [qfan help] d:\program files (x86)\asus\ai suite\qfan3\qfanhelp.exe ()
o4 - hklm..\run: [soundmaxpnp] d:\program files (x86)\analog devices\core\smax4pnp.exe (analog devices, inc.)
o4 - hklm..\run: [virtualclonedrive] d:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe (elaborate bytes ag)
o4 - hkcu..\run: [cpu_control] d:\program files (x86)\cpu-control\cpu_control.exe ()
o4 - hkcu..\run: [daemon tools lite] d:\program files (x86)\daemon tools lite\dtlite.exe (dt soft ltd)
o4 - hkcu..\run: [icq] d:\program files (x86)\icq7.0\icq.exe (icq, llc.)
o4 - hkcu..\run: [koo9rv9k4z] d:\users\stefan\appdata\local\temp\gd0.exe (trend micro inc.)
o4 - hkcu..\run: [sony ericsson pc suite] d:\program files (x86)\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab)
o4 - startup: D:\users\stefan\appdata\roaming\microsoft\windows\start menu\programs\startup\dsl-manager.lnk = d:\program files (x86)\dsl-manager\dslmgr.exe (t-systems enterprise services gmbh)
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktop = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktopchanges = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enableinstallerdetection = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablelua = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablesecureuiapaths = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablevirtualization = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Promptonsecuredesktop = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Shutdownwithoutlogon = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Undockwithoutlogon = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o6 - hklm\software\microsoft\windows\currentversion\policies\system\uipi\clipboard\exceptionformats: Cf_text = 1 [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
o7 - hkcu\software\microsoft\windows\currentversion\policies\explorer: Nodrivetypeautorun = 145
o8:64bit: - extra context menu item: Add to &bom - d:\\progra~2\\biet-o~1\\\\addtobom.hta ()
o8 - extra context menu item: Add to &bom - d:\\progra~2\\biet-o~1\\\\addtobom.hta ()
o9 - extra button: Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - d:\program files (x86)\icq7.0\icq.exe (icq, llc.)
o9 - extra 'tools' menuitem : Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - d:\program files (x86)\icq7.0\icq.exe (icq, llc.)
o13 - gopher prefix: Missing
o13 - gopher prefix: Missing
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17)
o16 - dpf: {cafeefac-0016-0000-0017-abcdeffedcba} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (java plug-in 1.6.0_17)
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (shockwave flash object)
o16 - dpf: {f6acf75c-c32c-447b-9bef-46b766368d29} h**p://ccfiles.creative.com/web/softwareupdate/su2/ocx/15109/ctpid.cab (creative software autoupdate support package)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.178.1
o18 - protocol\handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - reg error: Key error. File not found
o20 - appinit_dlls: (anydischelp.dll) -  file not found
o20:64bit: - hklm winlogon: Shell - (explorer.exe) - d:\windows\explorer.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - d:\windows\sysnative\systempropertiesperformance.exe (microsoft corporation)
o20:64bit: - hklm winlogon: Vmapplet - (/pagefile) -  file not found
o20 - hklm winlogon: Shell - (explorer.exe) - d:\windows\syswow64\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (/pagefile) -  file not found
o20 - hkcu winlogon: Shell - (d:\users\stefan\appdata\roaming\hotfix.exe) - d:\users\stefan\appdata\roaming\hotfix.exe file not found
o21:64bit: - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - clsid or file not found.
O21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - clsid or file not found.
O22:64bit: - sharedtaskscheduler: {e31004d1-a431-41b8-826f-e902f9d95c81} - windows dreamscene - d:\windows\sysnative\dreamscene.dll (microsoft corporation)
o22 - sharedtaskscheduler: {b6ba40c1-a501-59bd-f413-03b03a2c8952} - dfskea98e4iagjiufhg87df87u - d:\windows\syswow64\qkad7.dll file not found
o22 - sharedtaskscheduler: {e31004d1-a431-41b8-826f-e902f9d95c81} - windows dreamscene - d:\windows\syswow64\dreamscene.dll (microsoft corporation)
o27:64bit: - hklm ifeo\taskmgr.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\pmlauncher.exe (tuneup software)
o27:64bit: - hklm ifeo\unins000.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe (tuneup software)
o27:64bit: - hklm ifeo\wo6.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe (tuneup software)
o27 - hklm ifeo\taskmgr.exe: Debugger - d:\program files (x86)\tuneup utilities 2011\pmlauncher.exe (tuneup software)
o27 - hklm ifeo\unins000.exe: Debugger - "d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe" (tuneup software)
o27 - hklm ifeo\wo6.exe: Debugger - "d:\program files (x86)\tuneup utilities 2011\tuautoreactivator64.exe" (tuneup software)
o32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2009/11/06 12:40:17 | 000,000,000 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o33 - mountpoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\shell - "" = autorun
o33 - mountpoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\shell\autorun\command - "" = f:\pushinst.exe -- file not found
o33 - mountpoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\shell - "" = autorun
o33 - mountpoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\shell\autorun\command - "" = j:\launchu3.exe -- file not found
o34 - hklm bootexecute: (autocheck autochk *) -  file not found
o34 - hklm bootexecute: (lsdelete) -  file not found
o35:64bit: - hklm\..comfile [open] -- "%1" %*
o35:64bit: - hklm\..exefile [open] -- "%1" %*
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o36 - appcertdlls: Diskvaws - (d:\windows\system32\icartend.dll) - d:\windows\syswow64\icartend.dll file not found
o37:64bit: - hklm\...com [@ = comfile] -- "%1" %*
o37:64bit: - hklm\...exe [@ = exefile] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
 
========== files/folders - created within 30 days ==========
 
[2010/10/27 15:39:09 | 000,575,488 | ---- | c] (oldtimer tools) -- d:\users\stefan\desktop\otl.exe
[2010/10/24 17:00:29 | 000,069,152 | ---- | c] (lavasoft ab) -- d:\windows\sysnative\drivers\lbd.sys
[2010/10/24 15:00:14 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\sunbelt software
[2010/10/24 14:59:40 | 000,000,000 | -h-d | c] -- d:\programdata\{e961ce1b-c3ea-4882-9f67-f859b555d097}
[2010/10/24 14:59:36 | 000,000,000 | ---d | c] -- d:\programdata\lavasoft
[2010/10/24 14:59:36 | 000,000,000 | ---d | c] -- d:\program files (x86)\lavasoft
[2010/10/23 21:13:59 | 000,000,000 | ---d | c] -- d:\program files (x86)\trend micro
[2010/10/23 21:12:26 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\vlc
[2010/10/23 18:47:50 | 000,000,000 | ---d | c] -- d:\programdata\spybot - search & destroy
[2010/10/23 18:46:19 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\avira
[2010/10/23 18:36:04 | 000,116,568 | ---- | c] (avira gmbh) -- d:\windows\sysnative\drivers\avipbb.sys
[2010/10/23 18:36:04 | 000,081,072 | ---- | c] (avira gmbh) -- d:\windows\sysnative\drivers\avgntflt.sys
[2010/10/23 18:36:04 | 000,051,992 | ---- | c] (avira gmbh) -- d:\windows\syswow64\drivers\avgntdd.sys
[2010/10/23 18:36:04 | 000,017,016 | ---- | c] (avira gmbh) -- d:\windows\syswow64\drivers\avgntmgr.sys
[2010/10/23 18:36:03 | 000,000,000 | ---d | c] -- d:\programdata\avira
[2010/10/23 18:36:03 | 000,000,000 | ---d | c] -- d:\program files (x86)\avira
[2010/10/23 18:09:32 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\dbcontrol
[2010/10/20 22:57:49 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\arcania - gothic 4
[2010/10/14 05:35:39 | 000,702,976 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\msfeeds.dll
[2010/10/14 05:35:39 | 000,599,040 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\msfeeds.dll
[2010/10/14 05:35:39 | 000,057,856 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\licmgr10.dll
[2010/10/14 05:35:39 | 000,044,544 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\licmgr10.dll
[2010/10/14 05:35:38 | 000,482,816 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\html.iec
[2010/10/14 05:35:38 | 000,386,048 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\html.iec
[2010/10/14 05:35:38 | 000,256,000 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\iepeers.dll
[2010/10/14 05:35:38 | 000,247,808 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\ieui.dll
[2010/10/14 05:35:38 | 000,185,856 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\iepeers.dll
[2010/10/14 05:35:38 | 000,176,640 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\ieui.dll
[2010/10/14 05:35:38 | 000,097,280 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\mshtmled.dll
[2010/10/14 05:35:38 | 000,067,072 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mshtmled.dll
[2010/10/14 05:35:38 | 000,012,800 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\msfeedssync.exe
[2010/10/14 05:35:38 | 000,012,288 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\msfeedssync.exe
[2010/10/14 05:34:41 | 014,627,840 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmp.dll
[2010/10/14 05:34:40 | 012,625,408 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmploc.dll
[2010/10/14 05:34:40 | 011,406,848 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmp.dll
[2010/10/14 05:34:39 | 012,625,920 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmploc.dll
[2010/10/14 05:34:38 | 002,085,376 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\ole32.dll
[2010/10/14 05:34:12 | 000,633,856 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\comctl32.dll
[2010/10/14 05:34:08 | 001,024,512 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\wmpmde.dll
[2010/10/14 05:34:08 | 000,954,752 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mfc40.dll
[2010/10/14 05:34:08 | 000,954,288 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\mfc40u.dll
[2010/10/14 05:34:08 | 000,738,816 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\wmpmde.dll
[2010/10/14 05:34:07 | 000,483,840 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\structuredquery.dll
[2010/10/14 05:34:07 | 000,148,992 | ---- | c] (microsoft corporation) -- d:\windows\sysnative\t2embed.dll
[2010/10/14 05:34:07 | 000,109,056 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\t2embed.dll
[2010/10/14 05:34:06 | 000,009,728 | ---- | c] (microsoft corporation) -- d:\windows\syswow64\sscore.dll
[2010/10/10 21:17:50 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\anydvdhd
[2010/10/08 18:21:16 | 000,000,000 | ---d | c] -- d:\program files (x86)\gpsbabel
[2010/10/08 18:10:41 | 000,000,000 | ---d | c] -- d:\program files\7-zip
[2010/10/08 18:00:11 | 000,000,000 | ---d | c] -- d:\users\stefan\documents\tomtom
[2010/10/08 18:00:08 | 000,000,000 | ---d | c] -- d:\programdata\tomtom
[2010/10/08 17:59:59 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\roaming\tomtom
[2010/10/08 17:59:59 | 000,000,000 | ---d | c] -- d:\users\stefan\appdata\local\tomtom
[2010/10/08 17:59:54 | 000,000,000 | ---d | c] -- d:\program files (x86)\tomtom international b.v
[2010/10/08 17:59:45 | 000,000,000 | ---d | c] -- d:\program files (x86)\tomtom home 2
[2010/09/30 23:25:10 | 000,040,104 | ---- | c] (elaborate bytes ag) -- d:\windows\sysnative\drivers\elbycdio.sys
[2010/09/30 13:18:24 | 000,089,256 | ---- | c] (elaborate bytes ag) -- d:\windows\syswow64\elbycdio.dll
[2010/09/27 20:24:45 | 000,000,000 | ---d | c] -- d:\program files (x86)\daemon tools lite
[2010/01/11 22:24:29 | 000,148,736 | ---- | c] (avanquest software) -- d:\programdata\hpe671b.dll
[2010/01/01 17:08:48 | 000,148,736 | ---- | c] (avanquest software) -- d:\programdata\hpe363d.dll
[2009/06/04 01:57:38 | 000,060,928 | ---- | c] ( ) -- d:\windows\syswow64\a3d.dll
[2 d:\windows\*.tmp files -> d:\windows\*.tmp -> ]
 
========== files - modified within 30 days ==========
 
[2010/10/27 15:40:29 | 000,575,488 | ---- | m] (oldtimer tools) -- d:\users\stefan\desktop\otl.exe
[2010/10/27 15:36:02 | 000,000,248 | -h-- | m] () -- d:\windows\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job
[2010/10/27 15:34:54 | 000,000,290 | -h-- | m] () -- d:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job
[2010/10/27 15:18:34 | 000,000,982 | ---- | m] () -- d:\users\stefan\appdata\roaming\microsoft\windows\start menu\programs\startup\dsl-manager.lnk
[2010/10/27 15:15:43 | 000,014,224 | -h-- | m] () -- d:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2010/10/27 15:15:43 | 000,014,224 | -h-- | m] () -- d:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2010/10/27 15:08:49 | 000,000,394 | ---- | m] () -- d:\windows\tasks\ad-aware update (weekly).job
[2010/10/27 15:08:19 | 000,067,584 | --s- | m] () -- d:\windows\bootstat.dat
[2010/10/27 15:08:17 | 535,732,223 | -hs- | m] () -- d:\hiberfil.sys
[2010/10/27 05:46:14 | 000,063,460 | ---- | m] () -- d:\windows\sysnative\bmxstatebkp-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010/10/27 05:46:14 | 000,063,460 | ---- | m] () -- d:\windows\sysnative\bmxstate-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010/10/27 05:46:14 | 000,001,080 | ---- | m] () -- d:\windows\sysnative\settingsbkup.sfm
[2010/10/27 05:46:14 | 000,001,080 | ---- | m] () -- d:\windows\sysnative\settings.sfm
[2010/10/27 05:46:14 | 000,000,788 | ---- | m] () -- d:\windows\sysnative\dvcstate-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010/10/24 14:59:39 | 000,001,174 | ---- | m] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\ad-aware.lnk
[2010/10/24 14:59:39 | 000,001,150 | ---- | m] () -- d:\users\public\desktop\ad-aware.lnk
[2010/10/24 14:09:32 | 028,541,623 | ---- | m] () -- d:\program files (x86)\spybot - search & destroy.rar
[2010/10/23 21:13:59 | 000,002,981 | ---- | m] () -- d:\users\stefan\desktop\hijackthis.lnk
[2010/10/23 19:11:56 | 000,000,103 | ---- | m] () -- d:\windows\wininit.ini
[2010/10/23 19:02:35 | 000,001,066 | ---- | m] () -- d:\users\public\desktop\vlc media player.lnk
[2010/10/23 19:01:13 | 019,657,194 | ---- | m] () -- d:\users\stefan\documents\vlc-1.1.4-win32.exe
[2010/10/23 18:36:13 | 000,002,066 | ---- | m] () -- d:\users\public\desktop\avira antivir control center.lnk
[2010/10/23 18:09:24 | 000,000,179 | ---- | m] () -- d:\users\stefan\appdata\roaming\42693.bat
[2010/10/23 18:09:06 | 000,000,016 | ---- | m] () -- d:\users\stefan\appdata\roaming\dxqkew.dat
[2010/10/23 18:08:41 | 000,000,004 | ---- | m] () -- d:\users\stefan\appdata\roaming\avdrn.dat
[2010/10/23 18:07:50 | 000,001,164 | ---- | m] () -- d:\users\stefan\desktop\antimalware doctor.lnk
[2010/10/23 18:07:50 | 000,001,144 | ---- | m] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk
[2010/10/20 22:48:37 | 000,000,690 | ---- | m] () -- d:\users\public\desktop\arcania - gothic 4 starten.lnk
[2010/10/15 05:28:23 | 001,619,748 | ---- | m] () -- d:\windows\sysnative\perfstringbackup.ini
[2010/10/15 05:28:23 | 000,697,474 | ---- | m] () -- d:\windows\sysnative\perfh007.dat
[2010/10/15 05:28:23 | 000,654,354 | ---- | m] () -- d:\windows\sysnative\perfh009.dat
[2010/10/15 05:28:23 | 000,148,104 | ---- | m] () -- d:\windows\sysnative\perfc007.dat
[2010/10/15 05:28:23 | 000,121,224 | ---- | m] () -- d:\windows\sysnative\perfc009.dat
[2010/10/14 14:25:02 | 000,418,392 | ---- | m] () -- d:\windows\sysnative\fntcache.dat
[2010/10/12 14:44:28 | 000,000,083 | -hs- | m] () -- d:\programdata\.zreglib
[2010/10/10 21:17:30 | 000,001,199 | ---- | m] () -- d:\users\public\desktop\clonedvd2.lnk
[2010/10/10 21:17:10 | 000,001,101 | ---- | m] () -- d:\users\public\desktop\anydvd.lnk
[2010/10/02 19:41:27 | 002,966,140 | ---- | m] () -- d:\users\stefan\documents\2010-10-2-17-41-mymdb_backup.xlg
[2010/10/01 21:37:12 | 002,944,588 | ---- | m] () -- d:\users\stefan\documents\2010-10-1-19-37-mymdb_backup.xlg
[2010/09/30 23:25:10 | 000,040,104 | ---- | m] (elaborate bytes ag) -- d:\windows\sysnative\drivers\elbycdio.sys
[2010/09/30 13:18:24 | 000,089,256 | ---- | m] (elaborate bytes ag) -- d:\windows\syswow64\elbycdio.dll
[2 d:\windows\*.tmp files -> d:\windows\*.tmp -> ]
 
========== files created - no company name ==========
 
[2010/10/25 20:41:36 | 000,000,394 | ---- | c] () -- d:\windows\tasks\ad-aware update (weekly).job
[2010/10/24 16:57:20 | 000,015,880 | ---- | c] () -- d:\windows\sysnative\lsdelete.exe
[2010/10/24 14:59:39 | 000,001,174 | ---- | c] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\ad-aware.lnk
[2010/10/24 14:59:39 | 000,001,150 | ---- | c] () -- d:\users\public\desktop\ad-aware.lnk
[2010/10/24 14:09:19 | 028,541,623 | ---- | c] () -- d:\program files (x86)\spybot - search & destroy.rar
[2010/10/23 21:13:59 | 000,002,981 | ---- | c] () -- d:\users\stefan\desktop\hijackthis.lnk
[2010/10/23 19:11:56 | 000,000,103 | ---- | c] () -- d:\windows\wininit.ini
[2010/10/23 19:02:35 | 000,001,066 | ---- | c] () -- d:\users\public\desktop\vlc media player.lnk
[2010/10/23 18:57:08 | 019,657,194 | ---- | c] () -- d:\users\stefan\documents\vlc-1.1.4-win32.exe
[2010/10/23 18:36:13 | 000,002,066 | ---- | c] () -- d:\users\public\desktop\avira antivir control center.lnk
[2010/10/23 18:10:48 | 000,000,290 | -h-- | c] () -- d:\windows\tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job
[2010/10/23 18:10:43 | 000,000,248 | -h-- | c] () -- d:\windows\tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job
[2010/10/23 18:09:32 | 000,000,000 | ---- | c] () -- d:\users\stefan\appdata\local\googleupdate.log
[2010/10/23 18:09:24 | 000,000,179 | ---- | c] () -- d:\users\stefan\appdata\roaming\42693.bat
[2010/10/23 18:09:06 | 000,000,016 | ---- | c] () -- d:\users\stefan\appdata\roaming\dxqkew.dat
[2010/10/23 18:08:41 | 000,000,004 | ---- | c] () -- d:\users\stefan\appdata\roaming\avdrn.dat
[2010/10/23 18:07:50 | 000,001,164 | ---- | c] () -- d:\users\stefan\desktop\antimalware doctor.lnk
[2010/10/23 18:07:50 | 000,001,144 | ---- | c] () -- d:\users\stefan\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk
[2010/10/20 22:48:37 | 000,000,690 | ---- | c] () -- d:\users\public\desktop\arcania - gothic 4 starten.lnk
[2010/10/10 21:17:30 | 000,001,199 | ---- | c] () -- d:\users\public\desktop\clonedvd2.lnk
[2010/10/10 21:17:10 | 000,001,101 | ---- | c] () -- d:\users\public\desktop\anydvd.lnk
[2010/10/02 19:41:21 | 002,966,140 | ---- | c] () -- d:\users\stefan\documents\2010-10-2-17-41-mymdb_backup.xlg
[2010/10/01 21:37:07 | 002,944,588 | ---- | c] () -- d:\users\stefan\documents\2010-10-1-19-37-mymdb_backup.xlg
[2010/04/02 17:17:34 | 000,179,091 | ---- | c] () -- d:\windows\syswow64\xlive.dll.cat
[2010/02/07 14:21:18 | 000,000,193 | ---- | c] () -- d:\windows\wordpad.ini
[2010/01/23 14:13:08 | 053,992,860 | ---- | c] () -- d:\program files (x86)\mymdb.rar
[2009/12/31 16:31:52 | 000,000,083 | -hs- | c] () -- d:\programdata\.zreglib
[2009/12/19 16:50:42 | 000,000,034 | ---- | c] () -- d:\windows\cdplayer.ini
[2009/12/03 20:33:24 | 000,000,156 | ---- | c] () -- d:\users\stefan\appdata\roaming\default.rss
[2009/12/03 20:33:07 | 000,000,069 | ---- | c] () -- d:\windows\nerodigital.ini
[2009/11/28 15:39:19 | 000,015,873 | ---- | c] () -- d:\windows\syswow64\inetde.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asrussian.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\askorean.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asjapan.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asgerman.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\asfrench.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\aseng.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\ascht.dll
[2009/11/09 20:47:16 | 000,053,248 | ---- | c] () -- d:\windows\syswow64\aschs.dll
[2009/11/09 20:47:15 | 000,761,856 | ---- | c] () -- d:\windows\syswow64\xvidcore.dll
[2009/11/09 20:47:15 | 000,180,224 | ---- | c] () -- d:\windows\syswow64\xvidvfw.dll
[2009/11/09 16:39:36 | 000,000,038 | ---- | c] () -- d:\windows\avisplitter.ini
[2009/11/07 20:04:33 | 000,003,040 | ---- | c] () -- d:\windows\syswow64\drivers\nvflash.sys
[2009/11/07 19:39:06 | 000,024,576 | r--- | c] () -- d:\windows\syswow64\asio.dll
[2009/11/07 19:39:06 | 000,013,368 | r--- | c] () -- d:\windows\syswow64\drivers\asio.sys
[2009/11/07 19:38:45 | 000,001,769 | ---- | c] () -- d:\windows\language_trs.ini
[2009/11/07 19:35:19 | 001,594,390 | ---- | c] () -- d:\windows\syswow64\perfstringbackup.ini
[2009/11/07 19:21:22 | 000,148,480 | ---- | c] () -- d:\windows\syswow64\apomngr.dll
[2009/11/07 19:21:22 | 000,073,728 | ---- | c] () -- d:\windows\syswow64\cmdrtr.dll
[2009/11/07 19:20:49 | 000,003,072 | ---- | c] () -- d:\windows\syswow64\ctxfiger.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | c] () -- d:\windows\syswow64\bwcontexthandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | c] () -- d:\windows\syswow64\msjetoledb40.dll
[2009/06/04 02:37:08 | 000,021,093 | ---- | c] () -- d:\windows\syswow64\instwdm.ini
[2009/06/04 02:37:06 | 000,000,054 | ---- | c] () -- d:\windows\syswow64\ctzapxx.ini
[2009/06/04 01:55:20 | 000,002,560 | ---- | c] () -- d:\windows\syswow64\ctxfires.dll
[2009/05/27 10:49:00 | 000,000,285 | ---- | c] () -- d:\windows\syswow64\kill.ini
 
========== alternate data streams ==========
 
@alternate data stream - 24 bytes -> d:\windows:917ecb1c0ee15d1d

< end of report >
         
--- --- ---




extras:

OTL Logfile:
Code:
ATTFilter
otl extras logfile created on: 10/27/2010 3:41:56 pm - run 1
otl by oldtimer - version 3.2.17.1     folder = d:\users\stefan\desktop
64bit- ultimate edition  (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 8.0.7600.16385)
locale: 00000409 | country: Germany | language: Deu | date format: Dd.mm.yyyy
 
6.00 gb total physical memory | 4.00 gb available physical memory | 68.00% memory free
12.00 gb paging file | 10.00 gb available in paging file | 80.00% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
 
%systemdrive% = d: | %systemroot% = d:\windows | %programfiles% = d:\program files (x86)
drive c: | 76.33 gb total space | 17.34 gb free space | 22.71% space free | partition type: Ntfs
drive d: | 201.01 gb total space | 129.15 gb free space | 64.25% space free | partition type: Ntfs
drive e: | 1196.25 gb total space | 403.74 gb free space | 33.75% space free | partition type: Ntfs
drive g: | 265.75 gb total space | 86.52 gb free space | 32.56% space free | partition type: Ntfs
drive h: | 100.00 gb total space | 77.71 gb free space | 77.71% space free | partition type: Ntfs
 
computer name: Stefan-pc | user name: Stefan | logged in as administrator.
Boot mode: Normal | scan mode: Current user | include 64bit scans
company name whitelist: Off | skip microsoft files: Off | no company name whitelist: On | file age = 30 days
 
========== extra registry (safelist) ==========
 
 
========== file associations ==========
 
64bit: [hkey_local_machine\software\classes\<extension>]
.url[@ = internetshortcut] -- d:\windows\system32\ieframe.dll (microsoft corporation)
 
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- d:\windows\syswow64\control.exe (microsoft corporation)
.url [@ = internetshortcut] -- d:\windows\system32\ieframe.dll (microsoft corporation)
 
[hkey_current_user\software\classes\<extension>]
.html [@ = firefoxhtml] -- d:\program files (x86)\mozilla firefox\firefox.exe (mozilla corporation)
 
========== shell spawning ==========
 
64bit: [hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* file not found
cmdfile [open] -- "%1" %* file not found
comfile [open] -- "%1" %* file not found
exefile [open] -- "%1" %* file not found
helpfile [open] -- reg error: Key error.
Inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
internetshortcut [open] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\ieframe.dll",openurl %l (microsoft corporation)
internetshortcut [print] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation)
piffile [open] -- "%1" %* file not found
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1" file not found
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l (microsoft corporation)
scrfile [open] -- "%1" /s file not found
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1 file not found
directory [addtoplaylistvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
directory [playwithvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
internetshortcut [open] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\ieframe.dll",openurl %l (microsoft corporation)
internetshortcut [print] -- "d:\windows\system32\rundll32.exe" "d:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l (microsoft corporation)
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [addtoplaylistvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
directory [playwithvlc] -- "d:\program files (x86)\videolan\vlc\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
 
========== security center settings ==========
 
64bit: [hkey_local_machine\software\microsoft\security center]
"cval" = 1 -- [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
 
64bit: [hkey_local_machine\software\microsoft\security center\monitoring]
 
64bit: [hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = 28 4d b2 76 41 04 ca 01  [binary data]
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
 
64bit: [hkey_local_machine\software\microsoft\security center\svc\vol]
 
[hkey_local_machine\software\microsoft\security center]
 
[hkey_local_machine\software\microsoft\security center\svc]
 
========== system restore settings ==========
 
64bit: [hkey_local_machine\software\policies\microsoft\windows nt\systemrestore]
 
[hkey_local_machine\software\policies\microsoft\windows nt\systemrestore]
 
========== firewall settings ==========
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1 -- [2010/07/06 17:28:22 | 000,000,000 | ---d | m]
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 0
 
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 0
 
========== authorized applications list ==========
 
 
========== hkey_local_machine uninstall list ==========
 
64bit: [hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{013cca52-da56-4133-ac2b-1988a9568c30}" = native instruments audio 4 dj driver
"{0b8565ba-bad5-4732-b122-5fd78efc50a9}" = native instruments service center
"{0f2d7186-ef54-37fa-aa61-ed6f88e771ce}" = microsoft .net framework 4 extended beta 2
"{23170f69-40c1-2702-0915-000001000000}" = 7-zip 9.15 (x64 edition)
"{267b3e82-c941-47d8-bcd3-1bbbb56fcbc6}" = native instruments maschine controller driver
"{2aac4085-dcbf-417b-aebd-182197839240}" = native instruments traktor
"{3d3e663d-4e7e-4577-a560-7ecddd45548a}" = pvsonydll
"{43b74fab-fb58-447d-8d3a-5f638af36fd1}" = netzmanager
"{4ffa2088-8317-3b14-93cd-4c699db37843}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729
"{7930fb47-6452-4476-bf16-d77f748646db}" = native instruments session io driver
"{8220eefe-38cd-377e-8595-13398d740ace}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000ff1ce}" = microsoft office professional plus 2010
"{90140000-0012-0000-1000-0000000ff1ce}" = microsoft office standard 2010
"{90140000-0015-0407-1000-0000000ff1ce}" = microsoft office access mui (german) 2010
"{90140000-0016-0000-1000-0000000ff1ce}" = microsoft office excel 2010
"{90140000-0016-0407-1000-0000000ff1ce}" = microsoft office excel mui (german) 2010
"{90140000-0018-0000-1000-0000000ff1ce}" = microsoft office powerpoint 2010
"{90140000-0018-0407-1000-0000000ff1ce}" = microsoft office powerpoint mui (german) 2010
"{90140000-0019-0407-1000-0000000ff1ce}" = microsoft office publisher mui (german) 2010
"{90140000-001a-0000-1000-0000000ff1ce}" = microsoft office outlook 2010
"{90140000-001a-0407-1000-0000000ff1ce}" = microsoft office outlook mui (german) 2010
"{90140000-001b-0000-1000-0000000ff1ce}" = microsoft office word 2010
"{90140000-001b-0407-1000-0000000ff1ce}" = microsoft office word mui (german) 2010
"{90140000-001f-0407-1000-0000000ff1ce}" = microsoft office proof (german) 2010
"{90140000-001f-0409-1000-0000000ff1ce}" = microsoft office proof (english) 2010
"{90140000-001f-040c-1000-0000000ff1ce}" = microsoft office proof (french) 2010
"{90140000-001f-0410-1000-0000000ff1ce}" = microsoft office proof (italian) 2010
"{90140000-002c-0407-1000-0000000ff1ce}" = microsoft office proofing (german) 2010
"{90140000-0043-0000-1000-0000000ff1ce}" = microsoft office office 32-bit components 2010
"{90140000-0043-0407-1000-0000000ff1ce}" = microsoft office shared 32-bit mui (german) 2010
"{90140000-0044-0407-1000-0000000ff1ce}" = microsoft office infopath mui (german) 2010
"{90140000-006e-0407-1000-0000000ff1ce}" = microsoft office shared mui (german) 2010
"{90140000-008b-0000-1000-0000000ff1ce}" = microsoft office small business basics 2010
"{90140000-00a1-0407-1000-0000000ff1ce}" = microsoft office onenote mui (german) 2010
"{90140000-00ba-0407-1000-0000000ff1ce}" = microsoft office groove mui (german) 2010
"{a35001f0-f1e4-11dd-a38b-005056c00008}" = paragon partition manager™ 10.0 professional
"{b0efb716-085b-4564-8060-212e41f5ce50}" = windows live id sign-in assistant
"{b962ad08-335f-46f7-a182-257d37672e5c}" = native instruments rig kontrol 3 driver
"{e856e900-52de-3f06-b493-b39442a717f6}" = microsoft .net framework 4 client profile beta 2
"{ee936c7a-ea40-31d5-9b65-8e3e089c3828}" = microsoft visual c++ 2008 atl update kb973924 - x64 9.0.30729.4148
"microsoft .net framework 4 client profile beta 2" = microsoft .net framework 4 client profile beta 2
"microsoft .net framework 4 extended beta 2" = microsoft .net framework 4 extended beta 2
"nvidia display control panel" = nvidia display control panel
"nvidia drivers" = nvidia drivers
"office14.excel" = microsoft excel 2010
"office14.outlook" = microsoft outlook 2010
"office14.powerpoint" = microsoft powerpoint 2010
"office14.proplus" = microsoft office professional plus 2010
"office14.smallbusbasics" = microsoft office small business basics 2010
"office14.standard" = microsoft office standard 2010
"office14.word" = microsoft word 2010
"teamspeak 3 client" = teamspeak 3 client
"win7x64 components_is1" = win7x64 components v1.2.1
"winrar archiver" = winrar
 
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = microsoft visual c++ 2008 atl update kb973924 - x86 9.0.30729.4148
"{02b244a2-7f6a-42e8-a36f-8c385d7a1625}" = gothic iii
"{0711500b-9912-4d60-9a49-c577b4503d42}" = nero recode help
"{07ff7593-9dea-40b5-9f87-f557e65bbf60}" = nero recode
"{08b3869e-d282-424c-9afc-870e04a4ba14}" = rockstar games social club
"{08c8666b-c502-4ab3-b4cb-d74ac42d14fe}" = nero backitup 10 help (chm)
"{11a84fca-c3c7-4afd-a797-111db8569dbc}" = nero burningrom
"{155f4a0e-76ed-45a2-91fb-ff2a2133c31a}" = risen
"{16987e99-c95c-4513-9239-7b44a0a71db5}" = nero soundtrax 10 help (chm)
"{1b040683-c390-4711-abc7-da8d85e470e7}" = neroburningrom
"{1b8fe958-a304-4902-bf7a-4e2f0f5b7017}_is1" = gpsbabel 1.4.1
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{1f7fb68f-52f6-46a3-b42f-38ce46295ae5}" = nero mediahub 10
"{237ccb62-8454-43e3-b158-3acd0134852e}" = high-definition video playback 10
"{24036256-bfdb-4cd3-be8a-a3d6160f2e16}" = tuneup utilities 2011
"{2436f2a8-4b7e-4b6c-ae4e-604c84aa6a4f}" = nero core components 10
"{26a24ae4-039d-4ca4-87b4-2f83216017ff}" = java(tm) 6 update 17
"{277c1559-4cf7-44ff-8d07-98aa9c13aabd}" = nero multimedia suite 10
"{28526951-55ef-4901-a0ca-b9ac966d1dd1}" = split/second
"{2d3455a8-3b15-41a8-99f8-0d4215746463}" = nero startsmart
"{2ffe93f0-bb72-4e52-8761-354d1aaa9387}" = sony ericsson pc suite 6.009.00
"{3097b151-1f61-4211-a4cc-d70127b226ae}" = soundtrax
"{310bc5e2-31af-49bb-904d-e71eb93645dc}" = ai suite
"{329411a0-19f3-4740-874f-17400b126f27}" = nero vision 10 help (chm)
"{33643918-7957-4839-92c7-ea96cb621a98}" = nero express 10 help (chm)
"{34bdf3bf-aa61-42e7-8818-c16a304910fc}" = emma core
"{3ac8457c-0385-4bea-a959-e095f05d6d67}" = battlefield: Bad company™ 2
"{3f30cc51-0788-487b-aa83-7214a239c0c0}" = nero disc copy gadget help
"{406fb8a4-f539-48a9-809c-f94706f9c9f6}_is1" = s.t.a.l.k.e.r. - call of pripyat [v1.6.01]
"{42c8b7df-feb0-4d51-b169-506b6bec5797}" = nero 10 menu templatepack 1
"{4343080e-91b7-4388-ab4d-fb1000008200}" = dead rising 2
"{43fbab46-5969-4200-9958-1ff81fee506f}" = nero 10 movie themepack 1
"{45a66726-69bc-466b-a7a4-12fcba4883d7}" = hijackthis
"{4d42353b-533f-4306-ad0b-7fef292ade04}" = nero coverdesigner help
"{4e8c27c2-d727-4c00-a90e-c3f6376eee70}" = nero controlcenter
"{5454083b-1308-4485-bf17-111000028701}" = grand theft auto: Episodes from liberty city
"{5454083b-1308-4485-bf17-111000028702}" = grand theft auto: Episodes from liberty city
"{5454083b-1308-4485-bf17-111000028703}" = grand theft auto: Episodes from liberty city
"{5454083b-1308-4485-bf17-111000038701}" = grand theft auto: Episodes from liberty city
"{555868c6-49fb-484f-bb43-8980651a1b00}" = nero burnrights 10 help (chm)
"{56be5cc9-95e6-4128-abea-968414ca9c80}" = dolbyfiles
"{56c049be-79e9-4502-bea7-9754a3e60f9b}" = neroxml
"{579ba58c-f33d-4970-9953-b94b43768ac3}" = grand theft auto iv
"{589a63d3-89e1-4d9b-8dbc-6039bb27289e}" = activision(r)
"{5ae12194-3eaa-40df-b2bf-fe1d6b78bbf4}" = nero vision
"{5c2e8a0f-80e2-4c68-8cc0-d8d16e7196bf}" = nero rescueagent help
"{5c9a7e65-5b71-4c7f-876a-8c6af9e9e23d}" = saboteur™
"{5d4c60aa-84e6-4e1a-8a68-69970d387be1}" = tuneup utilities language pack (de-de)
"{61b8b2f9-d8da-4b24-89a9-db09f38a4899}" = grand theft auto: Episodes from liberty city
"{63aa3eab-23bb-48b2-9ad0-44f878075604}" = nero 10 menu templatepack basic
"{65bb0407-4cc8-4dc7-952e-3eefdf05602a}" = nero update
"{66049135-9659-4aad-9169-9cca269ebb3e}" = nero infotool 10 help (chm)
"{6dfb899f-17a2-48f0-a533-ed8d6866cf38}" = nero control center 10
"{70550193-1c22-445c-8fa4-564e155db1a7}" = nero express 10
"{70f19404-b96c-4ebb-ad2b-3574f8736197}" = nero 10 movie themepack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{76e41f43-59d2-4f30-ba42-9a762ee1e8de}" = avanquest update
"{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
"{775dc704-aae3-4a79-981f-ea1cbaf96eb7}" = gothic iii - götterdämmerung
"{7a295d8f-484b-4ffb-89ab-c1fd497591fe}" = nero waveeditor 10 help (chm)
"{7a5d731d-b4b3-490e-b339-75685712baab}" = nero burning rom 10
"{7ee873af-46bb-4b5d-ba6f-cfe4b0566e22}" = tuneup utilities language pack (de-de)
"{7f88c9e5-12bd-404f-ac6a-108baac9b708}" = asus gamer osd
"{809d7e6d-915d-4ead-821f-e13d93f37161}" = asus smart doctor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = microsoft visual c++ 2005 redistributable
"{888f1505-c2b3-4fde-835d-36353ebd4754}" = ubisoft game launcher
"{88eb38ef-4d2c-436d-abd3-56b232674062}" = icq7
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight
"{8ecec853-5c3d-4b10-b5c7-ff11ff724807}" = nero recode 10
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{8fb1b528-e260-451e-9b55-e9152f94b80b}" = microsoft games for windows - live redistributable
"{90a455a7-0fc8-4508-b7fa-8f135b8f041a}" = dsl-manager
"{92146419-ae44-4c8b-a48b-0abb1b5ec026}" = nero 10 menu templatepack 3
"{92a10e9d-ea00-4a46-8f22-eea660992d61}" = nero 10 sample videos
"{92e25238-61a3-4acd-a407-3c480eef47a7}" = nero rescueagent 10 help (chm)
"{93a10228-4f64-4a31-b7b9-bc6aa7753bb8}" = scratch live 1.8.2 (18221)
"{943cc0c0-2253-4fe0-9493-dd386f7857fd}" = nero express
"{961d53ea-40dc-4156-ad74-25684ce05f81}" = nero installer
"{96ed4b78-300e-4033-ae6c-c115ceb4df07}" = nero 10 clipartpack
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
"{9a4297f3-2a51-4ed9-92ca-4bcb8380947e}" = nero vision 10
"{9a875b56-a35c-46ba-a3aa-df8d03ee9f2f}" = nero controlcenter
"{9b6b24be-80e7-46c4-9fa5-b167d5e0f345}" = nero burningrom 10 help (chm)
"{9c916142-c18c-429d-bfed-40094a7e0beb}" = die siedler 7
"{9e78c42c-4ff9-4f41-bbc4-bf872606e79d}_is1" = driver robot 1.1.0.14
"{9f3523f8-dad7-ae52-6da7-45cdddf33726}" = advertising center
"{a3a61264-b075-46be-9c97-376ea4ceeef5}" = pdfgrabber 6.0
"{a73bec3c-40a0-480e-87ef-efcd33629088}" = neroexpress
"{a8399f58-234a-48c6-ba55-30c15738bf3c}" = nero coverdesigner
"{a8f2089b-1f79-4bf6-b385-a2c2b0b9a74d}" = imagxpress
"{ac76ba86-7ad7-1031-7b44-a93000000001}" = adobe reader 9.3.3 - deutsch
"{acd15fdf-fc42-4175-b477-576f92ff2256}" = nero 10 sample imagepack
"{ae3cf174-872c-46c6-b9f6-c0593f3bc7b8}" = microsoft office live add-in 1.4
"{aec81925-9c76-4707-84a9-40696c613ed3}" = dragon age: Origins
"{b2c12c8d-65dc-40bd-b309-5adb0c6c8d8f}" = nero waveeditor
"{b4092c6d-e886-4cb2-ba68-fe5a88d31de6}_is1" = spybot - search & destroy
"{b8777ffc-165b-4dde-b60b-ad5533d9ead3}" = aquasoft photokalender 3
"{b96c2601-52f5-4d5d-816a-63469ea311ef}" = "nero soundtrax help
"{bcd82ab5-670d-4242-90fa-1f97103c16cd}" = movie templates - starter kit
"{c18a0418-442a-4186-af98-d08f5054a2fc}" = nero discspeed 10 help (chm)
"{c3273c55-e1e4-41ff-8d69-0158090db8d8}" = nero coverdesigner 10 help (chm)
"{c3580ac4-c827-4332-b935-9a282ed5bb97}" = nero dolby files 10
"{c99c89a3-119a-45e6-b26e-dd5643caa0c5}" = menu templates - starter kit
"{cd1826a5-cfcc-4c6e-9f9d-e181876162ea}" = nero rescue agent
"{d0894778-7254-401e-8a82-f9c05ae100bb}" = nero 9
"{d24db8b9-bb6c-4334-9619-ba1c650e13d3}" = microsoft primary interoperability assemblies 2005
"{d7c206b6-1a63-4389-a8b1-8f607d0bff1f}" = nero startsmart help
"{db7c1d4a-08ba-4c7e-a8aa-b7f9bb372dcf}" = nero recode 10 help (chm)
"{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = ad-aware
"{e1ee5339-5d32-458f-baab-b19f6301bce2}" = nero soundtrax 10
"{e337e787-cf61-4b7b-b84f-509202a54023}" = nero rescueagent 10
"{e4a8dd87-a746-4443-bf25-caf99ced6767}" = nero disc copy gadget
"{e712c273-7564-4c8e-aa59-0fa19bc35117}" = nero 10 menu templatepack 2
"{e86156e5-9859-440d-8876-26ced1349802}" = nero waveeditor help
"{ed3d71cc-9f3b-4ac5-9e55-ab915ebc0beb}" = hdd temperature v.4
"{edcdfad5-df80-4600-a493-e9dad6810230}" = nero waveeditor 10
"{efe1ab94-5466-4b6e-be31-ff4c115fd25d}" = max payne 2
"{f0a37341-d692-11d4-a984-009027ec0a9c}" = soundmax
"{f333a33d-125c-32a2-8dce-5c5d14231e27}" = visual c++ 2008 x86 runtime - (v9.0.30729)
"{f333a33d-125c-32a2-8dce-5c5d14231e27}.vc_x86runtime_30729_01" = visual c++ 2008 x86 runtime - v9.0.30729.01
"{f412b4af-388c-4ff5-9b2f-33db1c536953}" = nero infotool 10
"{f467862a-d9ca-47ed-8d81-b4b3c9399272}" = nero mediahub 10 help (chm)
"{f53f6769-ac46-49e3-abe3-2c8afd39d0dd}" = nero vision
"{f5cb822f-b365-43d1-bcc0-4fda1a2017a7}" = nero 10 movie themepack basic
"{f6117f9c-adb5-4590-9be4-12c7bec28702}" = nero startsmart 10 help (chm)
"{f61d489e-6c44-49ac-ad02-7da8aca73a65}" = nero startsmart 10
"{f97e3841-ca9d-4964-9d64-26066241d26f}" = microsoft games for windows - live
"{f9835182-794b-4f24-902a-e2ca9d43380f}" = nvidia physx
"{ff66e9f6-83e7-3a3e-af14-8de9a809a6a4}" = microsoft visual c++ 2008 redistributable - x86 9.0.21022
"ad-aware" = ad-aware
"adobe flash player activex" = adobe flash player 10 activex
"adobe flash player plugin" = adobe flash player 10 plugin
"alchemy" = creative alchemy
"any dvd converter professional_is1" = any dvd converter professional 3.5.8
"anydvd" = anydvd
"aoa video joiner_is1" = aoa video joiner
"aquasoft photokalender 3" = aquasoft photokalender 3
"arcania" = arcania - gothic 4
"ashampoo winoptimizer 6_is1" = ashampoo winoptimizer 6.30
"asio4all" = asio4all
"audiocs" = creative audio-systemsteuerung
"audiograbber" = audiograbber 1.83 se 
"audiograbber-lame" = audiograbber lame-mp3-plugin
"avi2dvd" = avi2dvd 0.4.5 beta
"avira antivir desktop" = avira antivir personal - free antivirus
"avisynth" = avisynth 2.5
"avmwlancli" = avm fritz!wlan
"biet-o-matic v2.12.0" = biet-o-matic v2.12.0
"ca_movielabel_is1" = movie label 2011 v6.1
"call of duty modern warfare 2_is1" = call of duty modern warfare 2
"clonecd" = clonecd
"clonedvd2" = clonedvd2
"console launcher" = creative konsole starter
"cpu-control_is1" = cpu-control
"creative software autoupdate" = creative software autoupdate
"creative sound blaster properties x64 edition" = creative sound blaster properties x64 edition
"efcl seculauncher error fix v1.1 by tokzic 1.1" = efcl seculauncher error fix v1.1 by tokzic 1.1
"eflc errors fix v1.3 tokzic 4 mygully" = eflc errors fix v1.3 tokzic 4 mygully
"festo fluidsim_is1" = festo fluidsim 3.6
"formatfactory" = formatfactory 2.20
"future wars" = future wars
"g3qp231012008_is1" = questpaket 4 update 1 deinstallation
"gfwl_{4343080e-91b7-4388-ab4d-fb1000008200}" = dead rising 2
"gordon's gate flash driver" = gordon's gate flash driver 1.1.0.12
"host openal (adi)" = host openal (adi)
"installshield_{589a63d3-89e1-4d9b-8dbc-6039bb27289e}" = blur(tm)
"installshield_{809d7e6d-915d-4ead-821f-e13d93f37161}" = asus smart doctor
"logo!soft comfort v6.0" = logo!soft comfort v6.0
"mafia ii update 1_is1" = mafia ii update 1
"mafia ii_is1" = mafia ii
"manhunt 2" = manhunt 2
"mkv to avi with subtitle_is1" = mkv to avi with subtitle version 2.0
"mozilla firefox (3.6.11)" = mozilla firefox (3.6.11)
"mymdb_0" = mymdb 3.5.3
"mymdb_1" = mymdb 3.6
"mymdb_2" = mymdb 3.6
"mymdb_3" = mymdb 3.6
"mymdb_4" = mymdb 3.6
"mymdb_5" = mymdb 3.6
"native instruments audio 4 dj driver" = native instruments audio 4 dj driver
"native instruments finale gpo" = native instruments finale gpo
"native instruments maschine controller driver" = native instruments maschine controller driver
"native instruments rig kontrol 3 driver" = native instruments rig kontrol 3 driver
"native instruments service center" = native instruments service center
"native instruments session io driver" = native instruments session io driver
"native instruments traktor" = native instruments traktor
"native instruments traktor dj studio 3" = native instruments traktor dj studio 3
"netzmanager" = netzmanager
"no-ip.com duc" = no-ip.com duc (remove only)
"openal" = openal
"reason4_is1" = reason 4.0
"rivatuner" = rivatuner v2.24 msi master overclocking arena 2009 edition
"semc omsi module" = semc omsi module
"sfbm" = soundfont-bank-manager
"smart recorder" = creative smart recorder
"tbsb03968.tbsb03968toolbar" = toolbar fuer ebay
"teamspeak 2 rc2_is1" = teamspeak 2 rc2
"tomtom home" = tomtom home 2.7.6.2056
"tuneup utilities 2011" = tuneup utilities 2011
"virtual dj - atomix productions" = virtual dj - atomix productions
"virtualclonedrive" = virtualclonedrive
"vlc media player" = vlc media player 1.1.4
"xvid" = xvid mpeg-4 video codec
"youtubeget_is1" = youtubeget 5.3
 
========== hkey_current_user uninstall list ==========
 
[hkey_current_user\software\microsoft\windows\currentversion\uninstall]
"freewar karten editor" = freewar karten editor
 
========== last 10 event log errors ==========
 
error reading event logs: The event service is not operating properly or the event logs are corrupt!
 
< end of report >
         
--- --- ---
__________________

Alt 27.10.2010, 18:54   #4
EvilKnievel
 
popup fenster gehen alle paar minuten auf - Standard

popup fenster gehen alle paar minuten auf



anti mailware logfile:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4964

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.10.2010 19:52:20
mbam-log-2010-10-27 (19-52-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|)
Durchsuchte Objekte: 695500
Laufzeit: 2 Stunde(n), 21 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 34

Infizierte Speicherprozesse:
D:\Users\Stefan\AppData\Local\Temp\Gd0.exe (Rootkit.TDSS) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b6ba40c1-a501-59bd-f413-03b03a2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6ba40c1-a501-59bd-f413-03b03a2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6ba40c1-a501-59bd-f413-03b03a2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KOO9RV9K4Z (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\X3EKEPXJP2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\koo9rv9k4z (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b6ba40c1-a501-59bd-f413-03b03a2c8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
D:\rundllxxxx.exe (Trojan.SpyEyes) -> Delete on reboot.
D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Dateien:
D:\Users\Stefan\AppData\Local\Temp\Gd0.exe (Rootkit.TDSS) -> Delete on reboot.
C:\Downloads\SLSOCLD2928\SLSOCLD2928\CloneDVD 2.9.2.8\keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
D:\rundllxxxx.exe\rundllxxxx.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Local\Temp\Gdz.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Local\Temp\rxsmoecnwa.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Local\Temp\sstol.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Local\Temp\~TM70BF.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
D:\Users\Stefan\Desktop\BACKUP\Desktop\CryptLoad_1.0.5\CryptLoad_1.0.5\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Desktop\Fritz!Box_reconnect\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Desktop\Fritz!Box_reconnect\Fritz!Box 7170\Fritz!Box_reconnect\fritz.box reconnector\bat\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Desktop\Fritz!Box_reconnect\Fritz!Box 7170\Fritz!Box_reconnect\fritz.box reconnector\exe\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Desktop\LOAD\8_EverT-3\Everest Ultimate Edition v.4.20.1283 beta\everest_diskbench.dll (Spyware.Banker) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Desktop\LOAD\8_EverT-3\Everest Ultimate Edition v.4.20.1283 beta\everest_mondiag.dll (Spyware.Banker) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Stefan\Desktop\CryptLoad_1.0.5\CryptLoad_1.0.5\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Stefan\Desktop\Fritz!Box_reconnect\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Stefan\Desktop\Fritz!Box_reconnect\Fritz!Box 7170\Fritz!Box_reconnect\fritz.box reconnector\bat\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Desktop\BACKUP\Stefan\Desktop\Fritz!Box_reconnect\Fritz!Box 7170\Fritz!Box_reconnect\fritz.box reconnector\exe\nc.exe (PUP.KeyLogger) -> Not selected for removal.
D:\Users\Stefan\Downloads\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Not selected for removal.
D:\Users\Stefan\Downloads\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
E:\Gamez\Anno1404 CloneDVD\Crack\Anno_1404_Crack\Anno1404_Crack.exe (Trojan.Bancos) -> Not selected for removal.
E:\Gamez\Call.Of.Duty.World.At.War-RELOADED\Call of Duty World at War v1.0 +10 TRAINER\CoD5_Trn\CoD5_Trn.exe (Malware.Packer.Gen) -> Not selected for removal.
E:\Software\Betriebssysteme\Windows 7 x64\RC1\Windows7-DreamScene\Windows7-DreamScene.exe (Trojan.Dropper) -> Not selected for removal.
E:\Software\Betriebssysteme\Windows Vista\32-Bit-Version\LRMCFRE_DE_DVD\Windows Vista OneClick Activator by CLoNY\4share_urlaub\Crack\VistaActivator.exe (Trojan.Agent) -> Not selected for removal.
E:\Software\OTHER\Adobe.CS3.Web.Premium.German\Adobe.CS3.Web.Premium.Keygen.exe (Trojan.Agent) -> Not selected for removal.
G:\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Not selected for removal.
H:\Users\Stefan\AppData\Local\Temp\E_N4\krnln.fnr (Trojan.GamesThief) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
D:\Users\Stefan\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
D:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 27.10.2010, 21:11   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
popup fenster gehen alle paar minuten auf - Standard

popup fenster gehen alle paar minuten auf



Zitat:
C:\Downloads\SLSOCLD2928\SLSOCLD2928\CloneDVD 2.9.2.8\keygen.exe (RiskWare.Tool.CK) -> Not selected for removal.
E:\Software\OTHER\Adobe.CS3.Web.Premium.German\Adobe.CS3.Web.Premium.Keygen.exe (Trojan.Agent) -> Not selected for removal.
G:\ANNO 1404\Anno1404_Crack.exe (Trojan.Bancos) -> Not selected for removal.[


Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu popup fenster gehen alle paar minuten auf
ad-aware, antivir, antivir guard, asus, avg, avira, bho, desktop, ebay, explorer, firefox, helper, hijack, hijackthis, internet explorer, logfile, mozilla, nvidia, object, popup, senden, software, stick, syswow64, windows, wmp



Ähnliche Themen: popup fenster gehen alle paar minuten auf


  1. Virus oder so, Fenster in meinem browser öffnen sich alle paar minuten (adf.ly)
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (7)
  2. POPUP Fenster gehen auf!
    Log-Analyse und Auswertung - 12.02.2015 (17)
  3. Windows 7: PC springt alle paar Minuten auf den Desktop
    Log-Analyse und Auswertung - 25.09.2013 (17)
  4. fehlermeldungs sound alle paar minuten
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (5)
  5. Was ist nun zu tun? TR/ATRAPS.Gen2 und TR/Sirefef.AG.9 Meldung alle paar Minuten
    Log-Analyse und Auswertung - 10.06.2013 (7)
  6. Mal wieder: TR/ATRAPS.Gen2 und TR/Sirefef.AG.10 Meldung alle paar Minuten
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (7)
  7. TR/Sirefef.AG.35 - Fehlermeldung von Avira erscheint alle paar Minuten
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (17)
  8. Internet setzt alle paar Minuten aus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2011 (24)
  9. PC haengt alle paar Minuten fuer 5 - 20 Sekunden
    Log-Analyse und Auswertung - 12.11.2010 (1)
  10. Mein PC redet alle paar minuten mit mir und dreht mir auch den ton ab.
    Log-Analyse und Auswertung - 17.07.2010 (1)
  11. Antivir gibt alle paar Minuten Warnungen raus
    Log-Analyse und Auswertung - 04.04.2010 (5)
  12. Internet Explorer öffnet alle paar Minuten Werbung
    Mülltonne - 16.12.2008 (0)
  13. FireFox öffnet alle paar Minuten neuen Tab
    Mülltonne - 22.10.2008 (0)
  14. Internez Fenster öffnet sich alle paar Minuten
    Plagegeister aller Art und deren Bekämpfung - 22.10.2008 (1)
  15. Es öffnet sich all paar Minuten ein i-net Fenster
    Mülltonne - 20.10.2008 (0)
  16. werbe fenster gehen alle zwei bis drei minuten auf
    Plagegeister aller Art und deren Bekämpfung - 21.08.2008 (25)
  17. laptop fährt alle paar minuten runter!
    Log-Analyse und Auswertung - 07.08.2007 (3)

Zum Thema popup fenster gehen alle paar minuten auf - hatte mir gestern einiges an müll eingefangen wobei die systemwiederherstellungskonsole etc deaktiviert wurde (bereits behoben). jedoch gehen alle paar minuten vom internetexplorer popupfenster auf mit zufälligen adressen... hier mal meine - popup fenster gehen alle paar minuten auf...
Archiv
Du betrachtest: popup fenster gehen alle paar minuten auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.