| |
| |||||||
Log-Analyse und Auswertung: Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.11.2011, 08:59
| #1 |
 |  Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs hI@all also ich hab mit warscheinlich was eingefangen :-S als ich gestern im netz rumgewandert bin ^^ seit dem startet firefox (oder ab und an auch IE) irgentwelche komischen links Zb: -> hxxp://de.msn.com/?rd=1 von ganz allein :-( das nervt Also hab ich in netz bissel gesucht und euch entdeckt und promt die anleitung befolgt -> http://www.trojaner-board.de/69886-a...-beachten.html Ich bedanke mich schonmal Ganz hertzlich Bei euch :-) und hoffe das wir das wieder hin gekommen :-) logs nochmal im anhang ich häng die otl und extras logs mal an :-) [QUOTE]Und hier nochmal in textform OTL Code:
ATTFilter OTL logfile created on: 10.11.2011 08:35:21 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dj-Elroy\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,73% Memory free 8,00 Gb Paging File | 6,81 Gb Available in Paging File | 85,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 122,34 Gb Free Space | 41,05% Space Free | Partition Type: NTFS Drive D: | 575,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 931,51 Gb Total Space | 10,71 Gb Free Space | 1,15% Space Free | Partition Type: NTFS Computer Name: HAFXNVIDIA | User Name: Dj-Elroy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.10 08:34:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dj-Elroy\Desktop\OTL.exe PRC - [2011.10.20 00:44:42 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPELauncher.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.28 08:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2011.10.20 00:44:40 | 000,211,968 | ---- | M] () -- C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPhoneLib.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 05:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 05:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 05:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 05:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 05:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll MOD - [2009.07.14 02:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.28 08:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.26 15:40:43 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rt61.sys -- (RT61) DRV:64bit: - [2011.10.07 18:28:47 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid) DRV:64bit: - [2011.10.07 18:28:47 | 000,339,968 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE) DRV:64bit: - [2011.10.07 18:28:47 | 000,016,128 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hcw88aud.sys -- (HCW88AUD) DRV:64bit: - [2011.10.02 13:06:27 | 000,503,352 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.09.28 18:49:28 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2011.09.28 18:46:30 | 001,196,032 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.04.17 09:47:42 | 000,062,576 | ---- | M] (Miray) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mvd.sys -- (MirayVirtualDisk) DRV:64bit: - [2010.09.16 18:33:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.08.23 12:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.08.21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 48 E7 BB 02 7E CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=DE&install_date=20111007&user_guid=211C1A8E1E074875BAD7860FD439D8AE&machine_id=a2cc5ff76e858f8fc562255a851c9192&browser=FF&os=win&os_version=6.1-x64-SP0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 07:38:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 18:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dj-Elroy\AppData\Roaming\mozilla\Extensions [2011.10.31 10:43:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dj-Elroy\AppData\Roaming\mozilla\Firefox\Profiles\nun0vy36.default\extensions [2011.10.07 19:18:26 | 000,001,390 | ---- | M] () -- C:\Users\Dj-Elroy\AppData\Roaming\Mozilla\Firefox\Profiles\nun0vy36.default\searchplugins\yahoo-zugo.xml [2011.10.22 20:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.22 20:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\DJ-ELROY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NUN0VY36.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.11.09 07:38:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.10.30 01:15:23 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [iPhone Explorer Launcher] C:\Program Files (x86)\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04F653DF-217B-47F7-B170-2791430A000B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{372D927F-F5C7-4DF8-8B68-0F4254D6290C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.10 08:34:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dj-Elroy\Desktop\OTL.exe [2011.11.09 22:02:27 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Malwarebytes [2011.11.09 22:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.09 22:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.09 22:02:08 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.09 22:02:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.09 21:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.11.09 21:55:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.11.09 20:05:11 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy [2011.11.09 20:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy [2011.11.09 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.11.09 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2011.11.09 18:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2011.11.09 15:29:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.09 15:27:38 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2011.11.09 15:23:24 | 000,000,000 | -HSD | C] -- C:\Users\Dj-Elroy\AppData\Local\088d9da8 [2011.11.09 12:32:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\WinRAR [2011.11.08 18:33:19 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (18) [2011.11.08 09:44:01 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\dos [2011.11.08 09:27:08 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (17) [2011.11.08 09:11:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Various Artists - GTA Vice City OST - Wildstyle Pirate Radio (2002) [2011.11.08 08:44:53 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (16) [2011.11.07 20:32:45 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Leopard hd install helper v0.3 [2011.11.07 17:18:18 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (15) [2011.11.07 15:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Miray Virtual Disk 1.0.1 [2011.11.07 15:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDClone 4 Professional Edition [2011.11.07 15:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDClone 4 Professional Edition [2011.11.07 15:29:10 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Miray.HDClone.v4.0.4.Pro [2011.11.07 13:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2011.11.07 13:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO [2011.11.07 13:48:40 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Documents\My ISO Files [2011.11.07 13:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2011.11.07 13:48:30 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\UltraISO Premium Edition v9.3.6.2766 [2011.11.07 12:03:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2 [2011.11.07 00:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode [2011.11.06 13:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2011.11.06 13:40:06 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Software4u [2011.11.06 13:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer [2011.11.06 13:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u [2011.11.03 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\20030411[1].sieoffadr.v.2.0.b [2011.11.03 16:00:50 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\Gigaset_Communications_Gm [2011.11.03 16:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync [2011.11.03 16:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigaset QuickSync [2011.11.03 15:59:29 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\Downloaded Installations [2011.11.03 15:45:21 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\Shaw Computer [2011.11.03 15:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\s25atonce [2011.11.03 15:45:14 | 000,313,856 | ---- | C] (ELTIMA Software) -- C:\Windows\SysWow64\SPort.dll [2011.11.03 15:45:14 | 000,094,208 | ---- | C] (DGPDev) -- C:\Windows\SysWow64\CAudioEdit.ocx [2011.11.03 15:45:14 | 000,065,536 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalProgBar6.ocx [2011.11.03 15:45:14 | 000,061,440 | ---- | C] (Software-Entwicklung & Vertrieb) -- C:\Windows\SysWow64\sevSplitterBar.ocx [2011.11.03 15:45:13 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\Windows\SysWow64\ccrpFD6.ocx [2011.11.03 15:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\s25atonce [2011.11.03 15:34:40 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Address book [2011.10.31 12:42:07 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (14) [2011.10.30 01:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.10.30 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\MOS Electro House Sessions 2 [2011.10.29 21:07:18 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Alapalooza [2011.10.29 20:28:52 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ControlMK [2011.10.29 20:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ControlMK [2011.10.29 20:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlMK [2011.10.28 21:46:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM [2011.10.28 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.10.28 21:44:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.10.28 21:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.10.28 21:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games [2011.10.28 18:12:23 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Documents\ICQ [2011.10.28 07:10:09 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\viewtopic.un-Dateien [2011.10.27 22:17:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Download Manager [2011.10.27 21:00:30 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (13) [2011.10.27 20:27:49 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (12) [2011.10.27 18:55:43 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator [2011.10.27 18:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator [2011.10.27 18:55:34 | 004,691,318 | ---- | C] (LinuxLive USB Creator) -- C:\Users\Dj-Elroy\Desktop\LinuxLive USB Creator 2.8.6.exe [2011.10.26 15:40:43 | 000,000,000 | ---D | C] -- C:\Win7x64 [2011.10.25 23:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.10.25 23:13:07 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.10.25 23:13:07 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.10.23 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2011.10.23 22:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ [2011.10.23 22:28:40 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Documents\VirtualDJ [2011.10.23 22:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ [2011.10.23 21:45:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (11) [2011.10.22 21:59:12 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (10) [2011.10.22 20:52:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.10.22 20:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.10.22 20:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.10.22 20:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.10.22 20:17:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\IOAHCIFamily.kext [2011.10.22 20:16:34 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\AppleACPIPlatform.kext [2011.10.22 20:16:28 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\AppleAPIC.kext [2011.10.22 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac [2011.10.22 18:29:49 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\TransMac [2011.10.22 18:29:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TransMac [2011.10.15 21:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.10.15 21:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2011.10.15 21:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.10.15 21:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2011.10.15 21:46:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2011.10.14 19:26:41 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Windows 7 64bit [2011.10.14 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (9) [2011.10.14 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Foxit Software [2011.10.12 22:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhone Folders [2011.10.12 22:41:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (7) [2011.10.12 22:27:29 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\Apple Computer [2011.10.12 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Roaming\Apple Computer [2011.10.12 22:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.10.12 22:27:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.10.12 22:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.10.12 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.10.12 22:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.10.12 22:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.10.12 22:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.10.12 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\AppData\Local\Apple [2011.10.12 22:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.10.12 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011.10.12 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.10.12 22:25:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.10.12 22:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.10.12 22:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.10.12 15:24:14 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Orange octane [2011.10.12 15:23:56 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Rover theme [2011.10.12 14:13:28 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Radio 2.08.50.05 + task29 [2011.10.12 14:05:29 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Pic´s [2011.10.12 14:05:08 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Fallout New Vegas - Music By Inon Zur & Mark Morgan [2011.10.12 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\The Best Of The Worst [2011.10.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Mr Oizo [2011.10.12 14:04:33 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Moonbootica [2011.10.12 14:04:21 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\2Pac - 2004 - Loyal To The Game [2011.10.12 13:32:47 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\android [2011.10.12 13:14:14 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (6) [2011.10.12 13:00:49 | 000,000,000 | ---D | C] -- C:\Users\Dj-Elroy\Desktop\ReactOS-0.3.13-QEMU ========== Files - Modified Within 30 Days ========== [2011.11.10 08:36:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.10 08:36:37 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.10 08:36:37 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.10 08:36:37 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.10 08:36:37 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.10 08:34:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dj-Elroy\Desktop\OTL.exe [2011.11.10 08:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.10 08:31:16 | 000,271,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.10 08:31:01 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2011.11.10 08:29:42 | 000,000,020 | ---- | M] () -- C:\Users\Dj-Elroy\defogger_reenable [2011.11.09 23:07:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 23:07:10 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.09 22:02:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.09 21:55:42 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.09 20:05:11 | 000,001,917 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\xp-AntiSpy.lnk [2011.11.09 06:51:43 | 000,564,312 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\kaffeekaanne.png [2011.11.08 18:31:28 | 585,492,760 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\GTA3_audio.nrg [2011.11.08 17:52:00 | 239,917,336 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\GTAIII.iso.nrg [2011.11.08 17:47:03 | 000,000,241 | ---- | M] () -- C:\Users\Dj-Elroy\Documents\ax_files.xml [2011.11.08 08:52:47 | 1395,191,808 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\GTA_Vice_City.iso [2011.11.07 19:44:02 | 000,001,007 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\TransMac.lnk [2011.11.07 18:19:55 | 1105,461,242 | ---- | M] () -- C:\windows.img.ima [2011.11.07 16:32:32 | 000,108,967 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\headphones3.jpg [2011.11.07 16:31:59 | 000,074,049 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\headphone8.jpg [2011.11.07 16:31:50 | 000,572,048 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\7139457953_p.jpg [2011.11.07 16:28:31 | 001,987,174 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\girl.png [2011.11.07 15:29:20 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\HDClone.lnk [2011.11.07 13:48:41 | 000,001,007 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\UltraISO.lnk [2011.11.07 00:46:39 | 211,483,434 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\backup.reg [2011.11.07 00:37:54 | 000,173,300 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\unbenannt1.jpg [2011.11.06 13:58:18 | 000,000,943 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Audacity.lnk [2011.11.06 13:51:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.06 13:35:33 | 000,002,561 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Folders.lnk [2011.11.03 17:25:36 | 000,001,581 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Backup.Contacts.11.03.11.csv [2011.11.03 16:10:02 | 000,001,834 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Adressen.csv [2011.11.03 16:00:04 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk [2011.11.03 15:45:15 | 000,001,019 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\s25atonce.lnk [2011.11.01 08:17:34 | 729,067,520 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\ubuntu-11.10-desktop-i386.iso [2011.10.31 11:32:37 | 000,047,947 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\usbstick.jpg [2011.10.30 00:26:27 | 000,002,230 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (6) - Verknüpfung.lnk [2011.10.29 20:29:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.10.29 20:01:36 | 162,658,304 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Macpup_525.iso [2011.10.29 14:11:21 | 000,037,923 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\3885913_W700.jpg [2011.10.29 01:22:20 | 000,200,827 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\IMG_29102011_022146.png [2011.10.29 00:51:56 | 000,524,288 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\900HD-ASUS-0122.ROM [2011.10.28 23:48:44 | 074,461,184 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\android-x86-2.2-r2-eeepc.iso [2011.10.28 07:10:12 | 000,040,196 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\viewtopic.un.htm [2011.10.27 21:19:48 | 000,524,288 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\900HD-ASUS-0401.ROM [2011.10.27 18:55:35 | 004,691,318 | ---- | M] (LinuxLive USB Creator) -- C:\Users\Dj-Elroy\Desktop\LinuxLive USB Creator 2.8.6.exe [2011.10.26 15:40:43 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\rt61.sys [2011.10.26 15:40:43 | 000,303,616 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll [2011.10.24 11:53:16 | 000,000,306 | RHS- | M] () -- C:\Users\Dj-Elroy\ntuser.pol [2011.10.23 23:00:58 | 000,001,039 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Virtual DJ Pro.lnk [2011.10.23 22:28:42 | 000,000,953 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Virtual DJ.lnk [2011.10.22 21:13:28 | 052,068,352 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\pirate_efi_x_v0.3.iso [2011.10.19 20:47:19 | 270,250,569 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\iPhone1,2_whited00r441U.ipsw [2011.10.16 19:48:31 | 000,754,328 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\IMG_0007.JPG [2011.10.16 19:48:24 | 000,913,756 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\IMG_0006.JPG [2011.10.16 13:42:34 | 000,001,651 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\iPC_OSx86_10_5_6_Universal_PPF5_Final - Verknüpfung.lnk [2011.10.15 21:48:42 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\DivX Movies.lnk [2011.10.15 21:46:06 | 000,001,007 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\SpeedFan.lnk [2011.10.15 21:46:05 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2011.10.15 09:53:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.10.15 09:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.10.15 09:53:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011.10.14 23:54:52 | 000,321,856 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.13 22:21:19 | 000,768,124 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\Unbenannt.png [2011.10.13 21:29:40 | 000,042,392 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2011.10.13 21:29:40 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2011.10.12 18:56:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.11 21:02:15 | 001,221,076 | ---- | M] () -- C:\Users\Dj-Elroy\Desktop\IMG_11102011_220137.png ========== Files Created - No Company Name ========== [2011.11.10 08:31:06 | 000,271,120 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.10 08:29:42 | 000,000,020 | ---- | C] () -- C:\Users\Dj-Elroy\defogger_reenable [2011.11.09 22:02:11 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.09 21:55:42 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.11.09 20:05:11 | 000,001,917 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\xp-AntiSpy.lnk [2011.11.09 15:19:55 | 692,615,168 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Windows Fundamentals for Legacy PCs - MUI PACK CD2.iso [2011.11.09 06:51:43 | 000,564,312 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\kaffeekaanne.png [2011.11.08 18:28:55 | 585,492,760 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\GTA3_audio.nrg [2011.11.08 17:47:16 | 239,917,336 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\GTAIII.iso.nrg [2011.11.08 08:51:34 | 1395,191,808 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\GTA_Vice_City.iso [2011.11.07 18:06:43 | 1105,461,242 | ---- | C] () -- C:\windows.img.ima [2011.11.07 16:32:31 | 000,108,967 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\headphones3.jpg [2011.11.07 16:31:59 | 000,074,049 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\headphone8.jpg [2011.11.07 16:31:50 | 000,572,048 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\7139457953_p.jpg [2011.11.07 16:28:30 | 001,987,174 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\girl.png [2011.11.07 15:31:14 | 009,127,936 | ---- | C] () -- C:\hdclone.iso [2011.11.07 15:29:20 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\HDClone.lnk [2011.11.07 15:24:06 | 009,127,936 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\hdclone.iso [2011.11.07 13:48:41 | 000,001,007 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\UltraISO.lnk [2011.11.07 00:46:32 | 211,483,434 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\backup.reg [2011.11.07 00:37:54 | 000,173,300 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\unbenannt1.jpg [2011.11.06 13:58:18 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2011.11.06 13:58:18 | 000,000,943 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Audacity.lnk [2011.11.03 16:28:34 | 000,001,581 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Backup.Contacts.11.03.11.csv [2011.11.03 16:08:24 | 000,001,834 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Adressen.csv [2011.11.03 16:00:04 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Gigaset QuickSync.exe.lnk [2011.11.03 15:45:15 | 000,001,019 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\s25atonce.lnk [2011.11.03 15:45:14 | 001,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2011.11.03 15:45:14 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll [2011.11.03 15:45:14 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll [2011.11.03 15:45:14 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011.11.03 15:45:14 | 000,182,784 | ---- | C] () -- C:\Windows\SysWow64\DGVorbis.dll [2011.11.03 15:45:14 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.11.03 15:45:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\MP3DEE.DLL [2011.11.03 15:45:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll [2011.11.03 15:45:14 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kwab.dll [2011.11.03 15:45:13 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\MSOUTL9.OLB [2011.11.01 08:09:33 | 729,067,520 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\ubuntu-11.10-desktop-i386.iso [2011.10.31 11:32:36 | 000,047,947 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\usbstick.jpg [2011.10.30 01:22:05 | 584,806,400 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Windows XP Home SP2 [OEM Edition].ISO [2011.10.30 01:14:42 | 000,001,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.10.30 01:14:42 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.10.30 01:14:42 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.10.30 00:26:27 | 000,002,230 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Neuer Ordner (6) - Verknüpfung.lnk [2011.10.30 00:21:32 | 000,066,104 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Mac Startup Sound.mp3 [2011.10.30 00:17:28 | 662,700,032 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Windows XP Professional SP3 Integrated September 2009 Corporate.iso [2011.10.29 21:10:50 | 205,717,504 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\WinLite.iso [2011.10.29 20:29:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf [2011.10.29 19:59:03 | 162,658,304 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Macpup_525.iso [2011.10.29 14:11:20 | 000,037,923 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\3885913_W700.jpg [2011.10.29 01:22:15 | 000,200,827 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\IMG_29102011_022146.png [2011.10.28 23:47:51 | 074,461,184 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\android-x86-2.2-r2-eeepc.iso [2011.10.28 07:10:08 | 000,040,196 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\viewtopic.un.htm [2011.10.23 23:00:58 | 000,001,039 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Virtual DJ Pro.lnk [2011.10.23 22:28:42 | 000,000,953 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Virtual DJ.lnk [2011.10.22 18:29:50 | 000,001,007 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\TransMac.lnk [2011.10.22 17:32:21 | 000,046,516 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\MacOSX_Media_Background.png [2011.10.16 19:43:41 | 000,913,756 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\IMG_0006.JPG [2011.10.16 19:43:39 | 000,754,328 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\IMG_0007.JPG [2011.10.16 13:42:34 | 000,001,651 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\iPC_OSx86_10_5_6_Universal_PPF5_Final - Verknüpfung.lnk [2011.10.16 01:12:59 | 000,002,048 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Bootable_NoEmulation.img [2011.10.15 21:48:42 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\DivX Movies.lnk [2011.10.15 21:46:06 | 000,001,007 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\SpeedFan.lnk [2011.10.15 21:46:05 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.10.13 21:29:40 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2011.10.12 22:52:41 | 000,002,561 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Folders.lnk [2011.10.12 22:27:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.12 22:26:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.10.12 18:56:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.10.12 14:05:29 | 000,678,158 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\Klassisches Bubble Breaker.apk [2011.10.11 21:01:53 | 001,221,076 | ---- | C] () -- C:\Users\Dj-Elroy\Desktop\IMG_11102011_220137.png [2011.10.07 19:18:19 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.10.07 19:18:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.10.07 19:18:18 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.10.07 19:18:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.10.07 19:18:18 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.09.28 18:52:16 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.09.28 18:52:16 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.09.28 18:52:07 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.09.28 18:52:07 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.09.28 18:45:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.10.14 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Dj-Elroy\AppData\Roaming\Foxit Software [2011.11.09 21:55:28 | 000,000,000 | ---D | M] -- C:\Users\Dj-Elroy\AppData\Roaming\ICQ [2011.11.06 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\Dj-Elroy\AppData\Roaming\Software4u [2011.09.30 07:33:52 | 000,000,000 | ---D | M] -- C:\Users\Dj-Elroy\AppData\Roaming\TeamViewer [2011.11.09 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Dj-Elroy\AppData\Roaming\uTorrent [2009.07.14 06:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.09.28 18:17:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.28 18:17:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.10.07 19:38:17 | 000,000,000 | ---D | M] -- C:\Hauppauge [2011.09.28 18:46:01 | 000,000,000 | ---D | M] -- C:\Intel [2011.10.07 19:05:44 | 000,000,000 | ---D | M] -- C:\MyVideos [2011.09.28 18:29:30 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.09 21:55:41 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.09 23:02:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.09 22:02:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.28 18:17:23 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.28 18:17:24 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.10 08:36:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.28 18:34:53 | 000,000,000 | R--D | M] -- C:\Users [2011.10.26 15:40:43 | 000,000,000 | ---D | M] -- C:\Win7x64 [2011.11.10 08:31:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Hier der extras log OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2011 08:35:21 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dj-Elroy\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,73% Memory free
8,00 Gb Paging File | 6,81 Gb Available in Paging File | 85,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 122,34 Gb Free Space | 41,05% Space Free | Partition Type: NTFS
Drive D: | 575,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 931,51 Gb Total Space | 10,71 Gb Free Space | 1,15% Space Free | Partition Type: NTFS
Computer Name: HAFXNVIDIA | User Name: Dj-Elroy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3e116348-5bec-4119-b3a0-30f2e0614eb3}" = Gigaset QuickSync
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9A431FF-FDB1-40E5-B5F3-215290FD62DE}" = TP-LINK Drahtlos Tool
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client 2.4.3.0
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"ControlMK" = ControlMK 0.232
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Foxit Reader_is1" = Foxit Reader 5.0
"Game Cam XPress" = Game Cam XPress 2.6.0
"HDClone.Professional.4.0.4.1033-{A524A8B6-92C0-4F1E-9DB9-F138A22D6911}" = HDClone 4 Professional Edition
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.8.0 (Full)
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"s25atonce_is1" = s25atonce 3.8.1
"Security Task Manager" = Security Task Manager 1.8d
"SpeedFan" = SpeedFan (remove only)
"TransMac_is1" = TransMac version 10.1
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"xp-AntiSpy" = xp-AntiSpy 3.97-11
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Geändert von Dj-Elroy (10.11.2011 um 09:25 Uhr) |
|
10.11.2011, 12:56
| #2 |
| /// Malware-holic   |  Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs hi, du hast Malwarebytes genutzt, wo sind die logs?
__________________poste alle, zu finden unter malwarebytes, logdateien
__________________ |
|
10.11.2011, 14:09
| #3 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs hier sorry habsch vergessen kind hat mich abgeleckt ^^
__________________da sind jetzt alle drin sowol die von malware und otl und extras |
|
10.11.2011, 14:22
| #4 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2011, 16:29
| #5 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs hoer der lod von combofix :-) |
|
10.11.2011, 16:39
| #6 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs öffne bitte computer, c: qoobox. rechtsklick quarantain, mit winrar zip oder anderem packer packen, hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ --> Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs |
|
10.11.2011, 16:49
| #7 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs ging nich bekomm nen fehler das ich mich im forum melden soll |
|
10.11.2011, 16:51
| #8 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs dann lads mal bei File-Upload.net - Ihr kostenloser File Hoster! hoch link nicht hier im thema reinstellen sondern an mich als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2011, 17:00
| #9 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs nutzt du das system für onlinebanking einkäufe oder sonst was wichtiges, berufliches zb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2011, 17:05
| #10 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs ab und an war lang net mehr im onlinebanking abe zum beispiel für ebay und co nutz ich es warum ? bekommt man das wieder hin ? |
|
10.11.2011, 17:23
| #11 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs nein. du hast ein rootkit auf dem pc, damit ists nicht mehr vertrauenswürdig. du kannst wichtige daten wie bilder musik etc sichern, dann muss es formatiert werden, anleitung bekommst du. dann abgesichert, anleitung bekommst du ebenfalls dannn alle passwörter endern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2011, 18:06
| #12 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs wie schautn das aus mit meiner großen platte die daten könn die drauf bleiben also muss ich blos die system platte formaten ? |
|
10.11.2011, 18:08
| #13 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs genau nur die wo windows drauf ist. und falls du auf ne extra partition instaliert hast auch diese
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.11.2011, 18:11
| #14 |
| | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs naja hab nur windows auf meiner 320gb platte und meine progs und dan auf der 1tb platte mein ganzes anderes zeugs keine instalationen oder ähnliches wen das windoof dan neu drauf is kann ich dan einfach ieine antirootkit soft über die platte laufen lassen ? |
|
10.11.2011, 18:12
| #15 |
| /// Malware-holic | Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs nein, dann sichern wir windows erst mal ab. man muss gar nicht nach dem motto viel hilft viel, arbeiten, sondern nur die richtigen schritte unternehmen um das system sicher zu bekommen. weist du wie das mit dem formatieren läuft, dann kann ich dir die anleitung zum absichern geben wenn du so weit bist. wir prüfen natürlich, nach der absicherung, einmal das system. du solltest deswegen befor das nicht erledigt ist, nichts von der datensicherung aufs neue system kopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows 7 X64 startet Automatisch firefox mit komischen links (anleitung vervolg ich) hier die logs |
| 7-zip, adobe flash player, application/pdf, application/pdf:, bho, bonjour, c:\windows\system32\rundll32.exe, drahtlos, error, explorer, firefox, flash player, format, helper, hijack, hijackthis, install.exe, langs, log, logfile, nvidia update, object, opera, ordner, plug-in, programme, registry, rundll, scan, security, shortcut, version=1.0, vice city, webcheck, windows, windows 7 x64, windows xp, winlogon.exe, yahoo |
Linear-Darstellung
