| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFileWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.02.2012, 18:09
| #1 |
| |  FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile Hallo Gemeinde! Habe seit dem heutigen Tage massive Probleme mit Viren. AntiVir hat 1x EXP/Blacole.DU entfernt und 4 x HTML/Infected.WebPage.Gen2 . Des Weiteren wird ständig HEUR/Modified.SystemFile bei user32.DLL gemeldet. FireFox Version 10.0 geht überhaupt nicht mehr, stürzt sofort ab (auch nach Neuinstallation). Des Weiteren werde ich, wenn ich Links bei Google anklicke, mal eben auf völlig andere Seiten gelenkt wie zb "Heidis Diät Board" , obwohl ich aufs Trojaner-Board wollte :-/ Dazu habe ich im Taskmanager 10 x iexplore.exe, die sofort wiederkommen nach Beenden. Gecrackte Spiele etc sind NICHT auf dem Rechner. Bin im Moment mit Google Chrome unterwegs. Ich weiß nicht mehr weiter...   EDIT: Chrome stürzt jetzt auch gelegentlich ab.. Geändert von Rumpel1986 (07.02.2012 um 18:22 Uhr) |
|
07.02.2012, 18:14
| #2 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile defogger_disable by jpshortstuff (23.02.10.1)
__________________Log created at 18:13 on 07/02/2012 (Jan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- |
|
07.02.2012, 18:19
| #3 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile .
__________________DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22 Run by Jan at 18:14:50 on 2012-02-07 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4055.847 [GMT 1:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService D:\PROGS\AdAware\AAWService.exe C:\Windows\System32\spoolsv.exe D:\PROGS\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork D:\PROGS\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE D:\PROGS\MSI Afterburner\MSIAfterburner.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe D:\PROGS\Skype\Phone\Skype.exe D:\PROGS\Rainlendar2\Rainlendar2.exe D:\PROGS\ICQ\ICQ7.7\ICQ.exe D:\PROGS\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe D:\PROGS\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation D:\PROGS\AdAware\AAWTray.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SysWoW64\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\system32\conhost.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Windows\system32\conhost.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Users\Jan\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Jan\Downloads\OTL.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe C:\Program Files (x86)\Java\jre6\bin\java.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Jan\Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local uRun: [Skype] "D:\PROGS\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Rainlendar2] D:\PROGS\Rainlendar2\Rainlendar2.exe uRun: [ICQ] "D:\PROGS\ICQ\ICQ7.7\ICQ.exe" silent loginmode=4 uRun: [Google Update] "C:\Users\Jan\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [avgnt] "D:\PROGS\Avira\AntiVir Desktop\avgnt.exe" /min mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D97C60C3-93E6-4F8B-9DD2-065F22C3E2AB} : DhcpNameServer = 192.168.2.1 mRun-x64: [avgnt] "D:\PROGS\Avira\AntiVir Desktop\avgnt.exe" /min . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?] R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R2 AntiVirSchedulerService;Avira Planer;D:\PROGS\Avira\AntiVir Desktop\sched.exe [2012-1-5 86224] R2 AntiVirService;Avira Echtzeit Scanner;D:\PROGS\Avira\AntiVir Desktop\avguard.exe [2012-1-5 110032] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-1-5 722616] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;D:\PROGS\AdAware\AAWService.exe [2011-10-28 2152152] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-5 2214504] R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-1-5 2320920] R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;D:\PROGS\AdAware\kernexplorer64.sys [2012-1-5 17152] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTCore64;RTCore64;D:\PROGS\MSI Afterburner\RTCore64.sys [2010-5-27 14648] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-1-5 722616] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-31 235624] . =============== File Associations =============== . JSEFile=NOTEPAD.EXE %1 regfile=NOTEPAD.EXE %1 scrfile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2012-02-07 16:53:15 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-07 16:47:29 855 ----a-w- C:\ProgramData\rszdcaa.tmp 2012-02-07 16:47:16 830 ----a-w- C:\ProgramData\uszdcaa.tmp 2012-02-07 16:38:45 -------- d-----w- C:\Users\Jan\AppData\Local\Google 2012-02-07 16:38:34 -------- d-----w- C:\Users\Jan\AppData\Local\Deployment 2012-02-07 16:38:34 -------- d-----w- C:\Users\Jan\AppData\Local\Apps 2012-02-07 16:36:59 846 ----a-w- C:\ProgramData\qszdcaa.tmp 2012-02-07 16:36:14 895 ----a-w- C:\ProgramData\tszdcaa.tmp 2012-02-07 16:36:09 786 ----a-w- C:\ProgramData\sszdcaa.tmp 2012-02-07 16:22:21 876 ----a-w- C:\ProgramData\ionrbaa.tmp 2012-02-07 16:21:41 851 ----a-w- C:\ProgramData\monrbaa.tmp 2012-02-07 16:21:36 853 ----a-w- C:\ProgramData\lonrbaa.tmp 2012-02-07 16:21:31 841 ----a-w- C:\ProgramData\konrbaa.tmp 2012-02-07 16:21:26 825 ----a-w- C:\ProgramData\jonrbaa.tmp 2012-02-07 16:16:40 -------- d-----w- C:\Windows\SysWow64\wbem\en-US 2012-02-07 16:16:39 -------- d-----w- C:\Windows\System32\wbem\en-US 2012-02-07 16:15:54 -------- d-----w- C:\$UPGRADE.~OS 2012-02-07 16:08:47 800 ----a-w- C:\ProgramData\wokdcaa.tmp 2012-02-07 16:07:16 820 ----a-w- C:\ProgramData\uokdcaa.tmp 2012-02-07 16:05:57 841 ----a-w- C:\ProgramData\yokdcaa.tmp 2012-02-07 16:04:17 812 ----a-w- C:\ProgramData\vokdcaa.tmp 2012-02-07 16:02:15 840 ----a-w- C:\ProgramData\xokdcaa.tmp 2012-02-07 13:43:47 -------- d-----w- C:\Users\Jan\AppData\Roaming\xmldm 2012-02-07 13:31:25 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{719A178E-F4D5-4ED1-A1E7-3A84E35BA099}\mpengine.dll 2012-02-01 23:23:43 -------- d-----w- C:\Users\Jan\riotsGamesLogs 2012-02-01 23:05:34 -------- d-----w- C:\Users\Jan\AppData\Roaming\LolClient 2012-02-01 22:25:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-02-01 22:25:51 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-02-01 22:25:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-02-01 22:22:25 -------- d-----w- C:\Users\Jan\AppData\Local\PMB Files 2012-02-01 22:22:24 -------- d-----w- C:\ProgramData\PMB Files 2012-02-01 22:22:16 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-01-31 19:27:50 -------- d-----w- C:\Program Files\iTunes 2012-01-31 19:27:50 -------- d-----w- C:\Program Files\iPod 2012-01-18 21:07:33 -------- d-----w- C:\Program Files (x86)\vShare.tv plugin 2012-01-18 00:20:35 -------- d-----w- C:\Users\Jan\AppData\Local\ElevatedDiagnostics 2012-01-17 04:54:42 -------- d-----w- C:\Users\Jan\AppData\Roaming\QuickScan 2012-01-17 04:51:53 16432 ----a-w- C:\Windows\System32\lsdelete.exe 2012-01-11 14:36:02 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 14:36:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 14:36:01 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 14:36:01 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 14:36:01 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 14:36:01 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 14:36:00 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 14:36:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll . ==================== Find3M ==================== . 2012-01-26 23:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-05 23:05:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-05 17:28:29 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll 2012-01-05 17:00:18 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-05 16:56:32 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-01-05 16:56:32 660368 ----a-w- C:\Windows\System32\deployJava1.dll 2012-01-05 16:51:27 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-01-05 16:36:59 382056 ----a-w- C:\Windows\System32\nvdecodemft.dll 2012-01-05 16:36:59 314984 ----a-w- C:\Windows\SysWow64\nvdecodemft.dll 2012-01-05 16:36:55 262760 ----a-w- C:\Windows\System32\nvcod1923.dll 2012-01-05 16:36:55 262760 ----a-w- C:\Windows\System32\nvcod.dll 2012-01-05 16:36:53 930272 ----a-w- C:\Windows\System32\dpinst.exe 2011-12-15 14:00:00 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys 2011-12-15 13:59:59 97312 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2008-12-09 15:23:13 52216 --sh--r- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\appconf32.exe . ============= FINISH: 18:15:17,61 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 05.01.2012 17:27:20 System Uptime: 07.02.2012 17:31:38 (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H55-UD3H Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz | Socket 1156 | 2793/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 32 GiB total, 4,938 GiB free. D: is FIXED (NTFS) - 80 GiB total, 59,53 GiB free. E: is FIXED (NTFS) - 443 GiB total, 443,122 GiB free. F: is CDROM (UDF) H: is FIXED (NTFS) - 488 GiB total, 254,25 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Adobe Reader X (10.1.2) - Deutsch Apple Application Support Apple Software Update Avira Free Antivirus Call of Duty: Modern Warfare 3 Call of Duty: Modern Warfare 3 - Dedicated Server Call of Duty: Modern Warfare 3 - Multiplayer ESET Online Scanner v3 Google Chrome Guitar Pro 5.2 ICQ7.7 Intel(R) Management Engine Components iolo technologies' System Mechanic Java(TM) 6 Update 22 JDownloader 0.9 League of Legends Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Thunderbird 9.0.1 (x86 de) MSI Afterburner 2.1.0 NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.3 Pando Media Booster Rainlendar2 (remove only) Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Skype™ 5.6 Steam System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) vShare.tv plugin 1.3 Winamp . ==== End Of File =========================== |
|
07.02.2012, 18:32
| #4 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.02.2012 18:29:51 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jan\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,14% Memory free 7,92 Gb Paging File | 5,98 Gb Available in Paging File | 75,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 31,70 Gb Total Space | 4,94 Gb Free Space | 15,59% Space Free | Partition Type: NTFS Drive D: | 79,99 Gb Total Space | 59,53 Gb Free Space | 74,42% Space Free | Partition Type: NTFS Drive E: | 443,22 Gb Total Space | 443,12 Gb Free Space | 99,98% Space Free | Partition Type: NTFS Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 488,28 Gb Total Space | 254,25 Gb Free Space | 52,07% Space Free | Partition Type: NTFS Computer Name: JAN2-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jan\Downloads\OTL.exe (OldTimer Tools) PRC - D:\PROGS\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - D:\PROGS\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\PROGS\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\PROGS\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - D:\PROGS\AdAware\AAWService.exe (Lavasoft Limited) PRC - D:\PROGS\AdAware\AAWTray.exe (Lavasoft Limited) PRC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) PRC - D:\PROGS\Rainlendar2\Rainlendar2.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - D:\PROGS\MSI Afterburner\MSIAfterburner.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation) PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll () MOD - C:\Users\Jan\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll () MOD - D:\PROGS\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - D:\PROGS\Rainlendar2\Rainlendar2.exe () MOD - D:\PROGS\MSI Afterburner\MSIAfterburner.exe () MOD - D:\PROGS\MSI Afterburner\RTMUI.dll () MOD - D:\PROGS\MSI Afterburner\RTHAL.dll () MOD - D:\PROGS\MSI Afterburner\RTCore.dll () MOD - D:\PROGS\MSI Afterburner\RTUI.dll () MOD - D:\PROGS\MSI Afterburner\RTFC.dll () MOD - D:\PROGS\Rainlendar2\wxmsw28u_xrc_vc_rny.dll () MOD - D:\PROGS\Rainlendar2\wxbase28u_xml_vc_rny.dll () MOD - D:\PROGS\Rainlendar2\wxmsw28u_html_vc_rny.dll () MOD - D:\PROGS\Rainlendar2\wxmsw28u_adv_vc_rny.dll () MOD - D:\PROGS\Rainlendar2\wxmsw28u_core_vc_rny.dll () MOD - D:\PROGS\Rainlendar2\wxbase28u_vc_rny.dll () MOD - D:\PROGS\MSI Afterburner\RTTSH.dll () MOD - D:\PROGS\Rainlendar2\lfs.dll () MOD - D:\PROGS\Rainlendar2\lua51.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- D:\PROGS\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\PROGS\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Lavasoft Ad-Aware Service) -- D:\PROGS\AdAware\AAWService.exe (Lavasoft Limited) SRV - (ioloSystemService) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (ioloFileInfoList) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV - (Lavasoft Kernexplorer) -- D:\PROGS\AdAware\kernexplorer64.sys () DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys () DRV - (RTCore64) -- D:\PROGS\MSI Afterburner\RTCore64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 61 FE 89 8F AD E5 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\PROGS\ITunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: D:\PROGS\Thunderbird\components [2012.01.05 18:00:39 | 000,000,000 | ---D | M] [2012.01.05 17:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.01.28 00:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\wdu5n395.default\extensions [2012.01.28 00:53:04 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\wdu5n395.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\PROGS\ITunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: vshare plugin = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] D:\PROGS\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [ICQ] D:\PROGS\ICQ\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Rainlendar2] D:\PROGS\Rainlendar2\Rainlendar2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97C60C3-93E6-4F8B-9DD2-065F22C3E2AB}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.04.12 10:19:49 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{eb4d430b-397a-11e1-b23e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{eb4d430b-397a-11e1-b23e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.12 10:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.07 17:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.07 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.07 17:38:45 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Google [2012.02.07 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Deployment [2012.02.07 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apps [2012.02.07 17:15:54 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS [2012.02.07 16:57:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.02.07 16:57:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.02.07 16:57:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.07 16:57:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.07 16:57:05 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.07 16:57:05 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.07 16:57:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.07 16:57:05 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.02.07 16:57:05 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.02.07 16:57:05 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.02.07 16:57:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.02.07 16:57:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.02.07 16:57:05 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.02.07 16:57:05 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.02.07 16:57:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.07 16:57:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.07 16:57:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.07 16:57:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.02.07 16:57:05 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.02.07 16:57:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.02.07 16:57:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.07 16:57:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.02.07 16:57:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.02.07 16:57:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.02.07 16:57:05 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.02.07 16:57:05 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.02.07 16:57:05 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.02.07 16:57:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.02.07 16:57:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.02.07 16:57:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.02.07 16:57:05 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.02.07 16:57:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.02.07 16:57:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.02.07 16:57:05 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.02.07 16:57:05 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.02.07 16:57:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.02.07 16:57:05 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.02.07 16:57:05 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.02.07 16:57:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.02.07 16:57:05 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.02.07 16:57:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.02.07 16:57:05 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.07 16:57:05 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.02.07 16:57:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.02.07 16:57:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.02.07 16:57:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.02.07 16:57:05 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.02.07 16:57:05 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.02.07 16:57:05 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.02.07 16:57:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.02.07 16:57:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.02.07 16:57:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.02.07 16:57:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.02.07 16:57:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.02.07 16:57:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.07 16:57:05 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.02.07 16:57:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.02.07 16:57:05 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.02.07 16:57:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.02.07 16:57:05 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.02.07 16:57:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.02.07 16:57:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.02.07 16:57:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.02.07 16:57:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.02.07 16:57:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.02.07 16:57:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.02.07 16:57:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.02.07 16:57:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.02.07 16:57:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.02.07 16:57:04 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.02.07 16:57:04 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.02.07 16:57:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.02.07 14:43:47 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\xmldm [2012.02.02 00:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jan\riotsGamesLogs [2012.02.02 00:05:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\LolClient [2012.02.01 23:25:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.02.01 23:25:51 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.02.01 23:25:51 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.02.01 23:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012.02.01 23:22:25 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\PMB Files [2012.02.01 23:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.02.01 23:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.01.31 20:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.31 20:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.31 20:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.30 23:14:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\ICQ [2012.01.19 21:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5 [2012.01.18 22:07:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin [2012.01.18 03:26:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012.01.18 03:26:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2012.01.18 03:26:31 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2012.01.18 03:26:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2012.01.18 03:26:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2012.01.18 03:26:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2012.01.18 01:20:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\ElevatedDiagnostics [2012.01.17 05:54:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\QuickScan [2012.01.13 18:21:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.11 15:36:02 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2012.01.11 15:36:01 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2012.01.11 15:36:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2012.01.11 15:36:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.01.11 15:36:01 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.01.11 15:36:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012.01.11 15:36:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.07 18:13:28 | 000,000,000 | ---- | M] () -- C:\Users\Jan\defogger_reenable [2012.02.07 17:43:14 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676686127-3970188267-2276968406-1000UA.job [2012.02.07 17:43:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676686127-3970188267-2276968406-1000Core.job [2012.02.07 17:40:34 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 17:40:34 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 17:39:12 | 000,002,268 | ---- | M] () -- C:\Users\Jan\Desktop\Google Chrome.lnk [2012.02.07 17:36:08 | 001,525,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.07 17:36:08 | 000,668,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.07 17:36:08 | 000,619,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.07 17:36:08 | 000,134,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.07 17:36:08 | 000,110,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.07 17:31:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.07 17:31:45 | 3189,362,688 | -HS- | M] () -- C:\hiberfil.sys [2012.02.07 17:16:11 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.02.07 17:16:11 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.02.07 16:57:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2012.02.07 16:57:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2012.02.07 16:57:05 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.07 16:57:05 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.07 16:57:05 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.07 16:57:05 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.07 16:57:05 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.07 16:57:05 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2012.02.07 16:57:05 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2012.02.07 16:57:05 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2012.02.07 16:57:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2012.02.07 16:57:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2012.02.07 16:57:05 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2012.02.07 16:57:05 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2012.02.07 16:57:05 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.07 16:57:05 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.07 16:57:05 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.07 16:57:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2012.02.07 16:57:05 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2012.02.07 16:57:05 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2012.02.07 16:57:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.07 16:57:05 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.02.07 16:57:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2012.02.07 16:57:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2012.02.07 16:57:05 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2012.02.07 16:57:05 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2012.02.07 16:57:05 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2012.02.07 16:57:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2012.02.07 16:57:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2012.02.07 16:57:05 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2012.02.07 16:57:05 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2012.02.07 16:57:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.02.07 16:57:05 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2012.02.07 16:57:05 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2012.02.07 16:57:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2012.02.07 16:57:05 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2012.02.07 16:57:05 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2012.02.07 16:57:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2012.02.07 16:57:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2012.02.07 16:57:05 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2012.02.07 16:57:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2012.02.07 16:57:05 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.07 16:57:05 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2012.02.07 16:57:05 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2012.02.07 16:57:05 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2012.02.07 16:57:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2012.02.07 16:57:05 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2012.02.07 16:57:05 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2012.02.07 16:57:05 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2012.02.07 16:57:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2012.02.07 16:57:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2012.02.07 16:57:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2012.02.07 16:57:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2012.02.07 16:57:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2012.02.07 16:57:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.02.07 16:57:05 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.02.07 16:57:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.07 16:57:05 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2012.02.07 16:57:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2012.02.07 16:57:05 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2012.02.07 16:57:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2012.02.07 16:57:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2012.02.07 16:57:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2012.02.07 16:57:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2012.02.07 16:57:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2012.02.07 16:57:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2012.02.07 16:57:05 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2012.02.07 16:57:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2012.02.07 16:57:05 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2012.02.07 16:57:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2012.02.07 16:57:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2012.02.07 16:57:04 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.02.07 16:57:04 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.02.07 16:57:04 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2012.02.05 17:49:03 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.02.05 17:49:03 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.02.01 23:25:51 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.01.31 20:28:01 | 000,001,531 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.25 22:00:21 | 000,013,232 | ---- | M] () -- C:\Users\Jan\Desktop\StundenplanWS11.ods [2012.01.19 21:35:46 | 000,000,613 | ---- | M] () -- C:\Users\Jan\Desktop\Guitar Pro 5.lnk [2012.01.18 23:14:07 | 000,000,271 | ---- | M] () -- C:\Windows\SysMech.INI [2012.01.13 18:19:18 | 000,025,068 | ---- | M] () -- C:\Users\Jan\Desktop\DPL-02-2012.pdf [2012.01.13 08:23:50 | 000,294,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.10 23:41:48 | 000,008,378 | ---- | M] () -- C:\Users\Jan\Desktop\MDNA.ods [2012.01.10 19:07:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 18:13:28 | 000,000,000 | ---- | C] () -- C:\Users\Jan\defogger_reenable [2012.02.07 17:39:12 | 000,002,268 | ---- | C] () -- C:\Users\Jan\Desktop\Google Chrome.lnk [2012.02.07 17:38:45 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676686127-3970188267-2276968406-1000UA.job [2012.02.07 17:38:45 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-676686127-3970188267-2276968406-1000Core.job [2012.02.07 17:15:10 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.02.07 17:15:10 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.02.07 16:57:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.02.07 16:57:05 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.02.01 23:25:51 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.01.31 20:28:01 | 000,001,531 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.19 21:35:46 | 000,000,613 | ---- | C] () -- C:\Users\Jan\Desktop\Guitar Pro 5.lnk [2012.01.18 23:14:07 | 000,000,271 | ---- | C] () -- C:\Windows\SysMech.INI [2012.01.17 05:51:53 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2012.01.13 18:19:17 | 000,025,068 | ---- | C] () -- C:\Users\Jan\Desktop\DPL-02-2012.pdf [2012.01.10 23:23:41 | 000,008,378 | ---- | C] () -- C:\Users\Jan\Desktop\MDNA.ods [2012.01.10 19:07:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.01.08 18:01:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012.01.08 18:01:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2012.01.05 21:19:46 | 000,000,068 | ---- | C] () -- C:\Windows\Bench32.INI [2012.01.05 18:28:29 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.02.2012 18:29:51 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jan\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 53,14% Memory free
7,92 Gb Paging File | 5,98 Gb Available in Paging File | 75,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 31,70 Gb Total Space | 4,94 Gb Free Space | 15,59% Space Free | Partition Type: NTFS
Drive D: | 79,99 Gb Total Space | 59,53 Gb Free Space | 74,42% Space Free | Partition Type: NTFS
Drive E: | 443,22 Gb Total Space | 443,12 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 488,28 Gb Total Space | 254,25 Gb Free Space | 52,07% Space Free | Partition Type: NTFS
Computer Name: JAN2-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417002FF}" = Java(TM) 7 Update 2 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{E43196CF-182A-4D9E-9CE7-69616DBEE3B0}" = Ad-Aware
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"5513-1208-7298-9440" = JDownloader 0.9
"Afterburner" = MSI Afterburner 2.1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Rainlendar2" = Rainlendar2 (remove only)
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"vShare.tv plugin" = vShare.tv plugin 1.3
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.02.2012 11:25:15 | Computer Name = Jan2-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2012 11:36:00 | Computer Name = Jan2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: ws2_32.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00006182 ID des fehlerhaften
Prozesses: 0x140 Startzeit der fehlerhaften Anwendung: 0x01cce5ae30f6d217 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ws2_32.DLL Berichtskennung: 6f5e5838-51a1-11e1-aaf1-1c6f654b335f
Error - 07.02.2012 11:36:59 | Computer Name = Jan2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
Zeitstempel: 0x4ce79912 Name des fehlerhaften Moduls: ws2_32.DLL, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba68 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000412b ID des fehlerhaften
Prozesses: 0xf4 Startzeit der fehlerhaften Anwendung: 0x01cce5ae54b4eb5d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\ws2_32.DLL Berichtskennung: 92777ee0-51a1-11e1-aaf1-1c6f654b335f
Error - 07.02.2012 11:42:12 | Computer Name = Jan2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.0.4411,
Zeitstempel: 0x4f2548ce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222cb ID des fehlerhaften
Prozesses: 0x224 Startzeit der fehlerhaften Anwendung: 0x01cce5af0f06e65c Pfad der
fehlerhaften Anwendung: D:\PROGS\FF10\firefox.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 4d115855-51a2-11e1-aaf1-1c6f654b335f
Error - 07.02.2012 11:42:55 | Computer Name = Jan2-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 10.0.0.4411,
Zeitstempel: 0x4f2548ce Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222cb ID des fehlerhaften
Prozesses: 0xb90 Startzeit der fehlerhaften Anwendung: 0x01cce5af2904a827 Pfad der
fehlerhaften Anwendung: D:\PROGS\FF10\firefox.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 66cbcf8a-51a2-11e1-aaf1-1c6f654b335f
Error - 07.02.2012 12:17:39 | Computer Name = Jan2-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2012 12:31:51 | Computer Name = Jan2-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2012 12:37:47 | Computer Name = Jan2-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jan\Downloads\SoftonicDownloader_fuer_google-chrome.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 07.02.2012 12:39:52 | Computer Name = Jan2-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jan\Downloads\SoftonicDownloader_fuer_google-chrome.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 07.02.2012 12:53:12 | Computer Name = Jan2-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Jan\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 02.02.2012 20:12:04 | Computer Name = Jan2-PC | Source = bowser | ID = 8003
Description =
Error - 03.02.2012 11:08:09 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 04.02.2012 13:41:40 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 06.02.2012 07:35:48 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 09:27:15 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 11:12:23 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 11:18:28 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 11:25:15 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 12:17:38 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 07.02.2012 12:31:50 | Computer Name = Jan2-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iolo FileInfoList Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
< End of report >
|
|
07.02.2012, 18:56
| #5 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN2-PC [Administrator] 07.02.2012 18:54:14 mbam-log-2012-02-07 (18-54-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200564 Laufzeit: 1 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: (NOTEPAD.EXE %1) Gut: ("%1" /S) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: (NOTEPAD.EXE %1) Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\Windows\Temp\naeri.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\igfxtray.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
07.02.2012, 19:12
| #6 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN2-PC [Administrator] 07.02.2012 19:10:31 mbam-log-2012-02-07 (19-10-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199151 Laufzeit: 1 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
07.02.2012, 19:13
| #7 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile Trotzdem immer noch 10 x iexplore.exe im Taskmanager.. |
|
08.02.2012, 00:02
| #8 |
| | FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile Nun ist auf einmal eine Audio-Werbeanzeige angesprungen...konnte man nicht beenden. |
|
| Themen zu FireFox stürzt sofort ab + Umleitung auf Werbeseiten + user32.dll Modified.SystemFile |
| .dll, andere, board, entfernt, firefox, google, google chrome, heur/modified.systemfile, heutige, html/infected.webpage.gen, iexplore.exe, klicke, links, neuinstallation, nicht mehr, probleme, seite, seiten, sofort, spiele, stürzt, taskmanager, troja, trojaner-board, umleitung, version, werbeseite, wiederkommen, überhaupt |
Linear-Darstellung
