Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.07.2010, 04:17   #1
baoum
 
iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf - Standard

iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf



Sooo, hallo erstmal, ich wende mich vertrauensselig an euch, in der Hoffnung mir kann geholfen werden.

Folgendes Problem unter Win7/64bit:

Vor ein paar Stunden ging von selbst ein Werbefenster auf im iexplorer (ich nutze Opera), woraufhin ich den TaskManager auf etwaige Prozesse untersuchte und fest stellen musste, dass 3-4 iexplore.exe Prozesse offen sind. Diese lassen sich terminieren, öffnen sich jedoch sofort wieder, daher konnte ich weder das Programm deinstallieren, noch die Rechte ändern (zumal es ein Systemprogramm zu sein scheint?!), noch die entspr. Registry Einträge löschen, damit die Pfade nicht mehr gefunden werden können.


Ich habe bisher folgendes gemacht:

1. Avira Antivir 10
Systemcheck: 1 Treffer, welcher aber laut google und Avira-Foren nicht bösartig einzustufen ist

LOG:
Code:
ATTFilter
Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\73c6a248-31fa6c72
[0] Archivtyp: ZIP
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Runner.1458
--> Client.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Runner.1458
Beginne mit der Suche in 'D:\'

Beginne mit der Desinfektion:
C:\Users\Kim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\73c6a248-31fa6c72
    [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Runner.1458
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4855c886.qua' verschoben!


Ende des Suchlaufs: Montag, 12. Juli 2010  03:12
Benötigte Zeit: 36:09 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.
         

2. CC Cleaner
drüberlaufen lassen, dabei bemerkt, dass sehr viele Dateien im \\iexplorer/temp Ordner sind; diese daraufhin manuell gelöscht, wurden aber bald wieder erstellt, daraus schließe ich, dass die Prozesse im Hintergrund Webseiten aufrufen?!

3. HJT.exe
ausgeführt und eine "loader.exe" im Temp gefunden, gleich terminiert und gelöscht, außerdem eine "smss.exe" im Temp gefunden, auch diese beendet und gelöscht.

LOG:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:40:18, on 12.07.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Kim\AppData\Local\Temp\loader.exe
C:\Users\Kim\AppData\Local\Temp\smss.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\EndItAll\enditall.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von ARLT Computer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - Unknown owner - d:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7206 bytes
         

4. MWB
Quick Scan 0 Treffer
Vollständiger Scan 0 Treffer


5. OTL

otl.txt

Code:
ATTFilter
OTL logfile created on: 12.07.2010 04:09:49 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Kim\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 700,00 Gb Total Space | 601,99 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
Drive D: | 231,51 Gb Total Space | 202,63 Gb Free Space | 87,53% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KIMPC
Current User Name: Kim
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Kim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (nmserial) -- C:\Windows\SysNative\DRIVERS\nmserial.sys File not found
DRV:64bit: - (NmPar) -- C:\Windows\SysNative\DRIVERS\NmPar.sys File not found
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (adp3132) -- C:\Windows\SysNative\drivers\adp3132.sys (Adaptec, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (PciIsaSerial) -- C:\Windows\SysNative\drivers\PciIsaSerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\drivers\PciPPorts.sys ()
DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\drivers\PciSPorts.sys ()
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (SPorts) -- C:\Windows\SysNative\drivers\SPorts.sys ()
DRV:64bit: - (PPorts) -- C:\Windows\SysNative\drivers\PPorts.sys ()
DRV:64bit: - (ISASerial) -- C:\Windows\SysNative\drivers\ISASerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 A6 4C 01 8E 09 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.15 02:23:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.10 20:04:52 | 000,000,000 | ---D | M]
 
[2010.06.15 02:23:17 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\mozilla\Extensions
[2010.06.15 02:23:17 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\4ceqq67c.default\extensions
[2010.07.08 19:57:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.09 15:10:05 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [QIP2005] C:\Programme\QIP\qip.exe (The Author of QIP)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.21 19:26:21 | 000,000,057 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6a639c6b-69c9-11df-9ce5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6a639c6b-69c9-11df-9ce5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\OblivionLauncher.exe -- [2006.02.27 16:17:52 | 001,662,976 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\{8c0035c8-8902-11df-9995-e0cb4eba574a}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0035c8-8902-11df-9995-e0cb4eba574a}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{8c0035c9-8902-11df-9995-e0cb4eba574a}\Shell - "" = AutoRun
O33 - MountPoints2\{8c0035c9-8902-11df-9995-e0cb4eba574a}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found
O33 - MountPoints2\{e94ef527-7865-11df-aa62-e0cb4eba574a}\Shell - "" = AutoRun
O33 - MountPoints2\{e94ef527-7865-11df-aa62-e0cb4eba574a}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.12 03:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2010.07.12 03:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.07.12 03:20:35 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Malwarebytes
[2010.07.12 03:20:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.12 03:20:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.12 03:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.12 03:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.12 03:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.07.11 06:36:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion Improved
[2010.07.11 06:34:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2010.07.10 23:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2010.07.08 19:00:41 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010.07.05 17:37:06 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\Haus
[2010.07.02 03:52:15 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\Neverwinter Nights 2
[2010.07.02 01:20:56 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010.07.02 01:07:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mfc42loc.dll
[2010.07.01 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\The Witcher
[2010.07.01 05:54:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher
[2010.06.30 16:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.06.30 16:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.06.30 16:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.06.30 01:37:40 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\Oblivion
[2010.06.26 23:46:13 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\mIRC
[2010.06.26 23:46:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010.06.25 05:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.06.25 05:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.06.21 10:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010.06.21 10:03:08 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\BioWare
[2010.06.21 08:36:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.06.21 08:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.06.21 08:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.06.21 08:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.21 08:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.06.18 06:24:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\runic games
[2010.06.18 06:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2010.06.18 00:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.06.18 00:11:07 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\uTorrent
[2010.06.16 02:20:02 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\FUSSBALL MANAGER 10
[2010.06.15 22:05:27 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\Zattoo
[2010.06.15 22:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2010.06.15 19:16:37 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Avira
[2010.06.15 02:23:11 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Mozilla
[2010.06.15 02:23:11 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\Mozilla
[2010.06.15 02:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer4Free
[2010.06.13 23:12:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.12 04:11:11 | 002,097,152 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT
[2010.07.12 03:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2010.07.12 03:24:08 | 000,006,274 | ---- | M] () -- C:\Users\Kim\Documents\cc_20100712_032404.reg
[2010.07.12 03:23:53 | 000,104,288 | ---- | M] () -- C:\Users\Kim\Documents\cc_20100712_032337.reg
[2010.07.12 03:22:15 | 000,108,840 | ---- | M] () -- C:\Users\Kim\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.12 02:44:40 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.07.11 23:37:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.11 23:37:48 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.11 23:37:48 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.11 23:37:48 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.11 23:37:48 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.11 21:07:23 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 21:07:23 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 20:59:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.11 20:59:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.11 20:59:46 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.11 06:34:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2010.07.10 05:06:10 | 003,899,359 | -H-- | M] () -- C:\Users\Kim\AppData\Local\IconCache.db
[2010.07.08 19:14:53 | 000,026,376 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2010.07.08 19:14:22 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.07.08 19:14:22 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.07.08 19:14:22 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.07.08 19:00:42 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2010.07.08 19:00:42 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2010.07.05 17:36:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.07.05 16:20:35 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.05 16:20:35 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.05 16:16:32 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.07.02 01:20:56 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2010.06.30 23:43:41 | 000,000,071 | ---- | M] () -- C:\Users\Kim\Desktop\listen.pls
[2010.06.26 23:46:13 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.06.25 11:27:14 | 000,139,432 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.06.22 20:57:55 | 000,017,408 | ---- | M] () -- C:\Users\Kim\AppData\Local\WebpageIcons.db
[2010.06.15 02:23:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.12 03:24:05 | 000,006,274 | ---- | C] () -- C:\Users\Kim\Documents\cc_20100712_032404.reg
[2010.07.12 03:23:42 | 000,104,288 | ---- | C] () -- C:\Users\Kim\Documents\cc_20100712_032337.reg
[2010.07.08 19:07:54 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.07.08 19:07:54 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.07.08 19:07:53 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.07.08 19:00:44 | 000,026,376 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010.07.08 19:00:42 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2010.07.05 17:36:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.07.01 06:01:44 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2010.07.01 06:01:43 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2010.07.01 05:35:37 | 3626,303,488 | ---- | C] () -- C:\Users\Kim\Desktop\sr-twe2.iso
[2010.07.01 05:32:35 | 2153,480,191 | ---- | C] () -- C:\Users\Kim\Desktop\sr-twe1.iso
[2010.06.30 23:43:41 | 000,000,071 | ---- | C] () -- C:\Users\Kim\Desktop\listen.pls
[2010.06.30 05:33:17 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.06.26 23:46:13 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.06.25 11:27:14 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.06.15 22:05:26 | 000,017,408 | ---- | C] () -- C:\Users\Kim\AppData\Local\WebpageIcons.db
[2010.06.15 02:23:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.11 07:32:00 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
< End of report >
         

und extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 12.07.2010 04:09:49 - Run 1
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Users\Kim\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 700,00 Gb Total Space | 601,99 Gb Free Space | 86,00% Space Free | Partition Type: NTFS
Drive D: | 231,51 Gb Total Space | 202,63 Gb Free Space | 87,53% Space Free | Partition Type: NTFS
Drive E: | 4,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KIMPC
Current User Name: Kim
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7A23D2C6-6FF9-EBAD-73E2-4717BB08983F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83584F8F-6828-440D-B0B4-52495D5DA803}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9E8605FF-09EA-AAC5-4780-AA6E02EBE06F}" = ccc-utility64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12FD058C-304E-1CEF-EE6A-C9EC49D00AC2}" = Catalyst Control Center Graphics Full New
"{14E640FF-CE46-7966-036E-B82260CF29CF}" = Catalyst Control Center Graphics Light
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A44139B-9C3D-6D55-87A3-B22085DB6428}" = CCC Help German
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{824B6611-48C9-C785-CD73-D7CB82E19A7E}" = Catalyst Control Center Graphics Full Existing
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F412354-CAB2-5A40-8B7D-28C9D6B8E0E2}" = Catalyst Control Center InstallProxy
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{ABA45BF5-39C9-1D1F-0467-C716E4E62336}" = Catalyst Control Center HydraVision Full
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B327B5BD-F3EC-889D-9770-2D40A14A4356}" = Catalyst Control Center Graphics Previews Common
"{BE4F561B-63A9-A47C-9DE1-AF1CF5B1C30F}" = Catalyst Control Center Core Implementation
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C95567EE-BE3F-053F-655B-5FF3340CD08E}" = Catalyst Control Center Graphics Previews Vista
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF7BB-D3E2-1B19-6099-776A23DAF088}" = ccc-core-static
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE872CED-2C0F-F0D0-AFCF-B1D35450796B}" = Catalyst Control Center Localization All
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"CCleaner" = CCleaner
"Chaos Empire®" = Chaos Empire® 7.69
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Diablo II" = Diablo II
"EndItAll_is1" = EndItAll 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenAL" = OpenAL
"TeamViewer 5" = TeamViewer 5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2010 11:14:57 | Computer Name = KimPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Oblivion.exe, Version: 1.2.0.214,
 Zeitstempel: 0x45d4c5a7  Name des fehlerhaften Moduls: Oblivion.exe, Version: 1.2.0.214,
 Zeitstempel: 0x45d4c5a7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000544e  ID des fehlerhaften
 Prozesses: 0x2e0  Startzeit der fehlerhaften Anwendung: 0x01cb1866ff232951  Pfad der
 fehlerhaften Anwendung: D:\Oblivion\Oblivion.exe  Pfad des fehlerhaften Moduls: D:\Oblivion\Oblivion.exe
Berichtskennung:
 3de88709-845a-11df-a4a8-e0cb4eba574a
 
Error - 30.06.2010 12:54:51 | Computer Name = KimPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Oblivion.exe, Version: 1.2.0.214,
 Zeitstempel: 0x45d4c5a7  Name des fehlerhaften Moduls: Oblivion.exe, Version: 1.2.0.214,
 Zeitstempel: 0x45d4c5a7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000544e  ID des fehlerhaften
 Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01cb1874f2ae09c3  Pfad der
 fehlerhaften Anwendung: D:\Oblivion\Oblivion.exe  Pfad des fehlerhaften Moduls: D:\Oblivion\Oblivion.exe
Berichtskennung:
 32cd044e-8468-11df-a4a8-e0cb4eba574a
 
Error - 01.07.2010 02:12:22 | Computer Name = KimPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 01.07.2010 15:08:42 | Computer Name = KimPC | Source = Application Hang | ID = 1002
Description = Programm witcher.exe, Version 1.4.5.1280 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a1c    Startzeit: 
01cb19504ffd7fd4    Endzeit: 49    Anwendungspfad: D:\The Witcher Enhanced Edition\System\witcher.exe

Berichts-ID:
   
 
Error - 01.07.2010 19:10:55 | Computer Name = KimPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.2.0.722,
 Zeitstempel: 0x3d3c453e  Name des fehlerhaften Moduls: ~df394b.tmp, Version: 0.0.0.0,
 Zeitstempel: 0x3c76503b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005becb  ID des fehlerhaften
 Prozesses: 0x1398  Startzeit der fehlerhaften Anwendung: 0x01cb1972a32da524  Pfad der
 fehlerhaften Anwendung: D:\Morrowind\Morrowind.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Kim\AppData\Local\Temp\~ef0706\~df394b.tmp  Berichtskennung: e6166e9c-8565-11df-a4a8-e0cb4eba574a
 
Error - 01.07.2010 19:12:26 | Computer Name = KimPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Morrowind.exe, Version: 1.2.0.722,
 Zeitstempel: 0x3d3c453e  Name des fehlerhaften Moduls: ~df394b.tmp, Version: 0.0.0.0,
 Zeitstempel: 0x3c76503b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005becb  ID des fehlerhaften
 Prozesses: 0xcd0  Startzeit der fehlerhaften Anwendung: 0x01cb1972da33af96  Pfad der
 fehlerhaften Anwendung: D:\Morrowind\Morrowind.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Kim\AppData\Local\Temp\~ef7015\~df394b.tmp  Berichtskennung: 1c9bd744-8566-11df-a4a8-e0cb4eba574a
 
Error - 01.07.2010 20:50:31 | Computer Name = KimPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nwmain.exe, Version: 1.6.8.0, Zeitstempel:
 0x44d3cdfb  Name des fehlerhaften Moduls: atioglxx.dll, Version: 6.14.10.9756, Zeitstempel:
 0x4bbbe9f5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00766377  ID des fehlerhaften Prozesses:
 0x5a4  Startzeit der fehlerhaften Anwendung: 0x01cb19767a7b40f7  Pfad der fehlerhaften
 Anwendung: D:\Neverwinter Nights\nwmain.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\atioglxx.dll
Berichtskennung:
 d04e1068-8573-11df-a4a8-e0cb4eba574a
 
Error - 01.07.2010 21:52:28 | Computer Name = KimPC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 02.07.2010 00:30:00 | Computer Name = KimPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.07.2010 10:40:30 | Computer Name = KimPC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 28.06.2010 14:37:03 | Computer Name = KimPC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.06.2010 17:01:55 | Computer Name = KimPC | Source = bowser | ID = 8003
Description = 
 
Error - 01.07.2010 00:01:44 | Computer Name = KimPC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 01.07.2010 00:01:44 | Computer Name = KimPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 01.07.2010 08:40:10 | Computer Name = KimPC | Source = bowser | ID = 8003
Description = 
 
Error - 02.07.2010 11:53:33 | Computer Name = KimPC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 02.07.2010 11:53:33 | Computer Name = KimPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 02.07.2010 12:11:45 | Computer Name = KimPC | Source = BROWSER | ID = 8032
Description = 
 
Error - 05.07.2010 10:14:18 | Computer Name = KimPC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 05.07.2010 10:14:18 | Computer Name = KimPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
 
< End of report >
         



Die iexplore.exe Prozesse gehen weiterhin auf und der Temp Ordner füllt sich ewiterhin fleißig mit Dateien.

HILFE!!!



Edit:
die Temp Dateien werden geschrieben in "%AppData\Local\Microsoft\Windows\Temporary Internet Files", ich weiß nicht ob das so sein sollte
hier werden auch cookies gesetzt, auf mehrere Seiten, die ich größtenteils kenne, allerdings nicht alle.
Mir scheint allerdings, das sind alles verlinkte Seiten von der Startsete vom iexplorer (msn.com); daher hab ich die Startseite jetzt mal auf about:blank gesetzt und werde beobachten was passiert

Edit 2:
mir scheint, als würden nun keine Seiten mehr aufgerufen werden, bzw. wohl nur die Startseite (also blank), denn es werden keine temp Dateien mehr erstellt

Geändert von baoum (12.07.2010 um 04:37 Uhr)

Alt 12.07.2010, 18:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf - Standard

iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf



Hallo und

Das Verhalten ist zwar bekannt aber hab ich so noch nicht auf 64-Bit-Systemen gesehen
Post mal die Malwarebytes-Logfiles obwohl nichts gefunden wurde.
__________________

__________________

Alt 13.07.2010, 15:20   #3
baoum
 
iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf - Standard

iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf



Das Problem ist inzwischen gelöst, ich weiß allerdings nicht warum.
__________________

Antwort

Themen zu iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf
64-bit, antivir, antivir guard, ask toolbar, ask.com, aufrufe, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, components, desktop, error, firefox, firefox.exe, flash player, hijack, hijackthis, home, home premium, iastor.sys, iexplore.exe, install.exe, java-virus, jdownloader, langs, league of legends, local\temp, location, logfile, malwarebytes' anti-malware, media center, microsoft office word, oldtimer, otl logfile, otl.exe, popup, problem, programdata, realtek, registry, richtlinie, saver, searchplugins, security, shell32.dll, shortcut, software, sptd.sys, syswow64, taskmanager, teamspeak, vdeck.exe, vlc media player, von selbst, webcheck, werbefenster, windows, ändern



Ähnliche Themen: iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf


  1. Firefox startet automatisch und ruft selbständig Internetseiten auf
    Plagegeister aller Art und deren Bekämpfung - 15.01.2015 (2)
  2. Google Chrome: Seiten öffnen sich unerwünscht
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (31)
  3. Chrome startet von alleine und ruft Webseite mit Trojaner Warnung auf
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (3)
  4. iexplore.exe läuft mehrfach im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (3)
  5. Internet iexplore.exe läuft einfach im Hintergrund
    Alles rund um Windows - 01.09.2012 (1)
  6. "Licensevalidator.exe" u.A. in den Anwendungsordnern - iexplore.exe startet im hintergrund.
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (32)
  7. iexplore.exe startet im hintergrund und etwas sendet an 64.120.141.163
    Log-Analyse und Auswertung - 02.10.2011 (7)
  8. Google ruft falsche Seiten auf & Bluescreen beim runterfahren.
    Log-Analyse und Auswertung - 25.12.2010 (9)
  9. System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (16)
  10. iexplore.exe startet unaufgefordert und im Hintergrund automatisch!
    Log-Analyse und Auswertung - 09.07.2010 (10)
  11. iexplore.exe startet im hintergrund
    Log-Analyse und Auswertung - 03.07.2010 (9)
  12. Internet Explorer startet, ohne dass ich das will und ruft irgendwelche Seiten auf
    Log-Analyse und Auswertung - 21.06.2010 (1)
  13. Ständig öffnen sich unerwünscht neue Fenster/Internet-Seiten
    Log-Analyse und Auswertung - 05.12.2009 (5)
  14. PC verseucht mit Viren, PC startet unerwünscht neu
    Log-Analyse und Auswertung - 27.07.2009 (39)
  15. bei mir öffnen sich dauernd iexplore.exe im hintergrund
    Log-Analyse und Auswertung - 12.01.2009 (2)
  16. iexplore.exe im hintergrund und office installation?
    Log-Analyse und Auswertung - 21.11.2007 (11)
  17. Browser ruft andere Seiten auf als gewünscht - Bitte um Hilfe
    Log-Analyse und Auswertung - 18.02.2006 (1)

Zum Thema iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf - Sooo, hallo erstmal, ich wende mich vertrauensselig an euch, in der Hoffnung mir kann geholfen werden. Folgendes Problem unter Win7/64bit: Vor ein paar Stunden ging von selbst ein Werbefenster auf - iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf...
Archiv
Du betrachtest: iexplore.exe startet unerwünscht im Hintergrund, ruft dabei Seiten auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.